Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 8.1: Firefox verlinkt von Google auf falsche Webseiten (https://www.trojaner-board.de/182273-windows-8-1-firefox-verlinkt-google-falsche-webseiten.html)

fixnroxy 09.10.2016 09:52
Windows 8.1: Firefox verlinkt von Google auf falsche Webseiten
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,
bei der Google Suche werden falsche Websiten verlinkt und es öffnen sich neue Fenster statt eines neuen Tab.

Mein Freundin hatte Avira durchlaufen lassen und es gab auch mehrere Funde, bei dem Versuch die Funde in Quarantäne zu verschieben hat sich Avira aufgehangen. Unter "Ereignisse" lassen sich auch keine Funde mehr finden.

vielen Dank schonmal für eure Mühe
FRST:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
durchgeführt von Roxy (Administrator) auf ROXYSPC (09-10-2016 10:08:52)
Gestartet von C:\Users\Roxy\Downloads
Geladene Profile: Roxy (Verfügbare Profile: Roxy)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-03-26] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [830064 2016-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25242560 2016-09-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\Run: [Spotify Web Helper] => C:\Users\Roxy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-25] (Spotify Ltd)
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\Run: [Spotify] => C:\Users\Roxy\AppData\Roaming\Spotify\Spotify.exe [6795376 2016-09-25] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
Startup: C:\Users\Roxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk [2016-10-09]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49928;https=127.0.0.1:49928
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{78E2F4C8-CE86-4774-A03A-38E6EDA6EAB1}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FE0DF54E-1611-4112-8F86-8D9005389837}: [DhcpNameServer] 40.32.1.67 40.32.1.67

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default [2016-10-09]
FF Homepage: Mozilla\Firefox\Profiles\37u48bk9.default -> about:home
FF Extension: (download addon) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{9b47e9a8-33da-4702-afb4-0629faf221a1}.xpi [2016-05-20] [ist nicht signiert]
FF Extension: (MPEG4 Notifier Pro) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{b2d8897b-71d4-4297-8a2a-4623c6685124}.xpi [2015-12-27] [ist nicht signiert]
FF Extension: (Adblock Plus) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [989696 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1454720 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-13] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-30] (Windows (R) Win 7 DDK provider)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1616160 2014-03-26] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-28] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [111336 2014-04-28] (GenesysLogic)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-20] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-10-09 10:08 - 2016-10-09 10:10 - 00022528 _____ C:\Users\Roxy\Downloads\FRST.txt
2016-10-09 10:08 - 2016-10-09 10:08 - 00000000 ____D C:\FRST
2016-10-09 10:07 - 2016-10-09 10:07 - 02405376 _____ (Farbar) C:\Users\Roxy\Downloads\FRST64.exe
2016-10-04 18:18 - 2016-10-04 18:18 - 01764426 _____ C:\Users\Roxy\Documents\Timos Praktikumsbescheinigungen.pdf
2016-10-04 15:46 - 2016-10-04 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-30 19:44 - 2016-09-30 19:44 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe
2016-09-30 19:38 - 2016-09-30 19:38 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys
2016-09-30 19:38 - 2016-09-30 19:38 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys
2016-09-30 19:38 - 2016-09-30 19:38 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys
2016-09-24 18:42 - 2016-09-24 18:42 - 00001118 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-09-14 09:48 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 09:48 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 09:48 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 09:48 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-14 09:48 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 09:48 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 09:48 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 09:48 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 09:48 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 09:48 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 09:48 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 09:48 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 09:48 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 09:48 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 09:48 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 09:48 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 09:48 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 09:48 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 09:48 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 09:48 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 09:48 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 09:48 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 09:48 - 2016-08-26 06:41 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-09-14 09:48 - 2016-08-26 06:00 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-09-14 09:48 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-14 09:48 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 09:48 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 09:48 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-14 09:48 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 09:48 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-14 09:48 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-14 09:48 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 09:48 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 09:48 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 09:48 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 09:48 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 09:46 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 09:46 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 09:46 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 09:46 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 09:46 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 09:46 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 09:46 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 09:46 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 09:46 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 09:46 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 09:46 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 09:46 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 09:46 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 09:46 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 09:46 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 09:46 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 09:46 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-14 09:46 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 09:46 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-14 09:46 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 09:46 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-14 09:46 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-14 09:46 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-09-14 09:46 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-09-14 09:46 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-14 09:46 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-14 09:46 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-14 09:46 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-09-14 09:46 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2016-09-14 09:46 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-14 09:46 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2016-09-14 09:46 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-09-14 09:46 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-09-14 09:46 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-09-14 09:46 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-09-14 09:46 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-09-14 09:46 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-14 09:46 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-09-14 09:46 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2016-09-14 09:46 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-14 09:46 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-09-14 09:46 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-09-14 09:46 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2016-09-14 09:46 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-09-14 09:46 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-09-14 09:46 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-14 09:46 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2016-09-14 09:46 - 2016-07-04 05:37 - 02897920 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-09-14 09:46 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-09-14 09:46 - 2016-07-04 05:04 - 02539008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-09-14 09:46 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-09-14 09:46 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-14 09:46 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2016-09-14 09:46 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2016-09-14 09:46 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-10-09 10:02 - 2014-10-23 20:40 - 00000000 ___RD C:\Users\Roxy\OneDrive
2016-10-09 09:59 - 2016-06-13 21:38 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-09 09:58 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-09 09:57 - 2014-10-18 04:19 - 00000000 ____D C:\Users\Roxy
2016-10-09 09:57 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-05 09:43 - 2016-06-13 21:38 - 00001226 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-05 09:38 - 2014-10-19 12:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-04 23:05 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-10-04 16:06 - 2014-10-18 04:26 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1070502710-3685973896-1333799553-1001
2016-10-04 15:46 - 2016-06-13 21:38 - 00000000 ____D C:\Users\Roxy\AppData\Local\Dropbox
2016-10-04 15:46 - 2016-06-13 21:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-28 11:51 - 2014-10-18 14:22 - 00000000 ____D C:\Users\Roxy\AppData\Local\Spotify
2016-09-28 11:21 - 2014-10-18 14:22 - 00000000 ____D C:\Users\Roxy\AppData\Roaming\Spotify
2016-09-28 09:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-09-28 09:29 - 2014-10-18 05:18 - 00000000 ____D C:\Users\Roxy\AppData\Local\CrashDumps
2016-09-26 13:24 - 2014-08-10 12:04 - 00765582 _____ C:\Windows\system32\perfh007.dat
2016-09-26 13:24 - 2014-08-10 12:04 - 00159366 _____ C:\Windows\system32\perfc007.dat
2016-09-26 13:24 - 2014-03-18 12:03 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-26 13:19 - 2013-08-22 16:44 - 00492368 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-26 13:09 - 2014-03-18 11:45 - 00000000 ____D C:\Windows\ShellNew
2016-09-26 13:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-26 13:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup
2016-09-25 09:12 - 2014-10-23 19:32 - 00000000 ____D C:\Windows\system32\MRT
2016-09-25 09:07 - 2014-10-23 19:32 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-25 09:06 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-24 18:42 - 2016-05-28 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-24 18:42 - 2016-01-15 19:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-24 17:33 - 2014-10-20 17:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-09-24 17:33 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-24 17:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-24 17:31 - 2014-11-14 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-24 17:30 - 2014-11-14 11:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-24 17:30 - 2014-11-14 11:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-24 17:22 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini
2016-09-13 10:38 - 2014-10-19 12:42 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 10:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 10:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-03 01:05 - 2014-11-03 01:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-10 02:38 - 2014-08-10 02:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Roxy\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\Roxy\AppData\Local\Temp\AOPSetup.exe
C:\Users\Roxy\AppData\Local\Temp\avgnt.exe
C:\Users\Roxy\AppData\Local\Temp\COMAP.EXE
C:\Users\Roxy\AppData\Local\Temp\HPPSdr.exe
C:\Users\Roxy\AppData\Local\Temp\oct13B3.tmp.exe
C:\Users\Roxy\AppData\Local\Temp\oct5717.tmp.exe
C:\Users\Roxy\AppData\Local\Temp\optprosetup.exe
C:\Users\Roxy\AppData\Local\Temp\ose00000.exe
C:\Users\Roxy\AppData\Local\Temp\ose00001.exe
C:\Users\Roxy\AppData\Local\Temp\Quarantine.exe
C:\Users\Roxy\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-09-28 08:39

==================== Ende von FRST.txt ============================
Addition:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-10-2016
durchgeführt von Roxy (09-10-2016 10:10:57)
Gestartet von C:\Users\Roxy\Downloads
Windows 8.1 (Update) (X64) (2014-10-18 02:19:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1070502710-3685973896-1333799553-500 - Administrator - Disabled)
Gast (S-1-5-21-1070502710-3685973896-1333799553-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1070502710-3685973896-1333799553-1003 - Limited - Enabled)
Roxy (S-1-5-21-1070502710-3685973896-1333799553-1001 - Administrator - Enabled) => C:\Users\Roxy

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2011.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.02.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 11.4.21 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\Pokki_76f57b4f4c47bb9be5a61f33564f4ce99c295a7c) (Version: 1.0.0.47502 - Pokki)
Dropbox Update Helper (x32 Version: 1.3.43.1 - Dropbox, Inc.) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.1 - Genesys Logic)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 de)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Grafiktreiber 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{FD1F398D-BD56-43E6-8E58-707857AC9A8C}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4D388B3-8FB2-4633-A58E-285108713FB1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{C4D388B3-8FB2-4633-A58E-285108713FB1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{C4D388B3-8FB2-4633-A58E-285108713FB1}) (Version:  - Microsoft)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0692C379-F47D-4B8A-803F-21AA3547BCD1} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1449BDB3-BFEB-4269-95FE-B2221D1CAE32} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {1BDD1304-A5D0-49B6-AC76-9ECBABCEE7C5} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {1EA3EFD4-E3E4-460C-93E4-BCD43CA078F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {35276026-680D-49BF-94B1-91098B6A18F2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-10-20] (Acer)
Task: {5AFF5723-57A8-447B-8656-E823AB4AE77F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6324612D-0EBE-4267-8926-62F4C7224B57} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6DD03667-4424-4D20-89CA-296485F9DFB3} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {7E801D45-EFE3-43EA-85FE-D0B74C1A914D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-13] (Dropbox, Inc.)
Task: {8801C100-9FA8-48D3-99A6-C7436C1A0183} - System32\Tasks\{3FA4E014-1866-4471-8784-4CE5FDD42245} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe"
Task: {90D13726-8046-4D26-BFAE-E5AA13D112F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {947737E2-3C56-4848-9F3F-9AD62866346C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-09-25] (Microsoft Corporation)
Task: {9E6AA8C1-5B95-49E3-89CD-A50F9A3B1280} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {A32B245C-FEC7-4384-8DB3-D6E40B69635C} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {B7A6152F-B8A2-4387-B50E-4EE471DDB453} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-13] (Dropbox, Inc.)
Task: {BDD7E3DA-F247-47E7-801E-AE69337BBED2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {BFB4F2D7-7222-436E-B11F-5DE8E33A0A26} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {EA3F60A6-5B32-4A75-86CE-D56BDC807B51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-08-10 02:40 - 2014-03-24 14:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-10 03:06 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2016-06-13 21:40 - 2016-09-09 02:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-04 15:46 - 2016-09-09 02:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-04 15:46 - 2016-09-09 02:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-04 15:46 - 2016-09-09 02:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-06-13 21:40 - 2016-09-09 02:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-06-13 21:40 - 2016-09-09 02:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-06-13 21:40 - 2016-09-30 19:44 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-06-13 21:40 - 2016-09-09 02:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-06-13 21:40 - 2016-09-09 02:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-07 09:45 - 2016-09-30 19:44 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-04 15:46 - 2016-09-09 02:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-04 15:46 - 2016-09-09 02:55 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-06-13 21:40 - 2016-09-30 19:44 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-07 09:45 - 2016-09-30 19:44 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-07 09:45 - 2016-09-09 02:54 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-06-13 21:40 - 2016-09-30 19:44 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-13 21:40 - 2016-09-30 19:44 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-13 21:40 - 2016-09-30 19:44 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-06-13 21:40 - 2016-09-30 19:44 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-06-13 21:40 - 2016-09-30 19:44 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-04 15:46 - 2016-09-09 02:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-04 15:46 - 2016-09-30 19:43 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-04 15:46 - 2016-09-30 19:43 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-06-13 21:40 - 2016-09-09 02:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-04 15:46 - 2016-09-30 19:44 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-04 15:46 - 2016-09-30 19:43 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-07 09:45 - 2016-09-30 19:44 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-04 15:46 - 2016-09-09 02:58 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-04 15:46 - 2016-09-09 02:58 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-06-13 21:40 - 2016-09-09 02:55 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-07 09:45 - 2016-09-30 19:44 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2014-08-10 02:42 - 2013-12-10 01:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1001movie.com -> 1001movie.com

Da befinden sich 6088 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roxy\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\StartupApproved\Run: => "Spotify"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{262A5919-E5B1-439A-AE72-E366750707DE}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8DB348F3-0F77-40F7-831C-DD9B40C8A373}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{176DC937-4EA3-4B99-B17F-DA742CDCD1D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F36F0F28-E934-4DF0-A51E-01E2DB22A1B5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{581A077E-73E5-4466-92EF-7D6359AF57A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6A597CE8-A790-4257-8273-A04AC4420219}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A2EFA8C6-C694-473E-9491-B44DE5213B23}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0F9A8ECB-B678-4362-B3F9-717EBA6B7DC5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4D4CA22B-D9EA-44CE-B80D-43CD79E67EA8}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E2713E33-268C-4151-AF82-ADA9D351C250}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C6A8F975-0FBC-4384-9746-AA04805A34DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1FC16DB7-9DE2-4A55-A774-FCBCBF5704EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{03ACCB66-0763-48CE-A62D-7DBF4673236B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{38BA2756-3C73-4E7B-8702-9492CA1B905A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CC6EDDED-6751-4E7D-912F-15E681E00D3C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{5B90DBDF-079A-4EE7-9080-6A0024F814F6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4047CBF4-0461-4A19-B7B9-473E83324E13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{B52D4761-364E-4432-9803-23A31E5EAD89}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{5C1804D8-B391-4913-858F-D818370EE067}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B26C685E-76CC-40F4-888B-9FFA00923F7E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{DD9252DB-BFBB-41F0-9835-BF47EF84DA48}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2761BEA5-C893-4C48-A003-80F228D10F87}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{D8345E48-337D-4292-BEC6-9C72BF4B97A4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{298FC49D-C29F-4FC0-8278-DC405A132B06}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{15B4884B-2726-4031-A46A-4C973D18BAA3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{273CCA38-DE11-44B5-B287-03976E2772D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{5D1EEA64-0A66-4046-9689-D69E3527F967}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{D82516AC-9A85-4C3D-97E9-8503946E2199}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{22D36947-5429-4B34-86CB-2BCD9B2BAD97}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CCBB9D5F-559F-4959-A93B-922824D415AA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{94520434-6D52-4E3C-BD89-A2078A0E7B13}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{58904A97-66B9-47EE-8842-41B3E66B2176}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{B381C194-2EEC-4716-8517-7219857290CA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{32A24B8F-FD29-40E1-986A-76BBCCCA2152}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{33CCFA5E-C9DF-49A2-9BBD-C7723BFA64BB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{98980662-79D5-4529-A44C-070FD6916C1F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{8E99541D-5854-4A9C-95FF-5DCFFF22ABFE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{EBC3588A-E803-407A-BFFD-6DE4968259FB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{963DD381-8C9B-4D5C-A1DB-35AF7A07DCE0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{F0710F71-DD80-4EA0-8C0F-093B1EA961CF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{69633FC3-4210-4572-88C7-E0EBBBC80097}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52F2B8C8-7852-4B5D-8C48-39F26B15043B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B800E3D0-681D-467C-948A-EC7D37711F0D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{322E9C96-5D7F-4AF4-8715-D3FA53F06886}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5EC85835-2CD9-4D65-85FB-706790E77CA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8358D37E-06DB-4062-8E52-B1A4C073A8F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{42CA62FC-AD76-4B10-A5D7-24AE7E1D00C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{FF455CA0-3F78-4F4E-9BFA-19A1E3FAC727}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{51607E45-6433-4067-8288-13519718F3A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{88C317C8-A00B-4670-B5A2-8FC40AA09BCF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AB264847-8CB5-4B76-A24B-5B544ED373D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAFF0F56-590D-4E6D-908B-954003B994AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{17A23AC7-B83F-411B-8CCA-6580D17930A3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{938818FC-757D-49D0-8714-6E0BE1581E4E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4BD65EC9-FEEA-459C-947D-13E61F014592}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{81D11DDC-BE74-4E71-ABFC-EEBFDCFD8D74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{37970989-CF7B-48AC-93F5-F2E2C8D68D0F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4EA1A20F-A346-4DC9-9E0A-CCB75328070E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{695CDC50-67C1-45EB-B2B4-F36B2D50257F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{1C2A9B3F-4859-4277-A686-C117513433D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C4EE6440-1ACD-4CB6-AE53-5AEEF1D27F40}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C52B29D9-8A9E-4985-A9B9-ED8B3535C2FD}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\KMSpico\cert\debitis.exe
FirewallRules: [{887147C1-85E2-481F-B92B-8DA23D41CBE4}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\KMSpico\cert\debitis.exe
FirewallRules: [{C46E1036-DE01-4FA9-9A4D-E41273BFE964}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A607DA1E-9D91-4877-ADC1-71A2C13DA59F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5CC78DF6-495F-4EF6-94F3-1CE2602BF82E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E95CA1A3-AE2F-4099-918D-C06A01FEED17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EAD0EA01-3702-4435-ACB4-ED321DA2363F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A2F47C1E-B27C-4962-84FD-65459DEF816B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EDD4331B-ADA4-4E12-9E4B-DAAA49ED8C91}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6399CDA0-C791-4570-9A6D-4688A518DE6D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{51E2B8CA-81B4-4F4F-AF44-0AAA8A97708E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9A662479-EBE1-458F-9317-A7194F7E590F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0367D0EA-8AD5-4078-B43A-7D93278AB631}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{16A9C186-7686-4359-A6CF-CB57FFF3AD11}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{108787A8-2FF8-4559-B339-5A59DE99A96C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D951D056-3A3C-4987-A28C-85B7D049240D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E3E2D011-FD44-4DDF-A350-9D880D84C349}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{85B4DF10-F55C-4B7A-AA99-D7AC157DBFA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{886233B0-E99A-4CFD-B81D-A7B19ED86D03}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{FA3C1BE3-B4D2-491F-B60D-AACE0FE49E47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51BBA38A-37BB-4815-837A-ABADFF96A093}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3C7DFB03-8832-4472-8637-57C2CB483590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F182CA9-3870-47DB-A618-24313042D505}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{3BF35386-4C19-4931-BCF8-A6B9033206D1}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{12E124B5-BE0D-4BCE-A8EC-D06B232D75BF}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3D56511A-995C-46D1-8F0A-FD979942C289}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C63CE034-8D28-4797-9996-90461D7CCB2C}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A63D8471-0E2F-4102-A68F-7E256BB86DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{97A0D091-A12B-4A56-91FE-C53ED0879A9A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{044382D6-D437-4EDA-B39B-7BACC2659802}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B39E7A3A-DFC3-436F-8637-26E37DC21D45}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{53941CC1-1715-4A90-981E-FDADC0F4D6C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D4E632F-0623-4421-9DA7-7F9BA6D5EA9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{70E42BA7-7F72-4DFB-9B80-3CBA313916A7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0B7FCD43-62CA-498A-872D-3637693BB89C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{00CF513D-1CFE-4400-9EE4-929C403D2C79}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{59C13D73-D934-49BB-A0BF-3F9AF376DC05}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A1C4746C-05E8-4B79-A532-530ED2F56F16}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS13D2\HPDiagnosticCoreUI.exe
FirewallRules: [{C6687C5B-C00C-4269-B377-DE8DF59EF106}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS13D2\HPDiagnosticCoreUI.exe
FirewallRules: [{D5DDFAAE-A217-40BB-AF64-320243A85828}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB768125-0ED7-4818-A61D-DD5DF6CF681C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC3B5FC8-4E5F-416A-8406-661B1F8C4511}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1615A1CF-F2BA-490D-8A01-ADBB4C48B527}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C2E297C8-D7F8-4288-99D9-0A581D4EBFC2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B312E4CE-E931-4D20-8234-1F589D5A8FA2}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS05B0\HPDiagnosticCoreUI.exe
FirewallRules: [{72F52E84-1FDF-4816-AB37-464EDFD13ABA}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS05B0\HPDiagnosticCoreUI.exe
FirewallRules: [{6AA45DCF-355E-42EA-85A9-296F2DA71D47}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS0695\HPDiagnosticCoreUI.exe
FirewallRules: [{F023493D-EC6E-41E4-9230-95BED396B879}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS0695\HPDiagnosticCoreUI.exe
FirewallRules: [{8DDE5744-BBD8-4AF6-BFEA-31A62389DC25}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Wiederherstellungspunkte =========================

24-09-2016 17:20:29 Windows Update
04-10-2016 15:55:54 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/05/2016 09:23:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 15.0.20.59 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6ae0

Startzeit: 01d21e7c1feb0c2c

Endzeit: 60000

Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avscan.exe

Berichts-ID: 8418a6ee-8ac9-11e6-82c6-c45444b9ba5e

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/04/2016 04:06:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5562

Error: (10/04/2016 04:06:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5562

Error: (10/04/2016 04:06:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/04/2016 04:06:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4375

Error: (10/04/2016 04:06:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4375

Error: (10/04/2016 04:06:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/04/2016 04:06:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3250

Error: (10/04/2016 04:06:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3250

Error: (10/04/2016 04:06:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Systemfehler:
=============
Error: (10/04/2016 03:46:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.

Error: (10/04/2016 03:46:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.

Error: (09/26/2016 01:08:35 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (09/26/2016 01:12:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎26.‎09.‎2016 um 11:06:13 unerwartet heruntergefahren.

Error: (09/24/2016 05:45:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.

Error: (09/24/2016 05:45:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.

Error: (09/08/2016 03:45:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: Intel Corporation driver update for Intel(R) HD Graphics Family

Error: (09/08/2016 03:43:46 PM) (Source: DCOM) (EventID: 10001) (User: ROXYSPC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.onenoteim.AppXz97txms671kxkms1js0am360cp52b5qq.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"31"
Aufgetreten beim Start dieses Befehls:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:microsoft.onenoteim.AppXm6fgyxg551ans5s3xmezr3h6w655wb0r.mca

Error: (09/07/2016 01:12:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: Intel Corporation driver update for Intel(R) HD Graphics Family

Error: (09/07/2016 08:39:16 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.


CodeIntegrity:
===================================
  Date: 2014-11-21 20:03:52.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 20:03:52.374
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.824
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 8115.27 MB
Verfügbarer physikalischer RAM: 6101.07 MB
Summe virtueller Speicher: 9395.27 MB
Verfügbarer virtueller Speicher: 7064.68 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:913.91 GB) (Free:744.84 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A086831E)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B 09.10.2016 12:48
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!





Schritt 0
Deinstalliere Google Chrome über die Systemsteuerung und wähle "Alle Browserdaten löschen" (oder ähnlich) auch mit aus.
Rechner neu starten.
Google Chrome wieder neu installieren, wenn es benötigt wird (keine Erweiterunge, etc. installieren).






Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
    • Chrome Einstellungen
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

fixnroxy 09.10.2016 17:26
Hallo Matthias, hier die weiteren LOGFiles:

//EDIT: Google Chrome konnte ich nicht deinstallieren, ich konnte es nicht in den Programmen finden (?)

ADWCleaner:
Code:
# AdwCleaner v6.021 - Bericht erstellt am 09/10/2016 um 14:50:40
# Aktualisiert am 06/10/2016 von ToolsLib
# Datenbank : 2016-10-07.1 [Server]
# Betriebssystem : Windows 8.1  (X64)
# Benutzername : Roxy - ROXYSPC
# Gestartet von : C:\Users\Roxy\Desktop\AdwCleaner_6.021.exe\AdwCleaner_6.021.exe
# Modus: Löschen
# Unterstützung : https://toolslib.net/forum



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Program Files\Booking.com
[-] Ordner gelöscht: C:\Users\Default User\AppData\Local\Pokki
[#] Ordner mit Neustart gelöscht: C:\Users\Default\AppData\Local\Pokki


***** [ Dateien ] *****

[-] Datei gelöscht: C:\Users\Roxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] Datei gelöscht: C:\Users\Roxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] Datei gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] Datei gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_76f57b4f4c47bb9be5a61f33564f4ce99c295a7c
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D831E399-50FE-84AE-F5F7-0A63AC282464}
[-] Wert gelöscht: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2800 Bytes] - [09/10/2016 14:50:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [2919 Bytes] - [09/10/2016 14:48:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2946 Bytes] ##########
MBAM:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 09.10.2016
Suchlaufzeit: 14:57
Protokolldatei: mbam_protokoll.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.10.09.04
Rootkit-Datenbank: v2016.09.26.02
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Roxy

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 343739
Abgelaufene Zeit: 23 Min., 55 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 1
PUP.Optional.DownloadGuide, C:\$Recycle.Bin\S-1-5-21-1070502710-3685973896-1333799553-1001\$RXCIOUC.exe, In Quarantäne, [ef391681158559dd6f9b55359968e020],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 x64
Ran by Roxy (Administrator) on 09.10.2016 at 17:56:52,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.10.2016 at 17:58:18,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
durchgeführt von Roxy (Administrator) auf ROXYSPC (09-10-2016 18:00:56)
Gestartet von C:\Users\Roxy\Desktop
Geladene Profile: Roxy (Verfügbare Profile: Roxy)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-03-26] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [830064 2016-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25243040 2016-10-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\Run: [Spotify Web Helper] => C:\Users\Roxy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-25] (Spotify Ltd)
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\Run: [Spotify] => C:\Users\Roxy\AppData\Roaming\Spotify\Spotify.exe [6795376 2016-09-25] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
Startup: C:\Users\Roxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk [2016-10-09]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{78E2F4C8-CE86-4774-A03A-38E6EDA6EAB1}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FE0DF54E-1611-4112-8F86-8D9005389837}: [DhcpNameServer] 40.32.1.67 40.32.1.67

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default [2016-10-09]
FF Homepage: Mozilla\Firefox\Profiles\37u48bk9.default -> about:home
FF Extension: (download addon) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{9b47e9a8-33da-4702-afb4-0629faf221a1}.xpi [2016-05-20] [ist nicht signiert]
FF Extension: (MPEG4 Notifier Pro) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{b2d8897b-71d4-4297-8a2a-4623c6685124}.xpi [2015-12-27] [ist nicht signiert]
FF Extension: (Adblock Plus) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [989696 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1454720 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-13] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-10-06] (Windows (R) Win 7 DDK provider)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1616160 2014-03-26] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-28] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [111336 2014-04-28] (GenesysLogic)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-20] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-10-09 18:00 - 2016-10-09 18:01 - 00020747 _____ C:\Users\Roxy\Desktop\FRST.txt
2016-10-09 17:58 - 2016-10-09 17:58 - 00000542 _____ C:\Users\Roxy\Desktop\JRT.txt
2016-10-09 17:55 - 2016-10-09 17:55 - 01631928 _____ (Malwarebytes) C:\Users\Roxy\Desktop\JRT.exe
2016-10-09 14:56 - 2016-10-09 14:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-09 14:56 - 2016-10-09 14:56 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-09 14:56 - 2016-10-09 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-09 14:56 - 2016-10-09 14:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-09 14:56 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-09 14:56 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-09 14:56 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-09 14:54 - 2016-10-09 14:55 - 22851472 _____ (Malwarebytes ) C:\Users\Roxy\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-09 14:54 - 2016-10-09 14:54 - 00003028 _____ C:\Users\Roxy\Desktop\AdwCleaner[C0].txt
2016-10-09 14:46 - 2016-10-09 14:50 - 00000000 ____D C:\AdwCleaner
2016-10-09 14:45 - 2016-10-09 14:46 - 00000000 ____D C:\Users\Roxy\Desktop\AdwCleaner_6.021.exe
2016-10-09 14:45 - 2016-10-09 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-09 14:45 - 2016-10-09 14:45 - 00000000 ____D C:\Program Files\7-Zip
2016-10-09 14:41 - 2016-10-09 14:41 - 03874368 _____ C:\Users\Roxy\Desktop\AdwCleaner_6.021.exe.part
2016-10-09 10:44 - 2016-10-09 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-09 10:08 - 2016-10-09 18:00 - 00000000 ____D C:\FRST
2016-10-09 10:07 - 2016-10-09 10:07 - 02405376 _____ (Farbar) C:\Users\Roxy\Desktop\FRST64.exe
2016-10-06 23:06 - 2016-10-06 23:06 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe
2016-10-06 23:00 - 2016-10-06 23:00 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-06 23:00 - 2016-10-06 23:00 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-06 23:00 - 2016-10-06 23:00 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-04 18:18 - 2016-10-04 18:18 - 01764426 _____ C:\Users\Roxy\Documents\Timos Praktikumsbescheinigungen.pdf
2016-09-24 18:42 - 2016-09-24 18:42 - 00001118 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-09-14 09:48 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 09:48 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 09:48 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 09:48 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-14 09:48 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 09:48 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 09:48 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 09:48 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 09:48 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 09:48 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 09:48 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 09:48 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 09:48 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 09:48 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 09:48 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 09:48 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 09:48 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 09:48 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 09:48 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 09:48 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 09:48 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 09:48 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 09:48 - 2016-08-26 06:41 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-09-14 09:48 - 2016-08-26 06:00 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-09-14 09:48 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-14 09:48 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 09:48 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 09:48 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-14 09:48 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 09:48 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-14 09:48 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-14 09:48 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 09:48 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 09:48 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 09:48 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 09:48 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 09:46 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 09:46 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 09:46 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 09:46 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 09:46 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 09:46 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 09:46 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 09:46 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 09:46 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 09:46 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 09:46 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 09:46 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 09:46 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 09:46 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 09:46 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 09:46 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 09:46 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-14 09:46 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 09:46 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-14 09:46 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 09:46 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-14 09:46 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-14 09:46 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-09-14 09:46 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-09-14 09:46 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-14 09:46 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-14 09:46 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-14 09:46 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-09-14 09:46 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2016-09-14 09:46 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-14 09:46 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2016-09-14 09:46 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-09-14 09:46 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-09-14 09:46 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-09-14 09:46 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-09-14 09:46 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-09-14 09:46 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-14 09:46 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-09-14 09:46 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2016-09-14 09:46 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-14 09:46 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-09-14 09:46 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-09-14 09:46 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2016-09-14 09:46 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-09-14 09:46 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-09-14 09:46 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-14 09:46 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2016-09-14 09:46 - 2016-07-04 05:37 - 02897920 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-09-14 09:46 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-09-14 09:46 - 2016-07-04 05:04 - 02539008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-09-14 09:46 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-09-14 09:46 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-14 09:46 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2016-09-14 09:46 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2016-09-14 09:46 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-10-09 18:00 - 2014-10-23 20:40 - 00000000 ___RD C:\Users\Roxy\OneDrive
2016-10-09 17:59 - 2014-10-18 05:18 - 00000000 ____D C:\Users\Roxy\AppData\Local\CrashDumps
2016-10-09 17:44 - 2016-06-13 21:38 - 00001226 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-09 17:43 - 2016-06-13 21:38 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-09 17:43 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-10-09 17:38 - 2014-10-19 12:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-09 15:24 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-09 15:22 - 2014-10-18 04:26 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1070502710-3685973896-1333799553-1001
2016-10-09 14:51 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-09 10:45 - 2016-06-13 21:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-09 10:41 - 2014-11-03 01:30 - 00050176 ___SH C:\Users\Roxy\Desktop\Thumbs.db
2016-10-09 09:57 - 2014-10-18 04:19 - 00000000 ____D C:\Users\Roxy
2016-10-04 15:46 - 2016-06-13 21:38 - 00000000 ____D C:\Users\Roxy\AppData\Local\Dropbox
2016-09-28 11:51 - 2014-10-18 14:22 - 00000000 ____D C:\Users\Roxy\AppData\Local\Spotify
2016-09-28 11:21 - 2014-10-18 14:22 - 00000000 ____D C:\Users\Roxy\AppData\Roaming\Spotify
2016-09-28 09:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-09-26 13:24 - 2014-08-10 12:04 - 00765582 _____ C:\Windows\system32\perfh007.dat
2016-09-26 13:24 - 2014-08-10 12:04 - 00159366 _____ C:\Windows\system32\perfc007.dat
2016-09-26 13:24 - 2014-03-18 12:03 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-26 13:19 - 2013-08-22 16:44 - 00492368 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-26 13:09 - 2014-03-18 11:45 - 00000000 ____D C:\Windows\ShellNew
2016-09-26 13:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-26 13:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup
2016-09-25 09:12 - 2014-10-23 19:32 - 00000000 ____D C:\Windows\system32\MRT
2016-09-25 09:07 - 2014-10-23 19:32 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-25 09:06 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-24 18:42 - 2016-05-28 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-24 18:42 - 2016-01-15 19:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-24 17:33 - 2014-10-20 17:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-09-24 17:33 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-24 17:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-24 17:31 - 2014-11-14 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-24 17:30 - 2014-11-14 11:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-24 17:30 - 2014-11-14 11:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-24 17:22 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini
2016-09-13 10:38 - 2014-10-19 12:42 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 10:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 10:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-03 01:05 - 2014-11-03 01:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-10 02:38 - 2014-08-10 02:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Roxy\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\Roxy\AppData\Local\Temp\AOPSetup.exe
C:\Users\Roxy\AppData\Local\Temp\avgnt.exe
C:\Users\Roxy\AppData\Local\Temp\COMAP.EXE
C:\Users\Roxy\AppData\Local\Temp\HPPSdr.exe
C:\Users\Roxy\AppData\Local\Temp\libeay32.dll
C:\Users\Roxy\AppData\Local\Temp\msvcr120.dll
C:\Users\Roxy\AppData\Local\Temp\oct13B3.tmp.exe
C:\Users\Roxy\AppData\Local\Temp\oct5717.tmp.exe
C:\Users\Roxy\AppData\Local\Temp\ose00000.exe
C:\Users\Roxy\AppData\Local\Temp\ose00001.exe
C:\Users\Roxy\AppData\Local\Temp\Quarantine.exe
C:\Users\Roxy\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-10-09 10:23

==================== Ende von FRST.txt ============================
Addition:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-10-2016
durchgeführt von Roxy (09-10-2016 18:01:46)
Gestartet von C:\Users\Roxy\Desktop
Windows 8.1 (Update) (X64) (2014-10-18 02:19:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1070502710-3685973896-1333799553-500 - Administrator - Disabled)
Gast (S-1-5-21-1070502710-3685973896-1333799553-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1070502710-3685973896-1333799553-1003 - Limited - Enabled)
Roxy (S-1-5-21-1070502710-3685973896-1333799553-1001 - Administrator - Enabled) => C:\Users\Roxy

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2011.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.02.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 11.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.43.1 - Dropbox, Inc.) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.1 - Genesys Logic)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 de)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Grafiktreiber 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{FD1F398D-BD56-43E6-8E58-707857AC9A8C}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4D388B3-8FB2-4633-A58E-285108713FB1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{C4D388B3-8FB2-4633-A58E-285108713FB1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{C4D388B3-8FB2-4633-A58E-285108713FB1}) (Version:  - Microsoft)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0692C379-F47D-4B8A-803F-21AA3547BCD1} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1449BDB3-BFEB-4269-95FE-B2221D1CAE32} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {1BDD1304-A5D0-49B6-AC76-9ECBABCEE7C5} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {1EA3EFD4-E3E4-460C-93E4-BCD43CA078F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {35276026-680D-49BF-94B1-91098B6A18F2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-10-20] (Acer)
Task: {5AFF5723-57A8-447B-8656-E823AB4AE77F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6324612D-0EBE-4267-8926-62F4C7224B57} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6DD03667-4424-4D20-89CA-296485F9DFB3} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {7E801D45-EFE3-43EA-85FE-D0B74C1A914D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-13] (Dropbox, Inc.)
Task: {8801C100-9FA8-48D3-99A6-C7436C1A0183} - System32\Tasks\{3FA4E014-1866-4471-8784-4CE5FDD42245} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe"
Task: {90D13726-8046-4D26-BFAE-E5AA13D112F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {947737E2-3C56-4848-9F3F-9AD62866346C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-09-25] (Microsoft Corporation)
Task: {9E6AA8C1-5B95-49E3-89CD-A50F9A3B1280} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {A32B245C-FEC7-4384-8DB3-D6E40B69635C} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {B7A6152F-B8A2-4387-B50E-4EE471DDB453} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-13] (Dropbox, Inc.)
Task: {BDD7E3DA-F247-47E7-801E-AE69337BBED2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {BFB4F2D7-7222-436E-B11F-5DE8E33A0A26} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {EA3F60A6-5B32-4A75-86CE-D56BDC807B51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-10 03:06 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-08-10 02:42 - 2013-12-10 01:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1001movie.com -> 1001movie.com

Da befinden sich 6088 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roxy\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\StartupApproved\Run: => "Spotify"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{262A5919-E5B1-439A-AE72-E366750707DE}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8DB348F3-0F77-40F7-831C-DD9B40C8A373}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{176DC937-4EA3-4B99-B17F-DA742CDCD1D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F36F0F28-E934-4DF0-A51E-01E2DB22A1B5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{581A077E-73E5-4466-92EF-7D6359AF57A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6A597CE8-A790-4257-8273-A04AC4420219}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A2EFA8C6-C694-473E-9491-B44DE5213B23}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0F9A8ECB-B678-4362-B3F9-717EBA6B7DC5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4D4CA22B-D9EA-44CE-B80D-43CD79E67EA8}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E2713E33-268C-4151-AF82-ADA9D351C250}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C6A8F975-0FBC-4384-9746-AA04805A34DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1FC16DB7-9DE2-4A55-A774-FCBCBF5704EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{03ACCB66-0763-48CE-A62D-7DBF4673236B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{38BA2756-3C73-4E7B-8702-9492CA1B905A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CC6EDDED-6751-4E7D-912F-15E681E00D3C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{5B90DBDF-079A-4EE7-9080-6A0024F814F6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4047CBF4-0461-4A19-B7B9-473E83324E13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{B52D4761-364E-4432-9803-23A31E5EAD89}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{5C1804D8-B391-4913-858F-D818370EE067}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B26C685E-76CC-40F4-888B-9FFA00923F7E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{DD9252DB-BFBB-41F0-9835-BF47EF84DA48}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2761BEA5-C893-4C48-A003-80F228D10F87}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{D8345E48-337D-4292-BEC6-9C72BF4B97A4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{298FC49D-C29F-4FC0-8278-DC405A132B06}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{15B4884B-2726-4031-A46A-4C973D18BAA3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{273CCA38-DE11-44B5-B287-03976E2772D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{5D1EEA64-0A66-4046-9689-D69E3527F967}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{D82516AC-9A85-4C3D-97E9-8503946E2199}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{22D36947-5429-4B34-86CB-2BCD9B2BAD97}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CCBB9D5F-559F-4959-A93B-922824D415AA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{94520434-6D52-4E3C-BD89-A2078A0E7B13}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{58904A97-66B9-47EE-8842-41B3E66B2176}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{B381C194-2EEC-4716-8517-7219857290CA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{32A24B8F-FD29-40E1-986A-76BBCCCA2152}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{33CCFA5E-C9DF-49A2-9BBD-C7723BFA64BB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{98980662-79D5-4529-A44C-070FD6916C1F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{8E99541D-5854-4A9C-95FF-5DCFFF22ABFE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{EBC3588A-E803-407A-BFFD-6DE4968259FB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{963DD381-8C9B-4D5C-A1DB-35AF7A07DCE0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{F0710F71-DD80-4EA0-8C0F-093B1EA961CF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{69633FC3-4210-4572-88C7-E0EBBBC80097}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52F2B8C8-7852-4B5D-8C48-39F26B15043B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B800E3D0-681D-467C-948A-EC7D37711F0D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{322E9C96-5D7F-4AF4-8715-D3FA53F06886}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5EC85835-2CD9-4D65-85FB-706790E77CA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8358D37E-06DB-4062-8E52-B1A4C073A8F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{42CA62FC-AD76-4B10-A5D7-24AE7E1D00C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{FF455CA0-3F78-4F4E-9BFA-19A1E3FAC727}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{51607E45-6433-4067-8288-13519718F3A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{88C317C8-A00B-4670-B5A2-8FC40AA09BCF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AB264847-8CB5-4B76-A24B-5B544ED373D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAFF0F56-590D-4E6D-908B-954003B994AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{17A23AC7-B83F-411B-8CCA-6580D17930A3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{938818FC-757D-49D0-8714-6E0BE1581E4E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4BD65EC9-FEEA-459C-947D-13E61F014592}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{81D11DDC-BE74-4E71-ABFC-EEBFDCFD8D74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{37970989-CF7B-48AC-93F5-F2E2C8D68D0F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4EA1A20F-A346-4DC9-9E0A-CCB75328070E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{695CDC50-67C1-45EB-B2B4-F36B2D50257F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{1C2A9B3F-4859-4277-A686-C117513433D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C4EE6440-1ACD-4CB6-AE53-5AEEF1D27F40}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C52B29D9-8A9E-4985-A9B9-ED8B3535C2FD}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\KMSpico\cert\debitis.exe
FirewallRules: [{887147C1-85E2-481F-B92B-8DA23D41CBE4}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\KMSpico\cert\debitis.exe
FirewallRules: [{C46E1036-DE01-4FA9-9A4D-E41273BFE964}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A607DA1E-9D91-4877-ADC1-71A2C13DA59F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5CC78DF6-495F-4EF6-94F3-1CE2602BF82E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E95CA1A3-AE2F-4099-918D-C06A01FEED17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EAD0EA01-3702-4435-ACB4-ED321DA2363F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A2F47C1E-B27C-4962-84FD-65459DEF816B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EDD4331B-ADA4-4E12-9E4B-DAAA49ED8C91}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6399CDA0-C791-4570-9A6D-4688A518DE6D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{51E2B8CA-81B4-4F4F-AF44-0AAA8A97708E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9A662479-EBE1-458F-9317-A7194F7E590F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0367D0EA-8AD5-4078-B43A-7D93278AB631}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{16A9C186-7686-4359-A6CF-CB57FFF3AD11}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{108787A8-2FF8-4559-B339-5A59DE99A96C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D951D056-3A3C-4987-A28C-85B7D049240D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E3E2D011-FD44-4DDF-A350-9D880D84C349}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{85B4DF10-F55C-4B7A-AA99-D7AC157DBFA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{886233B0-E99A-4CFD-B81D-A7B19ED86D03}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{FA3C1BE3-B4D2-491F-B60D-AACE0FE49E47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51BBA38A-37BB-4815-837A-ABADFF96A093}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3C7DFB03-8832-4472-8637-57C2CB483590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F182CA9-3870-47DB-A618-24313042D505}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{3BF35386-4C19-4931-BCF8-A6B9033206D1}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{12E124B5-BE0D-4BCE-A8EC-D06B232D75BF}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3D56511A-995C-46D1-8F0A-FD979942C289}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C63CE034-8D28-4797-9996-90461D7CCB2C}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A63D8471-0E2F-4102-A68F-7E256BB86DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{97A0D091-A12B-4A56-91FE-C53ED0879A9A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{044382D6-D437-4EDA-B39B-7BACC2659802}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B39E7A3A-DFC3-436F-8637-26E37DC21D45}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{53941CC1-1715-4A90-981E-FDADC0F4D6C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D4E632F-0623-4421-9DA7-7F9BA6D5EA9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{70E42BA7-7F72-4DFB-9B80-3CBA313916A7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0B7FCD43-62CA-498A-872D-3637693BB89C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{00CF513D-1CFE-4400-9EE4-929C403D2C79}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{59C13D73-D934-49BB-A0BF-3F9AF376DC05}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A1C4746C-05E8-4B79-A532-530ED2F56F16}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS13D2\HPDiagnosticCoreUI.exe
FirewallRules: [{C6687C5B-C00C-4269-B377-DE8DF59EF106}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS13D2\HPDiagnosticCoreUI.exe
FirewallRules: [{D5DDFAAE-A217-40BB-AF64-320243A85828}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB768125-0ED7-4818-A61D-DD5DF6CF681C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC3B5FC8-4E5F-416A-8406-661B1F8C4511}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1615A1CF-F2BA-490D-8A01-ADBB4C48B527}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C2E297C8-D7F8-4288-99D9-0A581D4EBFC2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B312E4CE-E931-4D20-8234-1F589D5A8FA2}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS05B0\HPDiagnosticCoreUI.exe
FirewallRules: [{72F52E84-1FDF-4816-AB37-464EDFD13ABA}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS05B0\HPDiagnosticCoreUI.exe
FirewallRules: [{6AA45DCF-355E-42EA-85A9-296F2DA71D47}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS0695\HPDiagnosticCoreUI.exe
FirewallRules: [{F023493D-EC6E-41E4-9230-95BED396B879}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS0695\HPDiagnosticCoreUI.exe
FirewallRules: [{8C3C73C8-BD19-4664-8FDF-3F383E4C347C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Wiederherstellungspunkte =========================

04-10-2016 15:55:54 Geplanter Prüfpunkt
09-10-2016 17:57:01 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/09/2016 05:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0xba4
Startzeit der fehlerhaften Anwendung: 0x01d222461eb7c808
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 5f659691-8e39-11e6-82c9-c45444b9ba5e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/09/2016 05:59:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei updater.Report.AddFPToResult(updater.Result)
  bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
  bei updater.DownloadMgr.DownloadFile(System.String, System.String)
  bei updater.DownloadMgr.Worker(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (10/09/2016 03:23:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (10/09/2016 03:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0x1e40
Startzeit der fehlerhaften Anwendung: 0x01d2222e164b19d9
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 459615d5-8e22-11e6-82c8-c45444b9ba5e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/09/2016 03:14:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei updater.Report.AddFPToResult(updater.Result)
  bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
  bei updater.DownloadMgr.DownloadFile(System.String, System.String)
  bei updater.DownloadMgr.Worker(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (10/09/2016 02:57:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (10/09/2016 02:45:57 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (10/09/2016 01:02:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13250

Error: (10/09/2016 01:02:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13250

Error: (10/09/2016 01:02:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Systemfehler:
=============
Error: (10/09/2016 05:57:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2016 02:55:49 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{EA022610-0748-4C24-B229-6C507EBDFDBB}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/09/2016 02:49:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (10/09/2016 02:49:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DbxSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2016 02:49:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "User Experience Improvement Program" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2016 02:49:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/09/2016 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2016 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2016 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access RadioMgr Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2016 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2014-11-21 20:03:52.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 20:03:52.374
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.824
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 8115.27 MB
Verfügbarer physikalischer RAM: 6126.5 MB
Summe virtueller Speicher: 9395.27 MB
Verfügbarer virtueller Speicher: 7258.24 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:913.91 GB) (Free:749.61 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A086831E)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B 09.10.2016 20:34
Servus,





Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Tcpip\..\Interfaces\{FE0DF54E-1611-4112-8F86-8D9005389837}: [DhcpNameServer] 40.32.1.67 40.32.1.67
C:\Users\Roxy\AppData\Local\Google\Chrome
FF Homepage: Mozilla\Firefox\Profiles\37u48bk9.default -> about:home
Task: {8801C100-9FA8-48D3-99A6-C7436C1A0183} - System32\Tasks\{3FA4E014-1866-4471-8784-4CE5FDD42245} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe"
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *Wajam*
    *Booking.com*
    *Pokki*

    :folderfind
    *Wajam*
    *Booking.com*
    *Pokki*

    :regfind
    Wajam
    Booking.com
    Pokki
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

fixnroxy 10.10.2016 08:42
Systemlook Part 1:
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 09:19 on 10/10/2016 by Roxy
Administrator - Elevation successful

========== filefind ==========

Searching for "*Wajam*"
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\WajamInternetEnhancerService.exe.6444.dmp        --a---- 229080 bytes        [10:09 20/11/2014]        [10:09 20/11/2014] 92A02AF3D24992668B9C7FB23866BF4D
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\WajamInternetEnhancerService.exe.6840.dmp        --a---- 229248 bytes        [10:08 20/11/2014]        [10:08 20/11/2014] FBA0A7EA83F7720FBEC59172663A5718
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WajamInternetEnhancer.exe.log        --a---- 844 bytes        [20:10 20/11/2014]        [20:10 20/11/2014] 313E6355E64B269D85AE72258CB253F6

Searching for "*Booking.com*"
C:\AdwCleaner\quarantine\files\jeesbqeessttvhnfcutjzhpvkrkogyga\Booking.com.lnk        --a---- 1966 bytes        [12:49 09/10/2016]        [01:00 10/08/2014] 549353B4D22795AE55D29C133083E6CC
C:\ProgramData\Microsoft\Windows\AppRepository\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr.xml        --a---- 12074 bytes        [02:13 18/10/2014]        [02:13 18/10/2014] 8A158CDEC489836BB7D1C60DC5EE203D
C:\Users\All Users\Microsoft\Windows\AppRepository\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr.xml        --a---- 12074 bytes        [02:13 18/10/2014]        [02:13 18/10/2014] 8A158CDEC489836BB7D1C60DC5EE203D
C:\Users\Default\Favorites\Booking.com.url        --a---- 133 bytes        [01:00 10/08/2014]        [01:00 10/08/2014] 22E983AD2F0009FCED03B1F63B79B433
C:\Users\Roxy\Favorites\Booking.com.url        --a---- 133 bytes        [02:19 18/10/2014]        [10:07 20/11/2014] 22E983AD2F0009FCED03B1F63B79B433

Searching for "*Pokki*"
C:\AdwCleaner\quarantine\files\vaedpzloptdxgfgbgxkiswleyqidqafy\Engine\libPokki.dll        --a---- 49324032 bytes        [12:49 09/10/2016]        [01:11 25/01/2014] 1A523CB15A11B8FA8EF191B11F84011F
C:\AdwCleaner\quarantine\files\vaedpzloptdxgfgbgxkiswleyqidqafy\Engine\sysapps\notifications\assets\scripts\platform\templates\pokkiApp.handlebars        --a---- 511 bytes        [12:49 09/10/2016]        [16:06 17/01/2014] 9FBCA64AA76DF50BE494A33C3EBC8E18
C:\AdwCleaner\quarantine\files\vaedpzloptdxgfgbgxkiswleyqidqafy\Engine\sysapps\notifications\assets\scripts\platform\views\pokkiApp.js        --a---- 4277 bytes        [12:49 09/10/2016]        [16:06 17/01/2014] 5E0CBA06F6E6CE36332317F5030CAF40
C:\AdwCleaner\quarantine\files\vaedpzloptdxgfgbgxkiswleyqidqafy\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\pokkistore.js        --a---- 594 bytes        [12:50 09/10/2016]        [16:07 17/01/2014] 16FCB9D66D5E7D25F0A59D7AF809A306
C:\AdwCleaner\quarantine\files\vaedpzloptdxgfgbgxkiswleyqidqafy\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\lib\pokkiHelper.js        --a---- 6470 bytes        [12:50 09/10/2016]        [16:07 17/01/2014] 82C56D3875D29FAF35867873F0761526
C:\AdwCleaner\quarantine\files\vaedpzloptdxgfgbgxkiswleyqidqafy\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\lib\pokkiHostedFramework-2.1.1.js        --a---- 19835 bytes        [12:50 09/10/2016]        [16:07 17/01/2014] 7D60EFD1316202268585B90D28845883
C:\AdwCleaner\quarantine\files\vaedpzloptdxgfgbgxkiswleyqidqafy\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\lib\pokkiHostedFramework-2.1.1.min.js        --a---- 9448 bytes        [12:50 09/10/2016]        [16:06 17/01/2014] 80A4C29A34DA7768DDFC978E0777E53C

========== folderfind ==========

Searching for "*Wajam*"
No folders found.

Searching for "*Booking.com*"
C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr        d------        [01:15 10/08/2014]
C:\Users\Roxy\AppData\Local\Microsoft\Windows\Application Shortcuts\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr        d------        [02:20 18/10/2014]
C:\Users\Roxy\AppData\Local\Packages\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr        d------        [02:21 18/10/2014]

Searching for "*Pokki*"
C:\AdwCleaner\quarantine\files\vaedpzloptdxgfgbgxkiswleyqidqafy\Pokkies        d------        [12:50 09/10/2016]

========== regfind ==========

Searching for "Wajam"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Wajam\uninstall.exe"="$ Win7RTM"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Wajam\uninstall.exe"="$ Win7RTM"

Searching for "Booking.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppSync\Sync\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr-0]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{01706005-2547-53AD-BE6E-86EF90D66D71}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0695B180-7E31-5B0C-9D31-5EC3EA0617AC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{069C8447-E94E-5A1A-99C4-ED3B49DCDE76}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0D9552AC-35E6-55A5-BD4C-61049D572B78}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{13E979C1-EB71-5BBC-AE91-6A0D4D1DA1AD}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1C05408D-C1B4-5934-B59A-42EBF74906DC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1D1093DF-DF12-5453-826E-71A5D271B20F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1ED5B1A3-9105-54C4-9B6C-24257E0A483E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1EE1A187-88B2-5404-A23D-B3F483BFF3DF}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{213522BB-7A4B-539E-95A7-B1C358DF2375}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{22EDA0F0-D149-5872-815D-E4530F70C0F0}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{272E895F-3BD7-56B7-ACC1-4D6426C1BB72}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{29186E85-6B47-5101-A86B-22CBD1A93E30}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2C4251F9-770C-59BE-9932-C8819032DEEC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2EFE3B62-9C82-56B8-8793-891FD6FC24F6}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{39412CE3-8DCA-5DF0-8F07-44F04045F85F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{41E9CDBF-33B6-5297-BD96-948D37103DC9}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4770C928-1213-5ADD-822D-1689ED59599D}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{48B45A12-95F7-5729-A3F0-B31FE8953644}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4D3B4B54-575B-5C9F-B9A3-6FEDF5F659FD}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4DA36EFE-4CB4-5819-A096-233C6FBBC7AA}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{52A938E0-E9BA-51E6-8BCB-6CB0F78C936A}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{546BF0C3-5502-5062-9F94-DDEF390DFBA7}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{57C02438-A63F-5EA4-B59E-24A4A4A27ECD}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5C4C37E8-53EA-5C79-BBB4-E35A3E525E3E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{620B87FD-9C95-574C-A086-CAE1E5A59A49}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{62128B40-579B-570D-A944-B13B1488F892}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{66372A23-8B9D-578F-82CF-380117E9EC0A}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{672F3741-32D2-569B-87CB-943C6D1B93A7}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{685F25DD-A032-51E5-A509-9640493E1757}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6AB68C0A-FE40-5CE0-9494-BD376CFE2F0F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6BB6AC6B-CE0B-51F3-9CF5-8E8990B75063}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6E117830-1DA0-5138-B7CF-2DF7359EF696}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{721B0615-14A3-590E-B38E-4D5A278EC567}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{749129CB-92BE-5436-B9B9-13D87BA3E219}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{76C66B49-F3B6-5F42-9A52-D4F8C6BD5DFE}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{78CC60C3-B089-5704-8F63-5B3C057DB290}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{790264B4-8811-580F-9D6A-ED3201C26478}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7FBBF721-A1E2-5094-94F1-CFB21DD61E39}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{80698AFB-83B6-5200-9DE1-5135D353A07E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8561D682-65A0-5086-A14C-92820F1B03FB}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{881F602D-857C-5C46-8C68-D341DD3C1261}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8FF994F0-D16F-56B4-A4DB-8DDED8BD4948}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{906D0AC3-E71A-5D3C-A4B8-B8F924ACF42E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{921E1E94-FEDA-59B6-B3BE-5E4FB413E7F0}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{94FE15B4-0C3A-5631-9662-2EB8CAEC25D5}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{994DA0D3-4782-58BA-A819-E4E4AF304228}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9E9D3A0E-906A-5313-BC25-CDCD447945A8}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A41AC1F9-D7F4-5028-889B-BA7C32E60ECC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A8271BC4-E6E9-5387-8451-19A2CECCC91F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A91BA766-63C6-552A-9CB4-DB661E35495F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AB962E75-8930-53E6-840B-B385BA91D47D}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B0AEDEAB-3B5B-58BB-BC5D-8B9D1662C476}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B373C5E8-9261-5E04-B551-83A503D3FBA6}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B712CFBC-F307-5A81-AF45-8441F50EBEE4}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B713A0CF-B94F-5CAB-8417-502D29AA566B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BEF48896-65E8-5D64-8A53-DEEF5C231584}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C125116F-1CA1-5F6C-AA2A-F430749EFAF5}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C26B807E-7765-58C5-A26A-ABC2B795261A}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C613FFE5-8E32-540E-B977-758E9C575EB8}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C781CE54-4BDB-57DB-A463-2FC75FF52B63}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C823F6C9-3887-56AF-8B81-9274C40C518B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CBE52E04-385C-5B50-AFA7-D66E482CA86C}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CC738147-0C45-566D-A2CA-1141DF1082F9}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CE51A103-DC33-5FBD-BBC1-A10FA6CB2936}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D2387DAC-C057-54D8-9974-6E6824AD01BE}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D6DAE916-B922-5E65-A847-A16F7C8BE295}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DF5A63AC-5AFE-5D32-86E6-89140D5E530B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E041A634-D7A5-5B68-B3E1-860869FFF747}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E2BE3630-81E4-533E-893F-950019958144}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E39E01C0-8C3F-54AC-8E7A-02E00FA130B7}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E9A2B6DF-B866-545A-AB6B-AFFC14EE756F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EBFCB744-DCA3-566E-93C6-5BD8E2B4AB24}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EE883070-67EF-53AE-8545-6AE454B20A0B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F1FAF7BF-33FA-5C47-89F2-6CCE50E8E217}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F9AA72B2-CCAF-50F8-8EBF-AD2F39658867}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F9DF2565-0A99-5598-8EA0-88D885DF0289}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FDB52CF9-888D-5CB9-838C-F93DBDA4D0C1}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FFBDB7F3-4A48-5E70-BEB7-0AB4F10EED0F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FFF57569-1442-5408-8D46-D835FB78197E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.AccessibleContainer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Bing_Maps_XamlTypeInfo.XamlMetaDataProvider]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.CopyrightChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.CustomListView]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsContainerSelector]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsPolylineRenderOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsPushpinRenderOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsRenderOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsUIEventManager]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.HintCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.ItineraryItemCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.ItineraryItemDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.ItineraryItemDetailsCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.LocationDisambiguationCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.NamesCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteLegCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteLegDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteLegDataTemplateSelector]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.SignCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.TransitLineCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.TransitRouteDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.WarningCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.Waypoint]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.WaypointCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LandmarkCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LandmarkTappedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Location]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LocationCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LocationRect]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LocationRectCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Map]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapAddress]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapAnimationDuration]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapAutomationPeer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapItemsControl]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapLayer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapMultiPoint]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapPolygon]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapPolyline]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShape]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShapeCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShapeLayer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShapeLayerCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapStyleChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapTileLayer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapTileLayerCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapUIElementCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.PanelBase]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Pushpin]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.PushpinAutomationPeer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.GeocodeLocationCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.GeocodePointCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.GeocodeRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.ReverseGeocodeRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TargetViewChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TileDownloadCompletedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TileServersAvailabilityChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Traffic.TrafficIncidentCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Traffic.TrafficIncidentPushpinOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Traffic.TrafficIncidentRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TransitRouteCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.ActiveFloorChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.ActiveVenueChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.FloorCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.NearbyVenueCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.NearbyVenueOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueByCountryCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueByCountryOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueCountryCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueEntityCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueFloorDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.ViewChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.ViewChangeEndedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.ViewChangeStartedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\App.AppXtgbnesgq7e4dcgaky0vdc0gmt369s0p9.mca]
"ExePath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Booking.Win8.exe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\App.AppXtgbnesgq7e4dcgaky0vdc0gmt369s0p9.mca]
"AppUserModelId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\BackgroundTaskHost.1]
"AppUserModelId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\BackgroundTransferHost.1]
"AppUserModelId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Vendor"="Booking.com B.V."
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Icon"="@{4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr?ms-resource://4AE8B7C2.Booking.comPartnerEdition/Files/Assets/Logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"DisplayName"="Booking.com Partner Edition"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Description"="Booking.com app"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Vendor"="Booking.com B.V."
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Icon"="@{4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr?ms-resource://4AE8B7C2.Booking.comPartnerEdition/Files/Assets/Logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"DisplayName"="Booking.com Partner Edition"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Description"="Booking.com app"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119]
"DisplayName"="Booking.com Partner Edition"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119]
"Moniker"="4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"PackageRootFolder"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"DisplayName"="Booking.com Partner Edition"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"PackageID"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\PackageStateRoamingCollectionId]
"CollectionId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr-0"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\SplashScreen\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\SplashScreen\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App]
"Image"="@{4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr?ms-resource://4AE8B7C2.Booking.comPartnerEdition/Files/Assets/SplashScreen.png}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\SplashScreen\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App]
"AppName"="Booking.com Partner Edition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"Path"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-1070502710-3685973896-1333799553-1001\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-1070502710-3685973896-1333799553-1001\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SVDEn\WideTiles\WideTile3]
"AppId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{77B39F34-170B-455B-A535-D7B28B0954EC}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Booking.com Partner Edition|Desc=Booking.com Partner Edition|LUOwn=S-1-5-21-1070502710-3685973896-1333799553-1001|AppPkgId=S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119|EmbedCtxt=Booking.com Partner Edition|Platform=2:6:2|Platform2=GTEQ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{2BEEB262-4300-460E-BE60-AE2C094596C2}"="v2.22|Action=Block|Active=TRUE|Dir=In|Name=Booking.com Partner Edition|Desc=Booking.com Partner Edition|LUOwn=S-1-5-21-1070502710-3685973896-1333799553-1001|AppPkgId=S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119|EmbedCtxt=Booking.com Partner Edition|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{7D414245-66CE-4867-9B61-B0F01E985CBA}"="v2.22|Action=Block|Active=TRUE|Dir=Out|Name=Booking.com Partner Edition|Desc=Booking.com Partner Edition|LUOwn=S-1-5-21-1070502710-3685973896-1333799553-1001|AppPkgId=S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119|EmbedCtxt=Booking.com Partner Edition|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{10A5021E-3B9E-47ED-AFC1-34C59CCC59D1}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Booking.com Partner Edition|Desc=Booking.com Partner Edition|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-1070502710-3685973896-1333799553-1001|AppPkgId=S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119|EmbedCtxt=Booking.com Partner Edition|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{77B39F34-170B-455B-A535-D7B28B0954EC}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Booking.com Partner Edition|Desc=Booking.com Partner Edition|LUOwn=S-1-5-21-1070502710-3685973896-1333799553-1001|AppPkgId=S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119|EmbedCtxt=Booking.com Partner Edition|Platform=2:6:2|Platform2=GTEQ|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{2BEEB262-4300-460E-BE60-AE2C094596C2}"="v2.22|Action=Block|Active=TRUE|Dir=In|Name=Booking.com Partner Edition|Desc=Booking.com Partner Edition|LUOwn=S-1-5-21-1070502710-3685973896-1333799553-1001|AppPkgId=S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119|EmbedCtxt=Booking.com Partner Edition|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{7D414245-66CE-4867-9B61-B0F01E985CBA}"="v2.22|Action=Block|Active=TRUE|Dir=Out|Name=Booking.com Partner Edition|Desc=Booking.com Partner Edition|LUOwn=S-1-5-21-1070502710-3685973896-1333799553-1001|AppPkgId=S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119|EmbedCtxt=Booking.com Partner Edition|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{10A5021E-3B9E-47ED-AFC1-34C59CCC59D1}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Booking.com Partner Edition|Desc=Booking.com Partner Edition|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-1070502710-3685973896-1333799553-1001|AppPkgId=S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119|EmbedCtxt=Booking.com Partner Edition|"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Microsoft\Windows\CurrentVersion\AppSync\Sync\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr-0]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{01706005-2547-53AD-BE6E-86EF90D66D71}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{0695B180-7E31-5B0C-9D31-5EC3EA0617AC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{069C8447-E94E-5A1A-99C4-ED3B49DCDE76}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{0D9552AC-35E6-55A5-BD4C-61049D572B78}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{13E979C1-EB71-5BBC-AE91-6A0D4D1DA1AD}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{1C05408D-C1B4-5934-B59A-42EBF74906DC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{1D1093DF-DF12-5453-826E-71A5D271B20F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{1ED5B1A3-9105-54C4-9B6C-24257E0A483E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{1EE1A187-88B2-5404-A23D-B3F483BFF3DF}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{213522BB-7A4B-539E-95A7-B1C358DF2375}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{22EDA0F0-D149-5872-815D-E4530F70C0F0}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{272E895F-3BD7-56B7-ACC1-4D6426C1BB72}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{29186E85-6B47-5101-A86B-22CBD1A93E30}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{2C4251F9-770C-59BE-9932-C8819032DEEC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{2EFE3B62-9C82-56B8-8793-891FD6FC24F6}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{39412CE3-8DCA-5DF0-8F07-44F04045F85F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{41E9CDBF-33B6-5297-BD96-948D37103DC9}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{4770C928-1213-5ADD-822D-1689ED59599D}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{48B45A12-95F7-5729-A3F0-B31FE8953644}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{4D3B4B54-575B-5C9F-B9A3-6FEDF5F659FD}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{4DA36EFE-4CB4-5819-A096-233C6FBBC7AA}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{52A938E0-E9BA-51E6-8BCB-6CB0F78C936A}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{546BF0C3-5502-5062-9F94-DDEF390DFBA7}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{57C02438-A63F-5EA4-B59E-24A4A4A27ECD}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{5C4C37E8-53EA-5C79-BBB4-E35A3E525E3E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{620B87FD-9C95-574C-A086-CAE1E5A59A49}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{62128B40-579B-570D-A944-B13B1488F892}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{66372A23-8B9D-578F-82CF-380117E9EC0A}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{672F3741-32D2-569B-87CB-943C6D1B93A7}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{685F25DD-A032-51E5-A509-9640493E1757}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{6AB68C0A-FE40-5CE0-9494-BD376CFE2F0F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{6BB6AC6B-CE0B-51F3-9CF5-8E8990B75063}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{6E117830-1DA0-5138-B7CF-2DF7359EF696}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{721B0615-14A3-590E-B38E-4D5A278EC567}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{749129CB-92BE-5436-B9B9-13D87BA3E219}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{76C66B49-F3B6-5F42-9A52-D4F8C6BD5DFE}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{78CC60C3-B089-5704-8F63-5B3C057DB290}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{790264B4-8811-580F-9D6A-ED3201C26478}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{7FBBF721-A1E2-5094-94F1-CFB21DD61E39}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{80698AFB-83B6-5200-9DE1-5135D353A07E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{8561D682-65A0-5086-A14C-92820F1B03FB}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{881F602D-857C-5C46-8C68-D341DD3C1261}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{8FF994F0-D16F-56B4-A4DB-8DDED8BD4948}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{906D0AC3-E71A-5D3C-A4B8-B8F924ACF42E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{921E1E94-FEDA-59B6-B3BE-5E4FB413E7F0}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{94FE15B4-0C3A-5631-9662-2EB8CAEC25D5}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{994DA0D3-4782-58BA-A819-E4E4AF304228}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{9E9D3A0E-906A-5313-BC25-CDCD447945A8}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{A41AC1F9-D7F4-5028-889B-BA7C32E60ECC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{A8271BC4-E6E9-5387-8451-19A2CECCC91F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{A91BA766-63C6-552A-9CB4-DB661E35495F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{AB962E75-8930-53E6-840B-B385BA91D47D}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{B0AEDEAB-3B5B-58BB-BC5D-8B9D1662C476}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{B373C5E8-9261-5E04-B551-83A503D3FBA6}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{B712CFBC-F307-5A81-AF45-8441F50EBEE4}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{B713A0CF-B94F-5CAB-8417-502D29AA566B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{BEF48896-65E8-5D64-8A53-DEEF5C231584}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{C125116F-1CA1-5F6C-AA2A-F430749EFAF5}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{C26B807E-7765-58C5-A26A-ABC2B795261A}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{C613FFE5-8E32-540E-B977-758E9C575EB8}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{C781CE54-4BDB-57DB-A463-2FC75FF52B63}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{C823F6C9-3887-56AF-8B81-9274C40C518B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{CBE52E04-385C-5B50-AFA7-D66E482CA86C}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{CC738147-0C45-566D-A2CA-1141DF1082F9}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{CE51A103-DC33-5FBD-BBC1-A10FA6CB2936}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{D2387DAC-C057-54D8-9974-6E6824AD01BE}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{D6DAE916-B922-5E65-A847-A16F7C8BE295}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{DF5A63AC-5AFE-5D32-86E6-89140D5E530B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{E041A634-D7A5-5B68-B3E1-860869FFF747}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{E2BE3630-81E4-533E-893F-950019958144}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{E39E01C0-8C3F-54AC-8E7A-02E00FA130B7}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{E9A2B6DF-B866-545A-AB6B-AFFC14EE756F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{EBFCB744-DCA3-566E-93C6-5BD8E2B4AB24}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{EE883070-67EF-53AE-8545-6AE454B20A0B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{F1FAF7BF-33FA-5C47-89F2-6CCE50E8E217}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{F9AA72B2-CCAF-50F8-8EBF-AD2F39658867}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{F9DF2565-0A99-5598-8EA0-88D885DF0289}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{FDB52CF9-888D-5CB9-838C-F93DBDA4D0C1}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{FFBDB7F3-4A48-5E70-BEB7-0AB4F10EED0F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\CLSID\{FFF57569-1442-5408-8D46-D835FB78197E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.AccessibleContainer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Bing_Maps_XamlTypeInfo.XamlMetaDataProvider]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.CopyrightChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.CustomListView]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsContainerSelector]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package

fixnroxy 10.10.2016 08:43
Systemlook Part 2:

Code:
\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsPolylineRenderOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsPushpinRenderOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsRenderOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsUIEventManager]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.HintCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.ItineraryItemCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.ItineraryItemDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.ItineraryItemDetailsCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.LocationDisambiguationCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.NamesCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteLegCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteLegDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteLegDataTemplateSelector]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.SignCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.TransitLineCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.TransitRouteDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.WarningCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.Waypoint]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.WaypointCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LandmarkCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LandmarkTappedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Location]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LocationCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LocationRect]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LocationRectCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Map]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapAddress]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapAnimationDuration]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapAutomationPeer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapItemsControl]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapLayer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapMultiPoint]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapPolygon]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapPolyline]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShape]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShapeCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShapeLayer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShapeLayerCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapStyleChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapTileLayer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapTileLayerCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapUIElementCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.PanelBase]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Pushpin]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.PushpinAutomationPeer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.GeocodeLocationCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.GeocodePointCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.GeocodeRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.ReverseGeocodeRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TargetViewChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TileDownloadCompletedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TileServersAvailabilityChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Traffic.TrafficIncidentCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Traffic.TrafficIncidentPushpinOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Traffic.TrafficIncidentRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TransitRouteCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.ActiveFloorChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.ActiveVenueChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.FloorCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.NearbyVenueCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.NearbyVenueOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueByCountryCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueByCountryOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueCountryCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueEntityCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueFloorDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.ViewChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.ViewChangeEndedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.ViewChangeStartedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\App.AppXtgbnesgq7e4dcgaky0vdc0gmt369s0p9.mca]
"ExePath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Booking.Win8.exe"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\App.AppXtgbnesgq7e4dcgaky0vdc0gmt369s0p9.mca]
"AppUserModelId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\BackgroundTaskHost.1]
"AppUserModelId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\BackgroundTransferHost.1]
"AppUserModelId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Vendor"="Booking.com B.V."
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Icon"="@{4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr?ms-resource://4AE8B7C2.Booking.comPartnerEdition/Files/Assets/Logo.png}"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"DisplayName"="Booking.com Partner Edition"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Description"="Booking.com app"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Vendor"="Booking.com B.V."
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Icon"="@{4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr?ms-resource://4AE8B7C2.Booking.comPartnerEdition/Files/Assets/Logo.png}"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"DisplayName"="Booking.com Partner Edition"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Description"="Booking.com app"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119]
"DisplayName"="Booking.com Partner Edition"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119]
"Moniker"="4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"PackageRootFolder"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"DisplayName"="Booking.com Partner Edition"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"PackageID"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\PackageStateRoamingCollectionId]
"CollectionId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr-0"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\SplashScreen\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\SplashScreen\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App]
"Image"="@{4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr?ms-resource://4AE8B7C2.Booking.comPartnerEdition/Files/Assets/SplashScreen.png}"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\SplashScreen\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App]
"AppName"="Booking.com Partner Edition"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{01706005-2547-53AD-BE6E-86EF90D66D71}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{0695B180-7E31-5B0C-9D31-5EC3EA0617AC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{069C8447-E94E-5A1A-99C4-ED3B49DCDE76}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{0D9552AC-35E6-55A5-BD4C-61049D572B78}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{13E979C1-EB71-5BBC-AE91-6A0D4D1DA1AD}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{1C05408D-C1B4-5934-B59A-42EBF74906DC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{1D1093DF-DF12-5453-826E-71A5D271B20F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{1ED5B1A3-9105-54C4-9B6C-24257E0A483E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{1EE1A187-88B2-5404-A23D-B3F483BFF3DF}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{213522BB-7A4B-539E-95A7-B1C358DF2375}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{22EDA0F0-D149-5872-815D-E4530F70C0F0}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{272E895F-3BD7-56B7-ACC1-4D6426C1BB72}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{29186E85-6B47-5101-A86B-22CBD1A93E30}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{2C4251F9-770C-59BE-9932-C8819032DEEC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{2EFE3B62-9C82-56B8-8793-891FD6FC24F6}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{39412CE3-8DCA-5DF0-8F07-44F04045F85F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{41E9CDBF-33B6-5297-BD96-948D37103DC9}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{4770C928-1213-5ADD-822D-1689ED59599D}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{48B45A12-95F7-5729-A3F0-B31FE8953644}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{4D3B4B54-575B-5C9F-B9A3-6FEDF5F659FD}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{4DA36EFE-4CB4-5819-A096-233C6FBBC7AA}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{52A938E0-E9BA-51E6-8BCB-6CB0F78C936A}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{546BF0C3-5502-5062-9F94-DDEF390DFBA7}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{57C02438-A63F-5EA4-B59E-24A4A4A27ECD}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{5C4C37E8-53EA-5C79-BBB4-E35A3E525E3E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{620B87FD-9C95-574C-A086-CAE1E5A59A49}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{62128B40-579B-570D-A944-B13B1488F892}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{66372A23-8B9D-578F-82CF-380117E9EC0A}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{672F3741-32D2-569B-87CB-943C6D1B93A7}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{685F25DD-A032-51E5-A509-9640493E1757}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{6AB68C0A-FE40-5CE0-9494-BD376CFE2F0F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{6BB6AC6B-CE0B-51F3-9CF5-8E8990B75063}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{6E117830-1DA0-5138-B7CF-2DF7359EF696}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{721B0615-14A3-590E-B38E-4D5A278EC567}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{749129CB-92BE-5436-B9B9-13D87BA3E219}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{76C66B49-F3B6-5F42-9A52-D4F8C6BD5DFE}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{78CC60C3-B089-5704-8F63-5B3C057DB290}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{790264B4-8811-580F-9D6A-ED3201C26478}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{7FBBF721-A1E2-5094-94F1-CFB21DD61E39}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{80698AFB-83B6-5200-9DE1-5135D353A07E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{8561D682-65A0-5086-A14C-92820F1B03FB}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{881F602D-857C-5C46-8C68-D341DD3C1261}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{8FF994F0-D16F-56B4-A4DB-8DDED8BD4948}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{906D0AC3-E71A-5D3C-A4B8-B8F924ACF42E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{921E1E94-FEDA-59B6-B3BE-5E4FB413E7F0}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{94FE15B4-0C3A-5631-9662-2EB8CAEC25D5}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{994DA0D3-4782-58BA-A819-E4E4AF304228}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{9E9D3A0E-906A-5313-BC25-CDCD447945A8}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{A41AC1F9-D7F4-5028-889B-BA7C32E60ECC}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{A8271BC4-E6E9-5387-8451-19A2CECCC91F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{A91BA766-63C6-552A-9CB4-DB661E35495F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{AB962E75-8930-53E6-840B-B385BA91D47D}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{B0AEDEAB-3B5B-58BB-BC5D-8B9D1662C476}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{B373C5E8-9261-5E04-B551-83A503D3FBA6}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{B712CFBC-F307-5A81-AF45-8441F50EBEE4}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{B713A0CF-B94F-5CAB-8417-502D29AA566B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{BEF48896-65E8-5D64-8A53-DEEF5C231584}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{C125116F-1CA1-5F6C-AA2A-F430749EFAF5}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{C26B807E-7765-58C5-A26A-ABC2B795261A}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{C613FFE5-8E32-540E-B977-758E9C575EB8}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{C781CE54-4BDB-57DB-A463-2FC75FF52B63}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{C823F6C9-3887-56AF-8B81-9274C40C518B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{CBE52E04-385C-5B50-AFA7-D66E482CA86C}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{CC738147-0C45-566D-A2CA-1141DF1082F9}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{CE51A103-DC33-5FBD-BBC1-A10FA6CB2936}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{D2387DAC-C057-54D8-9974-6E6824AD01BE}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{D6DAE916-B922-5E65-A847-A16F7C8BE295}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{DF5A63AC-5AFE-5D32-86E6-89140D5E530B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{E041A634-D7A5-5B68-B3E1-860869FFF747}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{E2BE3630-81E4-533E-893F-950019958144}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{E39E01C0-8C3F-54AC-8E7A-02E00FA130B7}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{E9A2B6DF-B866-545A-AB6B-AFFC14EE756F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{EBFCB744-DCA3-566E-93C6-5BD8E2B4AB24}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{EE883070-67EF-53AE-8545-6AE454B20A0B}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{F1FAF7BF-33FA-5C47-89F2-6CCE50E8E217}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{F9AA72B2-CCAF-50F8-8EBF-AD2F39658867}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{F9DF2565-0A99-5598-8EA0-88D885DF0289}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{FDB52CF9-888D-5CB9-838C-F93DBDA4D0C1}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{FFBDB7F3-4A48-5E70-BEB7-0AB4F10EED0F}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\CLSID\{FFF57569-1442-5408-8D46-D835FB78197E}]
"PackageMoniker"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.AccessibleContainer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Bing_Maps_XamlTypeInfo.XamlMetaDataProvider]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.CopyrightChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.CustomListView]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsContainerSelector]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsPolylineRenderOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsPushpinRenderOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsRenderOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.DirectionsUIEventManager]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.HintCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.ItineraryItemCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.ItineraryItemDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.ItineraryItemDetailsCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.LocationDisambiguationCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.NamesCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteLegCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteLegDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.RouteLegDataTemplateSelector]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.SignCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.TransitLineCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.TransitRouteDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.WarningCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.Waypoint]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Directions.WaypointCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LandmarkCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LandmarkTappedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Location]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LocationCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LocationRect]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.LocationRectCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Map]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapAddress]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapAnimationDuration]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapAutomationPeer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapItemsControl]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapLayer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapMultiPoint]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapPolygon]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapPolyline]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShape]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShapeCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShapeLayer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapShapeLayerCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapStyleChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapTileLayer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapTileLayerCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.MapUIElementCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.PanelBase]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Pushpin]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.PushpinAutomationPeer]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.GeocodeLocationCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.GeocodePointCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.GeocodeRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Search.ReverseGeocodeRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TargetViewChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TileDownloadCompletedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TileServersAvailabilityChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Traffic.TrafficIncidentCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Traffic.TrafficIncidentPushpinOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.Traffic.TrafficIncidentRequestOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.TransitRouteCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.ActiveFloorChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.ActiveVenueChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.FloorCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.NearbyVenueCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.NearbyVenueOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueByCountryCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueByCountryOptions]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueCountryCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueEntityCollection]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.VenueMaps.VenueFloorDataSource]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.ViewChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.ViewChangeEndedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\Bing.Maps.ViewChangeStartedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Bing.Maps.dll"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\App.AppXtgbnesgq7e4dcgaky0vdc0gmt369s0p9.mca]
"ExePath"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Booking.Win8.exe"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\App.AppXtgbnesgq7e4dcgaky0vdc0gmt369s0p9.mca]
"AppUserModelId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\BackgroundTaskHost.1]
"AppUserModelId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\ActivatableClasses\Package\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\Server\BackgroundTransferHost.1]
"AppUserModelId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Vendor"="Booking.com B.V."
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Icon"="@{4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr?ms-resource://4AE8B7C2.Booking.comPartnerEdition/Files/Assets/Logo.png}"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"DisplayName"="Booking.com Partner Edition"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Launch\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Description"="Booking.com app"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Vendor"="Booking.com B.V."
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Icon"="@{4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr?ms-resource://4AE8B7C2.Booking.comPartnerEdition/Files/Assets/Logo.png}"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"DisplayName"="Booking.com Partner Edition"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Extensions\ContractId\Windows.Search\PackageId\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr\ActivatableClassId\App]
"Description"="Booking.com app"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119]
"DisplayName"="Booking.com Partner Edition"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3603161430-22834996-3441587854-3482399141-2862079816-728053727-3160867119]
"Moniker"="4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\4ae8b7c2.booking.compartneredition_6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"PackageRootFolder"="C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"DisplayName"="Booking.com Partner Edition"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr]
"PackageID"="4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\PackageStateRoamingCollectionId]
"CollectionId"="4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr-0"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\SplashScreen\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App]
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\SplashScreen\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App]
"Image"="@{4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr?ms-resource://4AE8B7C2.Booking.comPartnerEdition/Files/Assets/SplashScreen.png}"
[HKEY_USERS\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\SplashScreen\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr!App]
"AppName"="Booking.com Partner Edition"

Searching for "Pokki"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]
"SBOEM2"="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk"

-= EOF =-

fixnroxy 10.10.2016 08:45
Fixlog:
Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 09-10-2016
durchgeführt von Roxy (10-10-2016 08:10:39) Run:1
Gestartet von C:\Users\Roxy\Desktop
Geladene Profile: Roxy (Verfügbare Profile: Roxy)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Tcpip\..\Interfaces\{FE0DF54E-1611-4112-8F86-8D9005389837}: [DhcpNameServer] 40.32.1.67 40.32.1.67
C:\Users\Roxy\AppData\Local\Google\Chrome
FF Homepage: Mozilla\Firefox\Profiles\37u48bk9.default -> about:home
Task: {8801C100-9FA8-48D3-99A6-C7436C1A0183} - System32\Tasks\{3FA4E014-1866-4471-8784-4CE5FDD42245} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe"
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE0DF54E-1611-4112-8F86-8D9005389837}\\DhcpNameServer => Wert erfolgreich entfernt
"C:\Users\Roxy\AppData\Local\Google\Chrome" => nicht gefunden.
Firefox "homepage" erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8801C100-9FA8-48D3-99A6-C7436C1A0183}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8801C100-9FA8-48D3-99A6-C7436C1A0183}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{3FA4E014-1866-4471-8784-4CE5FDD42245} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FA4E014-1866-4471-8784-4CE5FDD42245}" => Schlüssel erfolgreich entfernt
C:\ProgramData\Temp => ":5C321E34" ADS erfolgreich entfernt.

========= dir "%ProgramFiles%" =========

 Datentr„ger in Laufwerk C: ist Acer
 Volumeseriennummer: FA36-F13B

 Verzeichnis von C:\Program Files

09.10.2016  14:49    <DIR>          .
09.10.2016  14:49    <DIR>          ..
09.10.2016  14:45    <DIR>          7-Zip
18.10.2014  04:20    <DIR>          Accessory Store
10.08.2014  03:12    <DIR>          Acer
25.03.2016  16:39    <DIR>          Bonjour
20.11.2014  22:12    <DIR>          Common Files
03.11.2014  01:05    <DIR>          HP
10.08.2014  02:43    <DIR>          Intel
26.09.2016  13:09    <DIR>          Internet Explorer
06.06.2016  20:27    <DIR>          iPod
06.06.2016  20:27    <DIR>          iTunes
10.08.2014  03:02    <DIR>          LoveFilm
21.11.2014  00:58    <DIR>          McAfee
20.10.2014  17:37    <DIR>          Microsoft Office
24.09.2016  17:30    <DIR>          Microsoft Silverlight
11.06.2014  11:50    <DIR>          MSBuild
10.08.2014  02:40    <DIR>          NVIDIA Corporation
10.08.2014  02:38    <DIR>          Realtek
11.06.2014  11:50    <DIR>          Reference Assemblies
16.08.2015  20:47    <DIR>          Windows Defender
13.03.2015  14:11    <DIR>          Windows Mail
13.03.2015  14:11    <DIR>          Windows Media Player
13.03.2015  14:11    <DIR>          Windows Multimedia Platform
18.10.2014  02:36    <DIR>          Windows NT
13.03.2015  14:11    <DIR>          Windows Photo Viewer
13.03.2015  14:11    <DIR>          Windows Portable Devices
13.03.2015  14:08    <DIR>          WindowsPowerShell
              0 Datei(en),              0 Bytes
              28 Verzeichnis(se), 804.898.250.752 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Datentr„ger in Laufwerk C: ist Acer
 Volumeseriennummer: FA36-F13B

 Verzeichnis von C:\Program Files (x86)

09.10.2016  14:56    <DIR>          .
09.10.2016  14:56    <DIR>          ..
21.11.2014  19:23    <DIR>          Acer
11.06.2014  12:15    <DIR>          Adobe
10.08.2014  02:40    <DIR>          AGEIA Technologies
25.03.2016  16:41    <DIR>          Apple Software Update
28.05.2016  13:43    <DIR>          Avira
25.03.2016  16:39    <DIR>          Bonjour
23.10.2015  19:44    <DIR>          Common Files
10.08.2014  03:11    <DIR>          CyberLink
09.10.2016  10:45    <DIR>          Dropbox
16.03.2016  18:11    <DIR>          HP
10.08.2014  02:43    <DIR>          Intel
26.09.2016  13:09    <DIR>          Internet Explorer
06.06.2016  20:27    <DIR>          iTunes
09.10.2016  14:56    <DIR>          Malwarebytes Anti-Malware
03.11.2014  01:07    <DIR>          Microsoft
20.10.2014  17:37    <DIR>          Microsoft Analysis Services
20.10.2014  17:39    <DIR>          Microsoft Office
24.09.2016  17:30    <DIR>          Microsoft Silverlight
20.10.2014  17:39    <DIR>          Microsoft SQL Server
28.10.2014  10:20    <DIR>          Microsoft.NET
16.08.2015  20:49    <DIR>          Mozilla Firefox
16.08.2015  20:49    <DIR>          Mozilla Maintenance Service
11.06.2014  11:50    <DIR>          MSBuild
11.06.2014  12:14    <DIR>          Nero
10.08.2014  02:40    <DIR>          NVIDIA Corporation
30.11.2014  18:31    <DIR>          OpenOffice 4
10.08.2014  02:52    <DIR>          Qualcomm Atheros
10.08.2014  02:43    <DIR>          Realtek
11.06.2014  11:50    <DIR>          Reference Assemblies
23.10.2015  19:44    <DIR>          Skype
10.08.2014  03:07    <DIR>          Spotify
05.12.2014  13:10    <DIR>          SpywareBlaster
05.12.2014  13:00    <DIR>          VS Revo Group
21.11.2014  08:59    <DIR>          WildTangent Games
16.08.2015  20:47    <DIR>          Windows Defender
13.03.2015  14:08    <DIR>          Windows Mail
13.03.2015  14:08    <DIR>          Windows Media Player
13.03.2015  14:08    <DIR>          Windows Multimedia Platform
22.08.2013  17:36    <DIR>          Windows NT
13.03.2015  14:08    <DIR>          Windows Photo Viewer
13.03.2015  14:08    <DIR>          Windows Portable Devices
22.08.2013  17:36    <DIR>          WindowsPowerShell
              0 Datei(en),              0 Bytes
              44 Verzeichnis(se), 804.898.254.848 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramData%" =========

 Datentr„ger in Laufwerk C: ist Acer
 Volumeseriennummer: FA36-F13B

 Verzeichnis von C:\ProgramData

10.08.2014  03:13    <DIR>          Acer
14.11.2014  08:20    <DIR>          Adobe
03.11.2014  01:05                57 Ament.ini
11.11.2014  23:12    <DIR>          Apple
11.11.2014  23:13    <DIR>          Apple Computer
10.08.2014  02:57    <DIR>          Atheros
28.05.2016  13:43    <DIR>          Avira
10.08.2014  03:12    <DIR>          CLSK
13.05.2016  21:16    <DIR>          CyberLink
13.06.2016  21:38    <DIR>          Dropbox
25.03.2016  16:44    <DIR>          E1864A66-75E3-486a-BD95-D1B7D99A84A7
20.06.2016  07:51    <DIR>          HP
10.08.2014  03:12    <DIR>          install_clap
11.06.2014  12:03    <DIR>          Intel
05.12.2014  13:09    <DIR>          Licenses
24.11.2014  13:00    <DIR>          Malwarebytes
21.11.2014  01:02    <DIR>          McAfee
24.09.2016  17:33    <DIR>          Microsoft Help
18.10.2014  04:34    <DIR>          Mozilla
11.06.2014  12:14    <DIR>          Nero
10.08.2014  02:40    <DIR>          NVIDIA
10.08.2014  02:40    <DIR>          NVIDIA Corporation
18.10.2014  20:12    <DIR>          OEM
18.10.2014  04:21    <DIR>          OEM_YAHOO
24.09.2016  18:42    <DIR>          Package Cache
10.08.2014  02:49    <DIR>          Qualcomm Atheros
13.03.2015  14:08    <DIR>          regid.1991-06.com.microsoft
23.10.2015  19:47    <DIR>          Skype
05.12.2014  13:10    <DIR>          Temp
03.11.2014  01:07    <DIR>          Visan
21.11.2014  08:59    <DIR>          WildTangent
              1 Datei(en),            57 Bytes
              30 Verzeichnis(se), 804.898.250.752 Bytes frei

========= Ende von CMD: =========


========= dir "%Appdata%" =========

 Datentr„ger in Laufwerk C: ist Acer
 Volumeseriennummer: FA36-F13B

 Verzeichnis von C:\Users\Roxy\AppData\Roaming

13.06.2016  21:39    <DIR>          .
13.06.2016  21:39    <DIR>          ..
23.10.2014  19:21    <DIR>          Adobe
16.11.2014  13:58    <DIR>          Apple Computer
18.10.2014  04:21    <DIR>          Atheros
01.04.2015  12:12    <DIR>          Avira
20.11.2014  12:19    <DIR>          CyberLink
13.06.2016  21:39    <DIR>          Dropbox
10.11.2014  16:44    <DIR>          HpUpdate
13.03.2015  14:42    <DIR>          Identities
18.10.2014  04:33    <DIR>          Macromedia
18.10.2014  04:35    <DIR>          Mozilla
24.11.2014  16:42    <DIR>          OpenOffice
07.11.2015  21:00    <DIR>          Skype
28.09.2016  11:21    <DIR>          Spotify
21.11.2014  08:59    <DIR>          WildTangent
20.10.2014  17:51    <DIR>          WinRAR
              0 Datei(en),              0 Bytes
              17 Verzeichnis(se), 804.898.250.752 Bytes frei

========= Ende von CMD: =========


========= dir "%LocalAppdata%" =========

 Datentr„ger in Laufwerk C: ist Acer
 Volumeseriennummer: FA36-F13B

 Verzeichnis von C:\Users\Roxy\AppData\Local

09.10.2016  17:44    <DIR>          .
09.10.2016  17:44    <DIR>          ..
18.10.2014  20:11    <DIR>          Acer
18.10.2014  20:13    <DIR>          Acer Aspire R7 Tutorial
14.06.2015  11:37    <DIR>          Adobe
18.10.2014  04:24    <DIR>          AOP SDK
11.11.2014  23:12    <DIR>          Apple
11.11.2014  23:14    <DIR>          Apple Computer
10.08.2015  07:10    <DIR>          CEF
21.11.2014  19:22    <DIR>          clear.fi
10.10.2016  08:08    <DIR>          CrashDumps
20.11.2014  12:17    <DIR>          CyberLink
07.01.2015  17:03    <DIR>          Diagnostics
04.10.2016  15:46    <DIR>          Dropbox
01.09.2015  11:13    <DIR>          ElevatedDiagnostics
03.11.2014  01:08    <DIR>          HP
18.10.2014  20:03    <DIR>          iGware
19.10.2014  12:42    <DIR>          Macromedia
27.01.2015  13:16    <DIR>          MediaShow
20.06.2016  07:56    <DIR>          Microsoft
22.11.2014  18:57    <DIR>          Microsoft Help
18.10.2014  04:35    <DIR>          Mozilla
18.10.2014  04:21    <DIR>          NVIDIA
14.08.2016  11:02    <DIR>          Packages
20.11.2014  12:09    <DIR>          Programs
23.10.2015  19:45    <DIR>          Skype
28.09.2016  11:51    <DIR>          Spotify
10.10.2016  08:10    <DIR>          Temp
04.11.2014  15:08    <DIR>          VirtualStore
              0 Datei(en),              0 Bytes
              29 Verzeichnis(se), 804.898.246.656 Bytes frei

========= Ende von CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24409810 B
Java, Flash, Steam htmlcache => 26153 B
Windows/system/drivers => 675450626 B
Edge => 0 B
Chrome => 0 B
Firefox => 401104438 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 94514 B
systemprofile32 => 128 B
LocalService => 14528228 B
NetworkService => 16342 B
Roxy => 1929707752 B

RecycleBin => 1068115637 B
EmptyTemp: => 3.8 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 08:12:04 ====
FRST:

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 09-10-2016
durchgeführt von Roxy (Administrator) auf ROXYSPC (10-10-2016 09:27:03)
Gestartet von C:\Users\Roxy\Desktop
Geladene Profile: Roxy (Verfügbare Profile: Roxy)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-03-26] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [830064 2016-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25243040 2016-10-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\Run: [Spotify Web Helper] => C:\Users\Roxy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-25] (Spotify Ltd)
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\Run: [Spotify] => C:\Users\Roxy\AppData\Roaming\Spotify\Spotify.exe [6795376 2016-09-25] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
Startup: C:\Users\Roxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk [2016-10-10]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{78E2F4C8-CE86-4774-A03A-38E6EDA6EAB1}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default [2016-10-10]
FF Extension: (download addon) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{9b47e9a8-33da-4702-afb4-0629faf221a1}.xpi [2016-05-20] [ist nicht signiert]
FF Extension: (MPEG4 Notifier Pro) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{b2d8897b-71d4-4297-8a2a-4623c6685124}.xpi [2015-12-27] [ist nicht signiert]
FF Extension: (Adblock Plus) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [989696 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1454720 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-13] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-10-06] (Windows (R) Win 7 DDK provider)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1616160 2014-03-26] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-28] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [111336 2014-04-28] (GenesysLogic)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-20] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-10-10 09:27 - 2016-10-10 09:27 - 00021956 _____ C:\Users\Roxy\Desktop\FRST.txt
2016-10-10 09:19 - 2016-10-10 09:23 - 00316118 _____ C:\Users\Roxy\Desktop\SystemLook.txt
2016-10-10 09:18 - 2016-10-10 09:18 - 00165376 _____ C:\Users\Roxy\Desktop\SystemLook_x64.exe
2016-10-10 08:10 - 2016-10-10 08:12 - 00012633 _____ C:\Users\Roxy\Desktop\Fixlog.txt
2016-10-10 08:10 - 2016-10-10 08:10 - 00000000 ____D C:\Users\Roxy\Desktop\FRST-OlderVersion
2016-10-09 17:55 - 2016-10-09 17:55 - 01631928 _____ (Malwarebytes) C:\Users\Roxy\Desktop\JRT.exe
2016-10-09 14:56 - 2016-10-09 18:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-09 14:56 - 2016-10-09 14:56 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-09 14:56 - 2016-10-09 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-09 14:56 - 2016-10-09 14:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-09 14:56 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-09 14:56 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-09 14:56 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-09 14:54 - 2016-10-09 14:55 - 22851472 _____ (Malwarebytes ) C:\Users\Roxy\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-09 14:46 - 2016-10-09 14:50 - 00000000 ____D C:\AdwCleaner
2016-10-09 14:45 - 2016-10-09 14:46 - 00000000 ____D C:\Users\Roxy\Desktop\AdwCleaner_6.021.exe
2016-10-09 14:45 - 2016-10-09 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-09 14:45 - 2016-10-09 14:45 - 00000000 ____D C:\Program Files\7-Zip
2016-10-09 14:41 - 2016-10-09 14:41 - 03874368 _____ C:\Users\Roxy\Desktop\AdwCleaner_6.021.exe.part
2016-10-09 10:44 - 2016-10-09 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-09 10:08 - 2016-10-10 09:27 - 00000000 ____D C:\FRST
2016-10-09 10:07 - 2016-10-10 08:10 - 02407424 _____ (Farbar) C:\Users\Roxy\Desktop\FRST64.exe
2016-10-06 23:06 - 2016-10-06 23:06 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe
2016-10-06 23:00 - 2016-10-06 23:00 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-06 23:00 - 2016-10-06 23:00 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-06 23:00 - 2016-10-06 23:00 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-04 18:18 - 2016-10-04 18:18 - 01764426 _____ C:\Users\Roxy\Documents\Timos Praktikumsbescheinigungen.pdf
2016-09-24 18:42 - 2016-09-24 18:42 - 00001118 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-09-14 09:48 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 09:48 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 09:48 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 09:48 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-14 09:48 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 09:48 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 09:48 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 09:48 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 09:48 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 09:48 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 09:48 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 09:48 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 09:48 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 09:48 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 09:48 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 09:48 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 09:48 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 09:48 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 09:48 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 09:48 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 09:48 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 09:48 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 09:48 - 2016-08-26 06:41 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-09-14 09:48 - 2016-08-26 06:00 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-09-14 09:48 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-14 09:48 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 09:48 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 09:48 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-14 09:48 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 09:48 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-14 09:48 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-14 09:48 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 09:48 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 09:48 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 09:48 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 09:48 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 09:46 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 09:46 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 09:46 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 09:46 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 09:46 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 09:46 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 09:46 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 09:46 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 09:46 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 09:46 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 09:46 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 09:46 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 09:46 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 09:46 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 09:46 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 09:46 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 09:46 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-14 09:46 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 09:46 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-14 09:46 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 09:46 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-14 09:46 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-14 09:46 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-09-14 09:46 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-09-14 09:46 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-14 09:46 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-14 09:46 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-14 09:46 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-09-14 09:46 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2016-09-14 09:46 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-14 09:46 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2016-09-14 09:46 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-09-14 09:46 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-09-14 09:46 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-09-14 09:46 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-09-14 09:46 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-09-14 09:46 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-14 09:46 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-09-14 09:46 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2016-09-14 09:46 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-14 09:46 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-09-14 09:46 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-09-14 09:46 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2016-09-14 09:46 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-09-14 09:46 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-09-14 09:46 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-14 09:46 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2016-09-14 09:46 - 2016-07-04 05:37 - 02897920 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-09-14 09:46 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-09-14 09:46 - 2016-07-04 05:04 - 02539008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-09-14 09:46 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-09-14 09:46 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-14 09:46 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2016-09-14 09:46 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2016-09-14 09:46 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-10-10 09:15 - 2016-06-13 21:38 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-10 09:15 - 2014-11-03 01:30 - 00050176 ___SH C:\Users\Roxy\Desktop\Thumbs.db
2016-10-10 09:15 - 2014-10-23 20:40 - 00000000 ____D C:\Users\Roxy\OneDrive
2016-10-10 08:38 - 2014-10-19 12:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-10 08:17 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-10 08:13 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-10 08:08 - 2014-10-18 05:18 - 00000000 ____D C:\Users\Roxy\AppData\Local\CrashDumps
2016-10-09 18:44 - 2016-06-13 21:38 - 00001226 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-09 17:43 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-10-09 15:22 - 2014-10-18 04:26 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1070502710-3685973896-1333799553-1001
2016-10-09 10:45 - 2016-06-13 21:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-09 09:57 - 2014-10-18 04:19 - 00000000 ____D C:\Users\Roxy
2016-10-04 15:46 - 2016-06-13 21:38 - 00000000 ____D C:\Users\Roxy\AppData\Local\Dropbox
2016-09-28 11:51 - 2014-10-18 14:22 - 00000000 ____D C:\Users\Roxy\AppData\Local\Spotify
2016-09-28 11:21 - 2014-10-18 14:22 - 00000000 ____D C:\Users\Roxy\AppData\Roaming\Spotify
2016-09-28 09:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-09-26 13:24 - 2014-08-10 12:04 - 00765582 _____ C:\Windows\system32\perfh007.dat
2016-09-26 13:24 - 2014-08-10 12:04 - 00159366 _____ C:\Windows\system32\perfc007.dat
2016-09-26 13:24 - 2014-03-18 12:03 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-26 13:19 - 2013-08-22 16:44 - 00492368 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-26 13:09 - 2014-03-18 11:45 - 00000000 ____D C:\Windows\ShellNew
2016-09-26 13:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-26 13:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup
2016-09-25 09:12 - 2014-10-23 19:32 - 00000000 ____D C:\Windows\system32\MRT
2016-09-25 09:07 - 2014-10-23 19:32 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-25 09:06 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-24 18:42 - 2016-05-28 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-24 18:42 - 2016-01-15 19:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-24 17:33 - 2014-10-20 17:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-09-24 17:33 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-24 17:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-24 17:31 - 2014-11-14 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-24 17:30 - 2014-11-14 11:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-24 17:30 - 2014-11-14 11:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-24 17:22 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini
2016-09-13 10:38 - 2014-10-19 12:42 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 10:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 10:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-03 01:05 - 2014-11-03 01:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-10 02:38 - 2014-08-10 02:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Roxy\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-10-09 10:23

==================== Ende von FRST.txt ============================
Addition:

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 09-10-2016
durchgeführt von Roxy (10-10-2016 09:27:58)
Gestartet von C:\Users\Roxy\Desktop
Windows 8.1 (Update) (X64) (2014-10-18 02:19:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1070502710-3685973896-1333799553-500 - Administrator - Disabled)
Gast (S-1-5-21-1070502710-3685973896-1333799553-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1070502710-3685973896-1333799553-1003 - Limited - Enabled)
Roxy (S-1-5-21-1070502710-3685973896-1333799553-1001 - Administrator - Enabled) => C:\Users\Roxy

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2011.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.02.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 11.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.43.1 - Dropbox, Inc.) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.1 - Genesys Logic)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 de)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Grafiktreiber 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{FD1F398D-BD56-43E6-8E58-707857AC9A8C}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4D388B3-8FB2-4633-A58E-285108713FB1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{C4D388B3-8FB2-4633-A58E-285108713FB1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{C4D388B3-8FB2-4633-A58E-285108713FB1}) (Version:  - Microsoft)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0692C379-F47D-4B8A-803F-21AA3547BCD1} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1449BDB3-BFEB-4269-95FE-B2221D1CAE32} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {1BDD1304-A5D0-49B6-AC76-9ECBABCEE7C5} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {1EA3EFD4-E3E4-460C-93E4-BCD43CA078F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {35276026-680D-49BF-94B1-91098B6A18F2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-10-20] (Acer)
Task: {5AFF5723-57A8-447B-8656-E823AB4AE77F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6324612D-0EBE-4267-8926-62F4C7224B57} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6DD03667-4424-4D20-89CA-296485F9DFB3} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {7E801D45-EFE3-43EA-85FE-D0B74C1A914D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-13] (Dropbox, Inc.)
Task: {90D13726-8046-4D26-BFAE-E5AA13D112F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {947737E2-3C56-4848-9F3F-9AD62866346C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-09-25] (Microsoft Corporation)
Task: {9E6AA8C1-5B95-49E3-89CD-A50F9A3B1280} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {A32B245C-FEC7-4384-8DB3-D6E40B69635C} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {B7A6152F-B8A2-4387-B50E-4EE471DDB453} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-13] (Dropbox, Inc.)
Task: {BDD7E3DA-F247-47E7-801E-AE69337BBED2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {BFB4F2D7-7222-436E-B11F-5DE8E33A0A26} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {EA3F60A6-5B32-4A75-86CE-D56BDC807B51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-08-10 02:40 - 2014-03-24 14:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-10 03:06 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-06-11 12:38 - 2014-03-07 18:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2014-08-10 02:42 - 2013-12-10 01:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-06-13 21:40 - 2016-09-09 02:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-09 10:44 - 2016-09-09 02:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-09 10:44 - 2016-09-09 02:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-09 10:44 - 2016-09-09 02:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-06-13 21:40 - 2016-09-09 02:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-06-13 21:40 - 2016-09-09 02:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-06-13 21:40 - 2016-10-06 23:06 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-06-13 21:40 - 2016-09-09 02:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-06-13 21:40 - 2016-09-09 02:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-07 09:45 - 2016-10-06 23:06 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-09 10:44 - 2016-09-09 02:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-09 10:44 - 2016-09-09 02:55 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-06-13 21:40 - 2016-10-06 23:06 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-07 09:45 - 2016-10-06 23:06 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-07 09:45 - 2016-09-09 02:54 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-06-13 21:40 - 2016-10-06 23:06 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-13 21:40 - 2016-10-06 23:06 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-13 21:40 - 2016-10-06 23:06 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-06-13 21:40 - 2016-10-06 23:06 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-06-13 21:40 - 2016-09-09 02:55 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-06-13 21:40 - 2016-10-06 23:06 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-09 10:44 - 2016-09-09 02:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-09 10:44 - 2016-10-06 23:06 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-09 10:44 - 2016-10-06 23:06 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-06-13 21:40 - 2016-09-09 02:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-09 10:44 - 2016-10-06 23:06 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-07 09:45 - 2016-10-06 23:06 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-09 10:44 - 2016-09-09 02:58 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-09 10:44 - 2016-09-09 02:58 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-06-13 21:40 - 2016-09-09 02:55 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-07 09:45 - 2016-10-06 23:06 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1001movie.com -> 1001movie.com

Da befinden sich 6088 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roxy\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\StartupApproved\Run: => "Spotify"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{262A5919-E5B1-439A-AE72-E366750707DE}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8DB348F3-0F77-40F7-831C-DD9B40C8A373}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{176DC937-4EA3-4B99-B17F-DA742CDCD1D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F36F0F28-E934-4DF0-A51E-01E2DB22A1B5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{581A077E-73E5-4466-92EF-7D6359AF57A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6A597CE8-A790-4257-8273-A04AC4420219}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A2EFA8C6-C694-473E-9491-B44DE5213B23}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0F9A8ECB-B678-4362-B3F9-717EBA6B7DC5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4D4CA22B-D9EA-44CE-B80D-43CD79E67EA8}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E2713E33-268C-4151-AF82-ADA9D351C250}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C6A8F975-0FBC-4384-9746-AA04805A34DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1FC16DB7-9DE2-4A55-A774-FCBCBF5704EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{03ACCB66-0763-48CE-A62D-7DBF4673236B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{38BA2756-3C73-4E7B-8702-9492CA1B905A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CC6EDDED-6751-4E7D-912F-15E681E00D3C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{5B90DBDF-079A-4EE7-9080-6A0024F814F6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4047CBF4-0461-4A19-B7B9-473E83324E13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{B52D4761-364E-4432-9803-23A31E5EAD89}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{5C1804D8-B391-4913-858F-D818370EE067}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B26C685E-76CC-40F4-888B-9FFA00923F7E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{DD9252DB-BFBB-41F0-9835-BF47EF84DA48}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2761BEA5-C893-4C48-A003-80F228D10F87}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{D8345E48-337D-4292-BEC6-9C72BF4B97A4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{298FC49D-C29F-4FC0-8278-DC405A132B06}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{15B4884B-2726-4031-A46A-4C973D18BAA3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{273CCA38-DE11-44B5-B287-03976E2772D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{5D1EEA64-0A66-4046-9689-D69E3527F967}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{D82516AC-9A85-4C3D-97E9-8503946E2199}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{22D36947-5429-4B34-86CB-2BCD9B2BAD97}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CCBB9D5F-559F-4959-A93B-922824D415AA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{94520434-6D52-4E3C-BD89-A2078A0E7B13}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{58904A97-66B9-47EE-8842-41B3E66B2176}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{B381C194-2EEC-4716-8517-7219857290CA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{32A24B8F-FD29-40E1-986A-76BBCCCA2152}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{33CCFA5E-C9DF-49A2-9BBD-C7723BFA64BB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{98980662-79D5-4529-A44C-070FD6916C1F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{8E99541D-5854-4A9C-95FF-5DCFFF22ABFE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{EBC3588A-E803-407A-BFFD-6DE4968259FB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{963DD381-8C9B-4D5C-A1DB-35AF7A07DCE0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{F0710F71-DD80-4EA0-8C0F-093B1EA961CF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{69633FC3-4210-4572-88C7-E0EBBBC80097}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52F2B8C8-7852-4B5D-8C48-39F26B15043B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B800E3D0-681D-467C-948A-EC7D37711F0D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{322E9C96-5D7F-4AF4-8715-D3FA53F06886}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5EC85835-2CD9-4D65-85FB-706790E77CA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8358D37E-06DB-4062-8E52-B1A4C073A8F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{42CA62FC-AD76-4B10-A5D7-24AE7E1D00C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{FF455CA0-3F78-4F4E-9BFA-19A1E3FAC727}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{51607E45-6433-4067-8288-13519718F3A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{88C317C8-A00B-4670-B5A2-8FC40AA09BCF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AB264847-8CB5-4B76-A24B-5B544ED373D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAFF0F56-590D-4E6D-908B-954003B994AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{17A23AC7-B83F-411B-8CCA-6580D17930A3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{938818FC-757D-49D0-8714-6E0BE1581E4E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4BD65EC9-FEEA-459C-947D-13E61F014592}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{81D11DDC-BE74-4E71-ABFC-EEBFDCFD8D74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{37970989-CF7B-48AC-93F5-F2E2C8D68D0F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4EA1A20F-A346-4DC9-9E0A-CCB75328070E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{695CDC50-67C1-45EB-B2B4-F36B2D50257F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{1C2A9B3F-4859-4277-A686-C117513433D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C4EE6440-1ACD-4CB6-AE53-5AEEF1D27F40}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C52B29D9-8A9E-4985-A9B9-ED8B3535C2FD}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\KMSpico\cert\debitis.exe
FirewallRules: [{887147C1-85E2-481F-B92B-8DA23D41CBE4}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\KMSpico\cert\debitis.exe
FirewallRules: [{C46E1036-DE01-4FA9-9A4D-E41273BFE964}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A607DA1E-9D91-4877-ADC1-71A2C13DA59F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5CC78DF6-495F-4EF6-94F3-1CE2602BF82E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E95CA1A3-AE2F-4099-918D-C06A01FEED17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EAD0EA01-3702-4435-ACB4-ED321DA2363F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A2F47C1E-B27C-4962-84FD-65459DEF816B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EDD4331B-ADA4-4E12-9E4B-DAAA49ED8C91}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6399CDA0-C791-4570-9A6D-4688A518DE6D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{51E2B8CA-81B4-4F4F-AF44-0AAA8A97708E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9A662479-EBE1-458F-9317-A7194F7E590F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0367D0EA-8AD5-4078-B43A-7D93278AB631}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{16A9C186-7686-4359-A6CF-CB57FFF3AD11}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{108787A8-2FF8-4559-B339-5A59DE99A96C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D951D056-3A3C-4987-A28C-85B7D049240D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E3E2D011-FD44-4DDF-A350-9D880D84C349}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{85B4DF10-F55C-4B7A-AA99-D7AC157DBFA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{886233B0-E99A-4CFD-B81D-A7B19ED86D03}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{FA3C1BE3-B4D2-491F-B60D-AACE0FE49E47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51BBA38A-37BB-4815-837A-ABADFF96A093}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3C7DFB03-8832-4472-8637-57C2CB483590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F182CA9-3870-47DB-A618-24313042D505}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{3BF35386-4C19-4931-BCF8-A6B9033206D1}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{12E124B5-BE0D-4BCE-A8EC-D06B232D75BF}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3D56511A-995C-46D1-8F0A-FD979942C289}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C63CE034-8D28-4797-9996-90461D7CCB2C}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A63D8471-0E2F-4102-A68F-7E256BB86DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{97A0D091-A12B-4A56-91FE-C53ED0879A9A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{044382D6-D437-4EDA-B39B-7BACC2659802}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B39E7A3A-DFC3-436F-8637-26E37DC21D45}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{53941CC1-1715-4A90-981E-FDADC0F4D6C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D4E632F-0623-4421-9DA7-7F9BA6D5EA9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{70E42BA7-7F72-4DFB-9B80-3CBA313916A7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0B7FCD43-62CA-498A-872D-3637693BB89C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{00CF513D-1CFE-4400-9EE4-929C403D2C79}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{59C13D73-D934-49BB-A0BF-3F9AF376DC05}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A1C4746C-05E8-4B79-A532-530ED2F56F16}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS13D2\HPDiagnosticCoreUI.exe
FirewallRules: [{C6687C5B-C00C-4269-B377-DE8DF59EF106}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS13D2\HPDiagnosticCoreUI.exe
FirewallRules: [{D5DDFAAE-A217-40BB-AF64-320243A85828}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB768125-0ED7-4818-A61D-DD5DF6CF681C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC3B5FC8-4E5F-416A-8406-661B1F8C4511}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1615A1CF-F2BA-490D-8A01-ADBB4C48B527}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C2E297C8-D7F8-4288-99D9-0A581D4EBFC2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B312E4CE-E931-4D20-8234-1F589D5A8FA2}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS05B0\HPDiagnosticCoreUI.exe
FirewallRules: [{72F52E84-1FDF-4816-AB37-464EDFD13ABA}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS05B0\HPDiagnosticCoreUI.exe
FirewallRules: [{6AA45DCF-355E-42EA-85A9-296F2DA71D47}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS0695\HPDiagnosticCoreUI.exe
FirewallRules: [{F023493D-EC6E-41E4-9230-95BED396B879}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS0695\HPDiagnosticCoreUI.exe
FirewallRules: [{8C3C73C8-BD19-4664-8FDF-3F383E4C347C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Wiederherstellungspunkte =========================

04-10-2016 15:55:54 Geplanter Prüfpunkt
09-10-2016 17:57:01 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/10/2016 08:08:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0x124
Startzeit der fehlerhaften Anwendung: 0x01d222bc8bfd54e3
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: e515b049-8eaf-11e6-82c9-c45444b9ba5e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/10/2016 08:08:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei updater.Report.AddFPToResult(updater.Result)
  bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
  bei updater.DownloadMgr.DownloadFile(System.String, System.String)
  bei updater.DownloadMgr.Worker(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (10/09/2016 09:44:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11062

Error: (10/09/2016 09:44:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11062

Error: (10/09/2016 09:44:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/09/2016 05:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0xba4
Startzeit der fehlerhaften Anwendung: 0x01d222461eb7c808
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 5f659691-8e39-11e6-82c9-c45444b9ba5e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/09/2016 05:59:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei updater.Report.AddFPToResult(updater.Result)
  bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
  bei updater.DownloadMgr.DownloadFile(System.String, System.String)
  bei updater.DownloadMgr.Worker(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (10/09/2016 03:23:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (10/09/2016 03:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0x1e40
Startzeit der fehlerhaften Anwendung: 0x01d2222e164b19d9
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 459615d5-8e22-11e6-82c8-c45444b9ba5e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/09/2016 03:14:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei updater.Report.AddFPToResult(updater.Result)
  bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
  bei updater.DownloadMgr.DownloadFile(System.String, System.String)
  bei updater.DownloadMgr.Worker(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()


Systemfehler:
=============
Error: (10/10/2016 08:17:04 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (10/10/2016 08:17:23 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎10.‎10.‎2016 um 08:13:26 unerwartet heruntergefahren.

Error: (10/10/2016 08:11:12 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (10/10/2016 08:10:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/10/2016 08:10:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/10/2016 08:10:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/10/2016 08:10:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/10/2016 08:10:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/10/2016 08:10:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/10/2016 08:10:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.


CodeIntegrity:
===================================
  Date: 2014-11-21 20:03:52.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 20:03:52.374
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.824
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 8115.27 MB
Verfügbarer physikalischer RAM: 6027.21 MB
Summe virtueller Speicher: 9395.27 MB
Verfügbarer virtueller Speicher: 7082.22 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:913.91 GB) (Free:753.36 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A086831E)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B 11.10.2016 08:00
Servus,


wir entfernen die letzten Reste und kontrollieren nochmal alles. :)



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
Unlock: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn
CMD: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn" /v SBOEM2 /f
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

fixnroxy 12.10.2016 07:31
Hallo Matthias, ich hab erst am Samstag wieder Zugriff auf den Rechner meiner Freundin und würde mich dann noch einmal melden. Vielen Dank!

M-K-D-B 12.10.2016 20:08
Zitat:
Zitat von fixnroxy (Beitrag 1615330)
Hallo Matthias, ich hab erst am Samstag wieder Zugriff auf den Rechner meiner Freundin und würde mich dann noch einmal melden. Vielen Dank!
Ok, dann bis Samstag/Sonntag. :)

fixnroxy 15.10.2016 12:37
So, dann mal hier de neuen Logs :)
Was genau hat sich denn da eingenistet?

Fixlog
Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 13-10-2016
durchgeführt von Roxy (15-10-2016 10:46:27) Run:2
Gestartet von C:\Users\Roxy\Desktop
Geladene Profile: Roxy (Verfügbare Profile: Roxy)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
Unlock: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn
CMD: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn" /v SBOEM2 /f
Reboot:
end


*****************

Prozess erfolgreich geschlossen.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn" => Schlüssel wurde entsperrt

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn" /v SBOEM2 /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========



Das System musste neu gestartet werden.

==== Ende von Fixlog 10:46:29 ==
Eset
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=43b32732dd67324a8d75e0355131047b
# end=init
# utc_time=2016-10-15 09:01:28
# local_time=2016-10-15 11:01:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 31087
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=43b32732dd67324a8d75e0355131047b
# end=updated
# utc_time=2016-10-15 09:03:36
# local_time=2016-10-15 11:03:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=43b32732dd67324a8d75e0355131047b
# engine=31087
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-10-15 10:34:26
# local_time=2016-10-15 12:34:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 97 6061 62458351 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 36776823 61661606 0 0
# scanned=276151
# found=0
# cleaned=0
# scan_time=5449
HitmannPro
Code:

       
Code:

       
HitmanPro 3.7.14.280
www.hitmanpro.com

   Computer name . . . . : ROXYSPC
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : ROXYSPC\Roxy
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-10-15 13:19:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 11s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 7

   Objects scanned . . . : 1.975.015
   Files scanned . . . . : 56.128
   Remnants scanned  . . : 512.745 files / 1.406.142 keys

Suspicious files ____________________________________________________________

   C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCache\IE\UJR1MWO6\FRST64[1].exe
      Size . . . . . . . : 2.406.912 bytes
      Age  . . . . . . . : 0.1 days (2016-10-15 10:46:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3C716312A30061CB8B1BF8A3B0CEECEC731782D406DF06100030871265A3E4D6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.9s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCookies\SR7E7PY7.txt
         -0.9s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCache\IE\UJR1MWO6\82[1].htm
         -0.2s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCache\IE\6BHYQTK2\FRST64[1].exe
          0.0s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCache\IE\UJR1MWO6\FRST64[1].exe
          0.0s C:\Users\Roxy\Desktop\FRST64.exe
          4.9s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCache\IE\EPMENI0A\up64[2]
         19.0s C:\Users\Roxy\Desktop\Fixlog.txt
         20.9s C:\Windows\Prefetch\REG.EXE-6A8B6960.pf

   C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\cookies.sqlite-shm
      Size . . . . . . . : 32.768 bytes
      Age  . . . . . . . : 0.2 days (2016-10-15 08:37:59)
      Entropy  . . . . . : 4.9
      SHA-256  . . . . . : 49B757B8EFD0EC90B5A9B872E073EBCB037B1F76E70C924953E7977C2CABCDF0
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : ApiSet Stub DLL
      Version  . . . . . : 6.3.9600.16384
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 48.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file name extension of this program is not common.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Forensic Cluster
          0.0s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\cookies.sqlite-wal
          0.0s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\cookies.sqlite-shm
          0.9s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\webappsstore.sqlite-wal
          0.9s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\webappsstore.sqlite-shm
          6.8s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\healthreport.sqlite-wal
          6.8s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\healthreport.sqlite-shm

   C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\webappsstore.sqlite-shm
      Size . . . . . . . : 32.768 bytes
      Age  . . . . . . . : 0.2 days (2016-10-15 08:37:59)
      Entropy  . . . . . : 4.5
      SHA-256  . . . . . : AAF7C5FDB6B76ED7877558F67572169F99B2644AB593D93E0C683C5EF08ED445
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : ApiSet Stub DLL
      Version  . . . . . : 6.3.9600.16384
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 48.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file name extension of this program is not common.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Forensic Cluster
         -0.9s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\cookies.sqlite-wal
         -0.9s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\cookies.sqlite-shm
          0.0s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\webappsstore.sqlite-wal
          0.0s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\webappsstore.sqlite-shm
          5.9s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\healthreport.sqlite-wal
          5.9s C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\healthreport.sqlite-shm

   C:\Users\Roxy\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.407.424 bytes
      Age  . . . . . . . : 6.1 days (2016-10-09 10:07:55)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7891815E879413A0E959DA312EA88A971AD0C806E134732C5C5C2C57C2D6D3D2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Roxy\Desktop\FRST64.exe
      Size . . . . . . . : 2.406.912 bytes
      Age  . . . . . . . : 0.1 days (2016-10-15 10:46:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3C716312A30061CB8B1BF8A3B0CEECEC731782D406DF06100030871265A3E4D6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.9s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCookies\SR7E7PY7.txt
         -0.9s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCache\IE\UJR1MWO6\82[1].htm
         -0.2s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCache\IE\6BHYQTK2\FRST64[1].exe
          0.0s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCache\IE\UJR1MWO6\FRST64[1].exe
          0.0s C:\Users\Roxy\Desktop\FRST64.exe
          4.9s C:\Users\Roxy\AppData\Local\Microsoft\Windows\INetCache\IE\EPMENI0A\up64[2]
         19.0s C:\Users\Roxy\Desktop\Fixlog.txt
         20.9s C:\Windows\Prefetch\REG.EXE-6A8B6960.pf

Addition
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 13-10-2016
durchgeführt von Roxy (15-10-2016 13:29:42)
Gestartet von C:\Users\Roxy\Desktop
Windows 8.1 (Update) (X64) (2014-10-18 02:19:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1070502710-3685973896-1333799553-500 - Administrator - Disabled)
Gast (S-1-5-21-1070502710-3685973896-1333799553-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1070502710-3685973896-1333799553-1003 - Limited - Enabled)
Roxy (S-1-5-21-1070502710-3685973896-1333799553-1001 - Administrator - Enabled) => C:\Users\Roxy

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2011.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.02.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.22.54 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.43.1 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.1 - Genesys Logic)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 de)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Grafiktreiber 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{FD1F398D-BD56-43E6-8E58-707857AC9A8C}) (Version:  - Microsoft)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0692C379-F47D-4B8A-803F-21AA3547BCD1} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1449BDB3-BFEB-4269-95FE-B2221D1CAE32} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {1BDD1304-A5D0-49B6-AC76-9ECBABCEE7C5} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {1EA3EFD4-E3E4-460C-93E4-BCD43CA078F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {35276026-680D-49BF-94B1-91098B6A18F2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-10-20] (Acer)
Task: {5AFF5723-57A8-447B-8656-E823AB4AE77F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6324612D-0EBE-4267-8926-62F4C7224B57} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6DD03667-4424-4D20-89CA-296485F9DFB3} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {7E801D45-EFE3-43EA-85FE-D0B74C1A914D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-13] (Dropbox, Inc.)
Task: {90D13726-8046-4D26-BFAE-E5AA13D112F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {947737E2-3C56-4848-9F3F-9AD62866346C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-10-12] (Microsoft Corporation)
Task: {9E6AA8C1-5B95-49E3-89CD-A50F9A3B1280} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {A32B245C-FEC7-4384-8DB3-D6E40B69635C} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {B7A6152F-B8A2-4387-B50E-4EE471DDB453} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-13] (Dropbox, Inc.)
Task: {BDD7E3DA-F247-47E7-801E-AE69337BBED2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {BFB4F2D7-7222-436E-B11F-5DE8E33A0A26} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {EA3F60A6-5B32-4A75-86CE-D56BDC807B51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-08-10 02:40 - 2014-03-24 14:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-10 03:06 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2016-10-15 10:33 - 2016-09-22 03:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-15 10:33 - 2016-09-22 03:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-15 10:33 - 2016-09-22 03:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-15 10:33 - 2016-09-22 03:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-10-15 10:33 - 2016-09-22 03:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-10-15 10:33 - 2016-09-22 03:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-10-15 10:33 - 2016-09-22 03:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-10-15 10:33 - 2016-09-22 03:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-15 10:33 - 2016-09-22 03:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-15 10:33 - 2016-09-22 03:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-15 10:32 - 2016-10-10 20:35 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-10-15 10:33 - 2016-09-22 03:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-10-15 10:33 - 2016-09-22 03:46 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-15 10:33 - 2016-09-22 03:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-15 10:33 - 2016-10-10 20:35 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-15 10:33 - 2016-10-10 20:35 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-10-15 10:33 - 2016-09-22 03:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-15 10:33 - 2016-09-22 03:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-15 10:33 - 2016-09-22 03:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-10-15 10:33 - 2016-09-22 03:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-10-15 10:33 - 2016-10-10 20:35 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2014-08-10 02:42 - 2013-12-10 01:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\1001movie.com -> 1001movie.com

Da befinden sich 6088 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roxy\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\StartupApproved\Run: => "Spotify"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{262A5919-E5B1-439A-AE72-E366750707DE}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8DB348F3-0F77-40F7-831C-DD9B40C8A373}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{176DC937-4EA3-4B99-B17F-DA742CDCD1D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F36F0F28-E934-4DF0-A51E-01E2DB22A1B5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{581A077E-73E5-4466-92EF-7D6359AF57A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6A597CE8-A790-4257-8273-A04AC4420219}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A2EFA8C6-C694-473E-9491-B44DE5213B23}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0F9A8ECB-B678-4362-B3F9-717EBA6B7DC5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4D4CA22B-D9EA-44CE-B80D-43CD79E67EA8}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E2713E33-268C-4151-AF82-ADA9D351C250}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C6A8F975-0FBC-4384-9746-AA04805A34DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1FC16DB7-9DE2-4A55-A774-FCBCBF5704EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{03ACCB66-0763-48CE-A62D-7DBF4673236B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{38BA2756-3C73-4E7B-8702-9492CA1B905A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CC6EDDED-6751-4E7D-912F-15E681E00D3C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{5B90DBDF-079A-4EE7-9080-6A0024F814F6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4047CBF4-0461-4A19-B7B9-473E83324E13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{B52D4761-364E-4432-9803-23A31E5EAD89}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{5C1804D8-B391-4913-858F-D818370EE067}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B26C685E-76CC-40F4-888B-9FFA00923F7E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{DD9252DB-BFBB-41F0-9835-BF47EF84DA48}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2761BEA5-C893-4C48-A003-80F228D10F87}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{D8345E48-337D-4292-BEC6-9C72BF4B97A4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{298FC49D-C29F-4FC0-8278-DC405A132B06}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{15B4884B-2726-4031-A46A-4C973D18BAA3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{273CCA38-DE11-44B5-B287-03976E2772D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{5D1EEA64-0A66-4046-9689-D69E3527F967}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{D82516AC-9A85-4C3D-97E9-8503946E2199}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{22D36947-5429-4B34-86CB-2BCD9B2BAD97}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CCBB9D5F-559F-4959-A93B-922824D415AA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{94520434-6D52-4E3C-BD89-A2078A0E7B13}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{58904A97-66B9-47EE-8842-41B3E66B2176}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{B381C194-2EEC-4716-8517-7219857290CA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{32A24B8F-FD29-40E1-986A-76BBCCCA2152}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{33CCFA5E-C9DF-49A2-9BBD-C7723BFA64BB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{98980662-79D5-4529-A44C-070FD6916C1F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{8E99541D-5854-4A9C-95FF-5DCFFF22ABFE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{EBC3588A-E803-407A-BFFD-6DE4968259FB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{963DD381-8C9B-4D5C-A1DB-35AF7A07DCE0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{F0710F71-DD80-4EA0-8C0F-093B1EA961CF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{69633FC3-4210-4572-88C7-E0EBBBC80097}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52F2B8C8-7852-4B5D-8C48-39F26B15043B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B800E3D0-681D-467C-948A-EC7D37711F0D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{322E9C96-5D7F-4AF4-8715-D3FA53F06886}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5EC85835-2CD9-4D65-85FB-706790E77CA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8358D37E-06DB-4062-8E52-B1A4C073A8F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{42CA62FC-AD76-4B10-A5D7-24AE7E1D00C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{FF455CA0-3F78-4F4E-9BFA-19A1E3FAC727}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{51607E45-6433-4067-8288-13519718F3A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{88C317C8-A00B-4670-B5A2-8FC40AA09BCF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AB264847-8CB5-4B76-A24B-5B544ED373D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAFF0F56-590D-4E6D-908B-954003B994AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{17A23AC7-B83F-411B-8CCA-6580D17930A3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{938818FC-757D-49D0-8714-6E0BE1581E4E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4BD65EC9-FEEA-459C-947D-13E61F014592}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{81D11DDC-BE74-4E71-ABFC-EEBFDCFD8D74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{37970989-CF7B-48AC-93F5-F2E2C8D68D0F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4EA1A20F-A346-4DC9-9E0A-CCB75328070E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{695CDC50-67C1-45EB-B2B4-F36B2D50257F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{1C2A9B3F-4859-4277-A686-C117513433D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C4EE6440-1ACD-4CB6-AE53-5AEEF1D27F40}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C52B29D9-8A9E-4985-A9B9-ED8B3535C2FD}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\KMSpico\cert\debitis.exe
FirewallRules: [{887147C1-85E2-481F-B92B-8DA23D41CBE4}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\KMSpico\cert\debitis.exe
FirewallRules: [{C46E1036-DE01-4FA9-9A4D-E41273BFE964}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A607DA1E-9D91-4877-ADC1-71A2C13DA59F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5CC78DF6-495F-4EF6-94F3-1CE2602BF82E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E95CA1A3-AE2F-4099-918D-C06A01FEED17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EAD0EA01-3702-4435-ACB4-ED321DA2363F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A2F47C1E-B27C-4962-84FD-65459DEF816B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EDD4331B-ADA4-4E12-9E4B-DAAA49ED8C91}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6399CDA0-C791-4570-9A6D-4688A518DE6D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{51E2B8CA-81B4-4F4F-AF44-0AAA8A97708E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9A662479-EBE1-458F-9317-A7194F7E590F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0367D0EA-8AD5-4078-B43A-7D93278AB631}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{16A9C186-7686-4359-A6CF-CB57FFF3AD11}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{108787A8-2FF8-4559-B339-5A59DE99A96C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D951D056-3A3C-4987-A28C-85B7D049240D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E3E2D011-FD44-4DDF-A350-9D880D84C349}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{85B4DF10-F55C-4B7A-AA99-D7AC157DBFA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{886233B0-E99A-4CFD-B81D-A7B19ED86D03}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{FA3C1BE3-B4D2-491F-B60D-AACE0FE49E47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51BBA38A-37BB-4815-837A-ABADFF96A093}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3C7DFB03-8832-4472-8637-57C2CB483590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F182CA9-3870-47DB-A618-24313042D505}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{3BF35386-4C19-4931-BCF8-A6B9033206D1}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{12E124B5-BE0D-4BCE-A8EC-D06B232D75BF}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3D56511A-995C-46D1-8F0A-FD979942C289}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C63CE034-8D28-4797-9996-90461D7CCB2C}C:\users\roxy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roxy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A63D8471-0E2F-4102-A68F-7E256BB86DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{97A0D091-A12B-4A56-91FE-C53ED0879A9A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{044382D6-D437-4EDA-B39B-7BACC2659802}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B39E7A3A-DFC3-436F-8637-26E37DC21D45}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{53941CC1-1715-4A90-981E-FDADC0F4D6C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D4E632F-0623-4421-9DA7-7F9BA6D5EA9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{70E42BA7-7F72-4DFB-9B80-3CBA313916A7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0B7FCD43-62CA-498A-872D-3637693BB89C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{00CF513D-1CFE-4400-9EE4-929C403D2C79}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{59C13D73-D934-49BB-A0BF-3F9AF376DC05}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A1C4746C-05E8-4B79-A532-530ED2F56F16}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS13D2\HPDiagnosticCoreUI.exe
FirewallRules: [{C6687C5B-C00C-4269-B377-DE8DF59EF106}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS13D2\HPDiagnosticCoreUI.exe
FirewallRules: [{D5DDFAAE-A217-40BB-AF64-320243A85828}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB768125-0ED7-4818-A61D-DD5DF6CF681C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC3B5FC8-4E5F-416A-8406-661B1F8C4511}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1615A1CF-F2BA-490D-8A01-ADBB4C48B527}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C2E297C8-D7F8-4288-99D9-0A581D4EBFC2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B312E4CE-E931-4D20-8234-1F589D5A8FA2}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS05B0\HPDiagnosticCoreUI.exe
FirewallRules: [{72F52E84-1FDF-4816-AB37-464EDFD13ABA}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS05B0\HPDiagnosticCoreUI.exe
FirewallRules: [{6AA45DCF-355E-42EA-85A9-296F2DA71D47}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS0695\HPDiagnosticCoreUI.exe
FirewallRules: [{F023493D-EC6E-41E4-9230-95BED396B879}] => (Allow) C:\Users\Roxy\AppData\Local\Temp\7zS0695\HPDiagnosticCoreUI.exe
FirewallRules: [{FB7DE622-AC60-4A54-B0C1-BBD59BF6B49A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Wiederherstellungspunkte =========================

04-10-2016 15:55:54 Geplanter Prüfpunkt
09-10-2016 17:57:01 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/15/2016 01:29:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (10/15/2016 01:10:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0x19a4
Startzeit der fehlerhaften Anwendung: 0x01d226d4b29e9854
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: f88e21a3-92c7-11e6-82cc-c45444b9ba5e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/15/2016 01:10:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei updater.Report.AddFPToResult(updater.Result)
  bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
  bei updater.DownloadMgr.DownloadFile(System.String, System.String)
  bei updater.DownloadMgr.Worker(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (10/15/2016 12:58:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (10/15/2016 12:57:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (10/15/2016 12:57:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (10/15/2016 12:10:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0xfbc
Startzeit der fehlerhaften Anwendung: 0x01d226cc504d2c1c
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 92fa1d39-92bf-11e6-82cc-c45444b9ba5e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/15/2016 12:10:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei updater.Report.AddFPToResult(updater.Result)
  bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
  bei updater.DownloadMgr.DownloadFile(System.String, System.String)
  bei updater.DownloadMgr.Worker(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (10/15/2016 11:10:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0xd90
Startzeit der fehlerhaften Anwendung: 0x01d226c3edf326dc
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 42b994c6-92b7-11e6-82cc-c45444b9ba5e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/15/2016 11:10:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei updater.Report.AddFPToResult(updater.Result)
  bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
  bei updater.DownloadMgr.DownloadFile(System.String, System.String)
  bei updater.DownloadMgr.Worker(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()


Systemfehler:
=============
Error: (10/15/2016 11:02:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (10/15/2016 11:02:00 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Roxy\AppData\Local\Temp\ehdrv.sys

Error: (10/15/2016 11:02:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (10/15/2016 11:02:00 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Roxy\AppData\Local\Temp\ehdrv.sys

Error: (10/15/2016 11:02:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (10/15/2016 11:02:00 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Roxy\AppData\Local\Temp\ehdrv.sys

Error: (10/15/2016 10:46:59 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (10/15/2016 10:46:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/15/2016 10:46:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/15/2016 10:46:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2014-11-21 20:03:52.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 20:03:52.374
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:45.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.824
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-21 12:12:44.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8115.27 MB
Verfügbarer physikalischer RAM: 5572.07 MB
Summe virtueller Speicher: 9395.27 MB
Verfügbarer virtueller Speicher: 6411.22 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:913.91 GB) (Free:749.55 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A086831E)

Partition: GPT.

==================== Ende von Addition.txt ============================
FRST
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
durchgeführt von Roxy (Administrator) auf ROXYSPC (15-10-2016 13:28:57)
Gestartet von C:\Users\Roxy\Desktop
Geladene Profile: Roxy (Verfügbare Profile: Roxy)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-03-26] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917584 2016-10-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25366584 2016-10-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\Run: [Spotify Web Helper] => C:\Users\Roxy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-25] (Spotify Ltd)
HKU\S-1-5-21-1070502710-3685973896-1333799553-1001\...\Run: [Spotify] => C:\Users\Roxy\AppData\Roaming\Spotify\Spotify.exe [6795376 2016-09-25] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll [2014-10-20] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
Startup: C:\Users\Roxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk [2016-10-15]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{78E2F4C8-CE86-4774-A03A-38E6EDA6EAB1}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default [2016-10-15]
FF Extension: (download addon) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{9b47e9a8-33da-4702-afb4-0629faf221a1}.xpi [2016-05-20] [ist nicht signiert]
FF Extension: (MPEG4 Notifier Pro) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{b2d8897b-71d4-4297-8a2a-4623c6685124}.xpi [2015-12-27] [ist nicht signiert]
FF Extension: (Adblock Plus) - C:\Users\Roxy\AppData\Roaming\Mozilla\Firefox\Profiles\37u48bk9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1086040 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [475232 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [475232 2016-10-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1489240 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-13] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-10] (Dropbox, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1616160 2014-03-26] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [149832 2016-10-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [153392 2016-10-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-28] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [111336 2014-04-28] (GenesysLogic)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-20] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-10-15 13:28 - 2016-10-15 13:29 - 00021884 _____ C:\Users\Roxy\Desktop\FRST.txt
2016-10-15 13:14 - 2016-10-15 13:26 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-15 12:58 - 2016-10-15 12:58 - 11579432 _____ (SurfRight B.V.) C:\Users\Roxy\Desktop\HitmanPro_x64.exe
2016-10-15 11:01 - 2016-10-15 11:01 - 00000000 ____D C:\Program Files (x86)\ESET
2016-10-15 11:00 - 2016-10-15 11:00 - 02870984 _____ (ESET) C:\Users\Roxy\Desktop\esetsmartinstaller_deu.exe
2016-10-15 10:46 - 2016-10-15 10:46 - 00001011 _____ C:\Users\Roxy\Desktop\Fixlog.txt
2016-10-15 10:34 - 2016-10-15 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-12 07:50 - 2016-10-12 07:49 - 00023640 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-10-11 23:38 - 2016-10-01 02:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 23:38 - 2016-09-30 09:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 23:38 - 2016-09-30 08:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 23:38 - 2016-09-30 08:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 23:38 - 2016-09-30 07:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-11 23:38 - 2016-09-30 07:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 23:38 - 2016-09-30 07:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 23:38 - 2016-09-30 07:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-11 23:38 - 2016-09-30 07:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 23:38 - 2016-09-30 07:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-11 23:38 - 2016-09-30 06:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-11 23:38 - 2016-09-30 06:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-11 23:38 - 2016-09-17 19:02 - 01446400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 23:38 - 2016-09-09 16:17 - 04170752 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-11 23:38 - 2016-09-08 16:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 23:38 - 2016-09-08 16:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 23:38 - 2016-09-08 00:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 23:38 - 2016-09-07 23:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 23:38 - 2016-09-07 23:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-11 23:38 - 2016-08-31 19:22 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 23:38 - 2016-08-25 22:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-10-11 23:38 - 2016-08-25 21:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-10-11 23:38 - 2016-08-12 23:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 23:38 - 2016-08-12 22:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-11 23:38 - 2016-08-12 03:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-10-11 23:38 - 2016-08-12 03:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-10-11 23:38 - 2016-08-03 17:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-10-11 23:38 - 2016-08-03 17:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2016-10-11 23:38 - 2016-07-30 19:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-10-11 23:38 - 2016-07-30 18:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-10-11 23:37 - 2016-09-30 08:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 23:37 - 2016-09-30 08:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-11 23:37 - 2016-09-30 07:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-11 23:37 - 2016-09-30 07:41 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 23:37 - 2016-09-30 07:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-11 23:37 - 2016-09-30 07:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-11 23:37 - 2016-09-30 07:33 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-11 23:37 - 2016-09-30 07:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 23:37 - 2016-09-30 07:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-11 23:37 - 2016-09-30 07:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-11 23:37 - 2016-09-30 07:11 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-11 23:37 - 2016-09-30 07:06 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-11 23:37 - 2016-09-30 07:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-11 23:37 - 2016-09-30 07:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-11 23:37 - 2016-09-30 06:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 23:37 - 2016-09-30 06:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-11 23:37 - 2016-09-17 20:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 23:37 - 2016-09-17 19:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-11 23:37 - 2016-09-17 19:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-11 23:37 - 2016-09-17 19:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-11 23:37 - 2016-09-14 03:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-11 23:37 - 2016-09-14 03:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-10-11 23:37 - 2016-09-14 03:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-11 23:37 - 2016-09-14 03:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-10-11 23:37 - 2016-09-13 00:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2016-10-11 23:37 - 2016-09-12 23:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2016-10-11 23:37 - 2016-09-08 22:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2016-10-11 23:37 - 2016-09-07 23:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-10-11 23:37 - 2016-09-07 23:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-10-11 23:37 - 2016-08-31 18:33 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-11 23:37 - 2016-08-13 02:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 23:37 - 2016-08-13 02:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
2016-10-11 23:37 - 2016-08-13 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2016-10-11 23:37 - 2016-08-13 02:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2016-10-11 23:37 - 2016-08-13 00:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2016-10-11 23:37 - 2016-08-13 00:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-11 23:37 - 2016-08-12 23:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2016-10-11 23:37 - 2016-08-11 20:33 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
2016-10-11 23:37 - 2016-08-11 20:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-10-11 23:37 - 2016-08-11 20:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
2016-10-11 23:37 - 2016-08-11 19:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-10-11 23:37 - 2016-08-11 15:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml
2016-10-11 23:37 - 2016-08-11 07:46 - 00420184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-10-11 23:37 - 2016-08-03 17:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-10-11 23:37 - 2016-08-03 17:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-10-11 23:37 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
2016-10-11 23:37 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\system32\C_932.NLS
2016-10-11 23:37 - 2016-07-23 20:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-10-11 23:37 - 2016-07-23 20:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-10-11 23:35 - 2016-09-13 01:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 23:35 - 2016-09-09 15:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 23:35 - 2016-09-09 15:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 23:35 - 2016-09-09 15:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 23:35 - 2016-09-09 15:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 23:35 - 2016-09-09 15:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 23:35 - 2016-09-09 15:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-11 23:35 - 2016-09-09 15:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 23:35 - 2016-09-09 15:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 23:35 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 23:35 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-11 23:35 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2016-10-11 23:35 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-11 23:35 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-11 23:35 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2016-10-11 23:35 - 2016-08-27 18:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-10-11 23:35 - 2016-08-27 18:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-10-11 23:35 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-10-11 23:35 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-10-11 23:35 - 2016-08-21 00:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-11 23:35 - 2016-08-21 00:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-10 20:30 - 2016-10-10 20:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-10 20:30 - 2016-10-10 20:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-10 20:30 - 2016-10-10 20:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-10 20:30 - 2016-10-10 20:30 - 00038000 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-10 09:18 - 2016-10-10 09:18 - 00165376 _____ C:\Users\Roxy\Desktop\SystemLook_x64.exe
2016-10-10 08:10 - 2016-10-15 10:46 - 00000000 ____D C:\Users\Roxy\Desktop\FRST-OlderVersion
2016-10-09 17:55 - 2016-10-09 17:55 - 01631928 _____ (Malwarebytes) C:\Users\Roxy\Desktop\JRT.exe
2016-10-09 14:56 - 2016-10-09 18:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-09 14:56 - 2016-10-09 14:56 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-09 14:56 - 2016-10-09 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-09 14:56 - 2016-10-09 14:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-09 14:56 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-09 14:56 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-09 14:56 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-09 14:54 - 2016-10-09 14:55 - 22851472 _____ (Malwarebytes ) C:\Users\Roxy\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-09 14:46 - 2016-10-09 14:50 - 00000000 ____D C:\AdwCleaner
2016-10-09 14:45 - 2016-10-09 14:46 - 00000000 ____D C:\Users\Roxy\Desktop\AdwCleaner_6.021.exe
2016-10-09 14:45 - 2016-10-09 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-09 14:45 - 2016-10-09 14:45 - 00000000 ____D C:\Program Files\7-Zip
2016-10-09 14:41 - 2016-10-09 14:41 - 03874368 _____ C:\Users\Roxy\Desktop\AdwCleaner_6.021.exe.part
2016-10-09 10:08 - 2016-10-15 13:28 - 00000000 ____D C:\FRST
2016-10-09 10:07 - 2016-10-15 10:46 - 02406912 _____ (Farbar) C:\Users\Roxy\Desktop\FRST64.exe
2016-10-04 18:18 - 2016-10-04 18:18 - 01764426 _____ C:\Users\Roxy\Documents\Timos Praktikumsbescheinigungen.pdf
2016-09-24 18:42 - 2016-09-24 18:42 - 00001118 _____ C:\Users\Public\Desktop\Avira Launcher.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-10-15 13:10 - 2014-10-18 05:18 - 00000000 ____D C:\Users\Roxy\AppData\Local\CrashDumps
2016-10-15 12:43 - 2016-06-13 21:38 - 00001226 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-15 12:38 - 2014-10-19 12:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-15 11:00 - 2014-12-08 22:42 - 01022976 ___SH C:\Users\Roxy\Downloads\Thumbs.db
2016-10-15 10:58 - 2014-08-10 12:04 - 00765582 _____ C:\Windows\system32\perfh007.dat
2016-10-15 10:58 - 2014-08-10 12:04 - 00159366 _____ C:\Windows\system32\perfc007.dat
2016-10-15 10:58 - 2014-03-18 12:03 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-15 10:58 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-10-15 10:55 - 2016-06-13 21:38 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-15 10:55 - 2014-10-23 20:40 - 00000000 ____D C:\Users\Roxy\OneDrive
2016-10-15 10:53 - 2014-11-14 11:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-15 10:53 - 2014-11-14 11:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-15 10:53 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-15 10:53 - 2013-08-22 16:44 - 00492368 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-15 10:51 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-15 10:48 - 2015-04-16 00:01 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-15 10:48 - 2015-03-13 14:08 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-15 10:48 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2016-10-15 10:40 - 2014-10-18 04:26 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1070502710-3685973896-1333799553-1001
2016-10-15 10:34 - 2016-06-13 21:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-12 10:16 - 2014-10-18 04:20 - 00000000 ____D C:\Users\Roxy\AppData\Local\Packages
2016-10-12 09:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-10-12 08:27 - 2014-10-18 14:22 - 00000000 ____D C:\Users\Roxy\AppData\Local\Spotify
2016-10-12 08:24 - 2014-10-20 17:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-10-12 08:24 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-10-12 08:23 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini
2016-10-12 08:22 - 2015-03-12 17:02 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 08:22 - 2014-10-23 19:32 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 08:21 - 2014-10-18 14:22 - 00000000 ____D C:\Users\Roxy\AppData\Roaming\Spotify
2016-10-12 08:19 - 2014-10-23 19:32 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-12 08:18 - 2014-11-14 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-12 07:51 - 2016-05-28 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-10-12 07:49 - 2014-11-21 21:14 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-10-12 07:49 - 2014-11-21 21:14 - 00149832 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-10-11 23:38 - 2014-10-19 12:42 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-11 23:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-11 23:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-10 09:15 - 2014-11-03 01:30 - 00050176 ___SH C:\Users\Roxy\Desktop\Thumbs.db
2016-10-09 09:57 - 2014-10-18 04:19 - 00000000 ____D C:\Users\Roxy
2016-10-04 15:46 - 2016-06-13 21:38 - 00000000 ____D C:\Users\Roxy\AppData\Local\Dropbox
2016-10-01 02:15 - 2014-10-23 19:13 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-01 02:15 - 2014-10-23 19:13 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-26 13:09 - 2014-03-18 11:45 - 00000000 ____D C:\Windows\ShellNew
2016-09-26 13:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-26 13:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup
2016-09-24 18:42 - 2016-01-15 19:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-24 17:33 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-24 17:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-03 01:05 - 2014-11-03 01:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-10 02:38 - 2014-08-10 02:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Roxy\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-10-09 10:23

==================== Ende von FRST.txt ============================

M-K-D-B 15.10.2016 13:04
Servus,


wir haben etwas Adware entfernt.


hast du noch Probleme?

fixnroxy 15.10.2016 14:29
Nein, momenan scheint alles in Ordnung zu sein :dankeschoen:

M-K-D-B 15.10.2016 15:29
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.




http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.








Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
http://filepony.de/icon/adblock_firefox.pngAdblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
http://filepony.de/icon/noscript.png NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

fixnroxy 16.10.2016 07:51
Alles erledigt, vielen Dank und noch einen schönen Sonntag :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:41 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131