Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Firefox helper2 - adware keeps coming back [Closed]

Started by Mairuu , Apr 16 2016 04:02 AM

helper2 adware

This topic is locked

#1
Mairuu

Posted 16 April 2016 - 04:02 AM

New Member

Member
3 posts

Hello,

I have an adware that keeps coming back. I believe it may be the same as http://www.geekstogo...ps-coming-back/. May I also get help with that? I am posting the two scan logs below

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
durchgeführt von Philipp (Administrator) auf R116020 (16-04-2016 11:40:41)
Gestartet von C:\Users\Philipp\Desktop
Geladene Profile: Philipp (Verfügbare Profile: Philipp & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_service.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Spotify Ltd) C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [InstantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-02-21] ()
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-20] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2337144 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [262464 2015-10-01] (SecureW2 B.V.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\Run: [Dropbox Update] => C:\Users\Philipp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\Run: [Spotify Web Helper] => C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-15] (Spotify Ltd)
HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\RunOnce: [Uninstall C:\Users\Philipp\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philipp\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\RunOnce: [Uninstall C:\Users\Philipp\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philipp\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-19] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Keine Datei
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2013 Screen Clipper and Launcher.lnk [2015-07-30]
ShortcutTarget: OneNote 2013 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{48ff8b8a-033a-456a-a661-f041a71c579a}: [NameServer] 10.169.30.244 10.170.30.245
Tcpip\..\Interfaces\{b7b7678c-906e-4e87-8c96-40e82814a35d}: [DhcpNameServer] 213.160.212.3 213.160.223.35
Tcpip\..\Interfaces\{c8642d60-fe64-452b-8393-da6134916b2e}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-984584555-1158884173-326051070-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-984584555-1158884173-326051070-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-984584555-1158884173-326051070-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-984584555-1158884173-326051070-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-984584555-1158884173-326051070-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-06-23] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-19] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-06-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-06-23] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2012-11-22] (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-19] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-06-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-19] (Oracle Corporation)
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} hxxps://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
DPF: HKLM-x32 {C752FF21-A8EF-468E-B507-5BBAFB84359E} hxxps://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\3u7194mn.default-1397408749253
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-19] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2012-08-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-984584555-1158884173-326051070-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-984584555-1158884173-326051070-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Philipp\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-02-12] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-984584555-1158884173-326051070-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-19] (Pando Networks)
FF Extension: OLB - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\3u7194mn.default-1397408749253\extensions\{C752FF21-A8EF-468E-B507-5BBAFB84359D} [2016-03-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-19]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR HKU\S-1-5-21-984584555-1158884173-326051070-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Philipp\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-02-21]
CHR HKU\S-1-5-21-984584555-1158884173-326051070-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-19] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-04-05] (Overwolf LTD)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 SW2SVC; C:\Program Files (x86)\SecureW2\sw2_service.exe [108352 2015-10-01] (SecureW2 B.V.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-07-16] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [Datei ist nicht signiert]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-19] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4323976 2016-04-15] (Qualcomm Atheros Communications, Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-15] (REALiX™)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185600 2016-04-15] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-10-22] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [247464 2016-04-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [247464 2016-04-11] (Zemana Ltd.)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-16 11:40 - 2016-04-16 11:41 - 00031839 _____ C:\Users\Philipp\Desktop\FRST.txt
2016-04-16 11:40 - 2016-04-16 11:40 - 00000000 ____D C:\FRST
2016-04-16 11:38 - 2016-04-16 11:39 - 02375168 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2016-04-15 21:06 - 2016-04-15 21:07 - 03670016 _____ C:\Users\Philipp\Downloads\adwcleaner5111 (2).exe
2016-04-15 21:06 - 2016-04-15 21:06 - 03670016 _____ C:\Users\Philipp\Downloads\adwcleaner5111 (1).exe
2016-04-15 21:05 - 2016-04-15 21:05 - 03670016 _____ C:\Users\Philipp\Downloads\adwcleaner5111.exe
2016-04-15 20:40 - 2016-04-15 20:40 - 04323976 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2016-04-15 20:40 - 2016-04-15 20:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-04-15 20:39 - 2016-04-15 20:39 - 00185600 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2016-04-15 20:36 - 2016-04-15 20:36 - 00000000 ____D C:\ProgramData\ProductData
2016-04-15 20:35 - 2016-04-16 10:05 - 00003018 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Philipp)
2016-04-15 20:35 - 2016-04-15 20:47 - 00002241 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-04-15 20:35 - 2016-04-15 20:36 - 00000000 ____D C:\Users\Philipp\AppData\LocalLow\IObit
2016-04-15 20:35 - 2016-04-15 20:35 - 00027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2016-04-15 20:35 - 2016-04-15 20:35 - 00003370 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-04-15 20:35 - 2016-04-15 20:35 - 00000000 ____D C:\WINDOWS\IObit
2016-04-15 20:35 - 2016-04-15 20:35 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\IObit
2016-04-15 20:35 - 2016-04-15 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-04-15 20:35 - 2016-04-15 20:35 - 00000000 ____D C:\ProgramData\IObit
2016-04-15 20:35 - 2016-04-15 20:35 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-15 20:33 - 2016-04-15 20:33 - 03840080 _____ (AVAST Software) C:\Users\Philipp\Downloads\avast-browse104-cleanup-sfx (2).exe
2016-04-15 20:33 - 2016-04-15 20:33 - 03840080 _____ (AVAST Software) C:\Users\Philipp\Downloads\avast-browse104-cleanup-sfx (1).exe
2016-04-15 20:32 - 2016-04-15 20:33 - 03840080 _____ (AVAST Software) C:\Users\Philipp\Downloads\avast-browse104-cleanup-sfx.exe
2016-04-14 16:14 - 2016-04-14 16:14 - 00084505 _____ C:\Users\Philipp\Downloads\Protokoll_04.09.2007.pdf
2016-04-13 19:25 - 2016-04-13 19:25 - 00544338 _____ C:\Users\Philipp\Documents\.RData
2016-04-13 10:34 - 2016-03-29 12:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 10:34 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:34 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 10:34 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 10:34 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 10:34 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 10:34 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 10:34 - 2016-03-29 09:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 10:34 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 10:34 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 10:34 - 2016-03-29 08:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 10:34 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 10:34 - 2016-03-29 08:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 10:34 - 2016-03-29 08:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 10:34 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 10:34 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 10:34 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 10:34 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 10:34 - 2016-03-29 07:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 10:34 - 2016-03-29 07:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 10:34 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 10:34 - 2016-03-29 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 10:34 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 10:34 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 10:33 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 10:33 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 10:33 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 10:33 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 10:33 - 2016-04-02 05:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 10:33 - 2016-04-02 05:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 10:33 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 10:33 - 2016-04-02 05:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 10:33 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 10:33 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 10:33 - 2016-04-02 05:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 10:33 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 10:33 - 2016-04-02 05:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 10:33 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 10:33 - 2016-04-02 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 10:33 - 2016-04-02 05:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 10:33 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 10:33 - 2016-04-02 05:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 10:33 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 10:33 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 10:33 - 2016-04-02 05:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 10:33 - 2016-04-02 05:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 10:33 - 2016-04-02 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 10:33 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 10:33 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 10:33 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 10:33 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 10:33 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 10:33 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 10:33 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 10:33 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 10:33 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 10:33 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 10:33 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 10:33 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 10:33 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 10:33 - 2016-03-29 11:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 10:33 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 10:33 - 2016-03-29 11:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 10:33 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 10:33 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 10:33 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 10:33 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 10:33 - 2016-03-29 11:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 10:33 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 10:33 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 10:33 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 10:33 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 10:33 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 10:33 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 10:33 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 10:33 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 10:33 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 10:33 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 10:33 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 10:33 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 10:33 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 10:33 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 10:33 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 10:33 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 10:33 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 10:33 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 10:33 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 10:33 - 2016-03-29 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 10:33 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 10:33 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 10:33 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 10:33 - 2016-03-29 10:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 10:33 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 10:33 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 10:33 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 10:33 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 10:33 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 10:33 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 10:33 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 10:33 - 2016-03-29 10:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 10:33 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 10:33 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 10:33 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 10:33 - 2016-03-29 09:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 10:33 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 10:33 - 2016-03-29 09:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 10:33 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 10:33 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 10:33 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 10:33 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 10:33 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 10:33 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 10:33 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 10:33 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 10:33 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 10:33 - 2016-03-29 09:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 10:33 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 10:33 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 10:33 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 10:33 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 10:33 - 2016-03-29 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 10:33 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 10:33 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 10:33 - 2016-03-29 09:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 10:33 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 10:33 - 2016-03-29 09:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 10:33 - 2016-03-29 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 10:33 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 10:33 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 10:33 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 10:33 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 10:33 - 2016-03-29 09:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 10:33 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 10:33 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 10:33 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 10:33 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 10:33 - 2016-03-29 09:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 10:33 - 2016-03-29 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 10:33 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 10:33 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 10:33 - 2016-03-29 09:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 10:33 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 10:33 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 10:33 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 10:33 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 10:33 - 2016-03-29 09:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 10:33 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 10:33 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 10:33 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 10:33 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 10:33 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 10:33 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 10:33 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 10:33 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 10:33 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 10:33 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 10:33 - 2016-03-29 09:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 10:33 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 10:33 - 2016-03-29 09:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 10:33 - 2016-03-29 09:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 10:33 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 10:33 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 10:33 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 10:33 - 2016-03-29 09:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 10:33 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 10:33 - 2016-03-29 09:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 10:33 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 10:33 - 2016-03-29 09:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 10:33 - 2016-03-29 09:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 10:33 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 10:33 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 10:33 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 10:33 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 10:33 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 10:33 - 2016-03-29 09:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 10:33 - 2016-03-29 09:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 10:33 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 10:33 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 10:33 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 10:33 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 10:33 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 10:33 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 10:33 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 10:33 - 2016-03-29 09:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 10:33 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 10:33 - 2016-03-29 09:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 10:33 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 10:33 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 10:33 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 10:33 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 10:33 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 10:33 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 10:33 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 10:33 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 10:33 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 10:33 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 10:33 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 10:33 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 10:33 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 10:33 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 10:33 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 10:33 - 2016-03-29 08:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 10:33 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 10:33 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 10:33 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 10:33 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 10:33 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 10:33 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 10:33 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 10:33 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 10:33 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 10:33 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 10:33 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 10:33 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 10:33 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 10:33 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 10:33 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 10:33 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 10:33 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 10:33 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 10:33 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 10:33 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 10:33 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 10:33 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 10:33 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 10:33 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 10:33 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 10:33 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 10:33 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 10:33 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 10:33 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 10:33 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 10:33 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 10:33 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 10:33 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 10:33 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 10:33 - 2016-03-29 08:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 10:33 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 10:33 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 10:33 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 10:33 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 10:33 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 10:33 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 10:33 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 10:33 - 2016-03-29 08:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 10:33 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 10:33 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 10:33 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 10:33 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 10:33 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 10:33 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 10:33 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 10:33 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 10:33 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 10:33 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 10:33 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 10:33 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 10:33 - 2016-03-29 08:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 10:33 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 10:33 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 10:33 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 10:33 - 2016-03-29 08:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 10:33 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 10:33 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 10:33 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 10:33 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 10:33 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 10:33 - 2016-03-29 07:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 10:33 - 2016-03-29 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 10:33 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 10:33 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 10:33 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 10:33 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 10:33 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 10:33 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 10:33 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 10:33 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 10:33 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 10:33 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 10:33 - 2016-03-29 07:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 10:33 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 10:33 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 10:33 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 10:33 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 10:33 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 10:33 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 10:33 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-11 09:41 - 2016-04-11 09:41 - 00247464 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-04-11 09:41 - 2016-04-11 09:41 - 00001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-04-11 09:41 - 2016-04-11 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-04-11 09:40 - 2016-04-11 09:41 - 05252032 _____ ( ) C:\Users\Philipp\Downloads\Zemana.AntiMalware.Setup (1).exe
2016-04-05 17:07 - 2016-04-06 09:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-04 16:03 - 2016-04-04 16:03 - 00019600 _____ C:\Users\Philipp\Downloads\modifizierte-bayrische-Formel (2).xlsx
2016-04-04 15:57 - 2016-04-04 15:57 - 00019600 _____ C:\Users\Philipp\Downloads\modifizierte-bayrische-Formel (1).xlsx
2016-04-04 14:50 - 2016-04-04 14:50 - 00019600 _____ C:\Users\Philipp\Downloads\modifizierte-bayrische-Formel.xlsx
2016-04-01 11:48 - 2016-04-01 11:48 - 01011998 _____ C:\Users\Philipp\Downloads\images (2).pdf
2016-04-01 11:47 - 2016-04-01 11:47 - 01263633 _____ C:\Users\Philipp\Downloads\images (1).pdf
2016-04-01 11:33 - 2016-04-01 11:34 - 00000000 ____D C:\Users\Philipp\Documents\PWC
2016-03-31 16:09 - 2016-03-31 16:09 - 00466264 _____ C:\Users\Philipp\Downloads\Bai_et_al-2004-Econometrica.pdf
2016-03-31 13:48 - 2016-03-31 13:48 - 00057880 _____ C:\Users\Philipp\Downloads\Table_4.1_Natural_Gas_Overview.xlsx
2016-03-23 12:43 - 2016-03-23 12:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-23 12:06 - 2016-03-23 12:42 - 45498040 _____ C:\Users\Philipp\Desktop\Firefox Setup 45.0.1.exe
2016-03-23 11:36 - 2016-03-23 11:36 - 00003184 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458725782
2016-03-23 11:36 - 2016-03-23 11:36 - 00001086 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-23 11:36 - 2016-03-23 11:36 - 00001086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-23 11:36 - 2016-03-23 11:35 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-23 10:13 - 2016-04-12 16:13 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-03-23 10:13 - 2016-03-23 10:13 - 00003804 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2016-03-23 10:13 - 2016-03-23 10:13 - 00002044 _____ C:\Users\Public\Desktop\Overwolf.lnk
2016-03-23 10:13 - 2016-03-23 10:13 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2016-03-23 10:13 - 2016-03-23 10:13 - 00000000 ____D C:\ProgramData\Overwolf
2016-03-23 10:11 - 2016-04-04 14:18 - 00000000 ____D C:\Users\Philipp\AppData\Local\Overwolf
2016-03-23 10:11 - 2016-03-23 10:11 - 01704192 _____ (Overwolf) C:\Users\Philipp\Downloads\HearthArena-OverwolfInstaller.exe
2016-03-18 21:43 - 2016-04-16 10:30 - 00003422 _____ C:\WINDOWS\System32\Tasks\InternetSoft Protector Job
2016-03-17 08:50 - 2016-03-17 08:50 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-16 11:32 - 2015-11-25 09:11 - 00009476 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-04-16 11:21 - 2012-03-26 09:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-16 11:06 - 2015-06-17 04:55 - 00001232 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-984584555-1158884173-326051070-1001UA.job
2016-04-16 11:01 - 2015-11-25 09:11 - 00047823 _____ C:\WINDOWS\ZAM.krnl.trace
2016-04-16 10:50 - 2012-07-23 11:58 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-16 10:38 - 2012-07-19 18:35 - 00000000 ____D C:\Users\Philipp\AppData\Local\PMB Files
2016-04-16 10:11 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-16 10:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-16 10:10 - 2015-09-07 17:04 - 00000550 _____ C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job
2016-04-16 10:06 - 2015-10-23 10:27 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3A723F8-E89E-4C78-89BF-C7F24365891F}
2016-04-16 10:02 - 2015-09-13 01:19 - 00000000 __SHD C:\Users\Philipp\IntelGraphicsProfiles
2016-04-16 10:02 - 2012-07-23 11:57 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-15 21:12 - 2016-01-13 20:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-15 21:11 - 2015-10-30 08:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-15 21:10 - 2015-02-25 14:09 - 00020085 _____ C:\Users\Philipp\Documents\.Rhistory
2016-04-15 21:10 - 2014-04-13 19:10 - 00000000 ____D C:\AdwCleaner
2016-04-15 21:10 - 2013-04-10 07:55 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\RStudio
2016-04-15 21:10 - 2013-04-10 07:54 - 00000000 ____D C:\Users\Philipp\AppData\Local\RStudio-Desktop
2016-04-15 20:46 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-15 20:42 - 2016-01-13 20:23 - 02087860 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-15 20:42 - 2015-10-30 20:35 - 00889898 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-15 20:42 - 2015-10-30 20:35 - 00197688 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-15 20:40 - 2015-03-09 09:48 - 00609992 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btfilter.sys
2016-04-15 19:06 - 2012-07-19 18:35 - 00000000 ____D C:\ProgramData\PMB Files
2016-04-14 16:36 - 2016-01-13 20:26 - 00000000 ____D C:\Users\Philipp
2016-04-14 16:36 - 2015-12-31 00:01 - 00000483 _____ C:\Users\Philipp\Desktop\To Do.txt
2016-04-14 15:04 - 2016-01-14 17:03 - 00000000 ____D C:\Users\Philipp\Documents\Reisetickets
2016-04-14 10:42 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-14 09:54 - 2016-01-13 20:10 - 00374992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 19:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 19:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 19:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 19:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 13:00 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 12:56 - 2013-08-02 13:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 12:51 - 2012-10-06 19:02 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 10:35 - 2015-09-13 01:18 - 00000000 ____D C:\Users\Philipp\AppData\Local\Packages
2016-04-11 09:41 - 2015-10-27 22:33 - 00247464 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-04-11 09:41 - 2015-10-27 22:33 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-04-07 18:45 - 2016-01-26 09:41 - 00000000 ____D C:\Users\Philipp\AppData\Local\Deployment
2016-04-07 11:53 - 2016-01-13 22:37 - 00000000 ____D C:\Users\Philipp\Documents\KfW
2016-04-07 10:50 - 2012-07-19 21:57 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Skype
2016-04-07 09:50 - 2012-03-26 08:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-07 09:50 - 2012-03-26 08:45 - 00000000 ____D C:\ProgramData\Skype
2016-04-07 08:49 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-04-06 20:32 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-06 09:07 - 2012-07-19 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-01 11:45 - 2016-01-19 18:47 - 00000000 ___RD C:\Users\Philipp\Documents\Scanned Documents
2016-03-31 00:13 - 2014-05-05 21:15 - 00000000 ____D C:\Users\Philipp\AppData\Local\Battle.net
2016-03-30 23:03 - 2014-05-05 21:15 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-03-23 12:48 - 2016-03-01 18:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-03-23 12:44 - 2012-07-19 18:16 - 00001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-23 12:44 - 2012-07-19 18:16 - 00000997 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-23 11:35 - 2016-02-19 11:03 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-23 11:35 - 2016-02-19 11:03 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 10:05 - 2012-09-22 14:48 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\vlc
2016-03-23 09:36 - 2013-03-23 11:59 - 00000000 ___RD C:\Users\Philipp\Google Drive
2016-03-23 09:36 - 2012-11-15 06:59 - 00000000 ___RD C:\Users\Philipp\Dropbox
2016-03-23 09:36 - 2012-11-15 06:46 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Dropbox
2016-03-22 09:06 - 2015-06-17 04:55 - 00001180 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-984584555-1158884173-326051070-1001Core.job
2016-03-21 18:49 - 2016-01-14 17:02 - 00000000 ____D C:\Users\Philipp\Documents\Bewerbungen
2016-03-21 14:02 - 2016-02-19 11:04 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-19 19:38 - 2012-12-25 16:42 - 00005173 _____ C:\WINDOWS\wininit.ini
2016-03-19 19:37 - 2016-03-09 11:12 - 00000000 ____D C:\Program Files (x86)\OldFirefox
2016-03-18 21:43 - 2016-02-18 20:00 - 00000000 ____D C:\Program Files (x86)\InternetSoft Protector

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-24 08:47 - 2014-10-24 08:58 - 0000012 _____ () C:\Program Files\AvailableFeatures.ini
2014-01-09 22:17 - 2011-11-04 13:46 - 0733184 _____ (www.rene-zeidler.de) C:\Program Files\Snipping Tool Plus.exe
2013-04-05 22:03 - 2013-04-05 22:03 - 0000337 _____ () C:\Users\Philipp\AppData\Local\Perfmon.PerfmonCfg
2012-04-28 08:21 - 2012-04-28 08:24 - 0002454 _____ () C:\ProgramData\clear.fiSDK20.log
2016-01-13 20:19 - 2016-01-13 20:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-04-28 08:23 - 2012-10-30 07:37 - 0000032 _____ () C:\ProgramData\PS.log

Einige Dateien in TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\hp2_upd2_v1029.exe
C:\Users\Philipp\AppData\Local\Temp\hp_u2_1733.exe
C:\Users\Philipp\AppData\Local\Temp\hp_u_23822.exe
C:\Users\Philipp\AppData\Local\Temp\libeay32.dll
C:\Users\Philipp\AppData\Local\Temp\msvcr120.dll
C:\Users\Philipp\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-04-05 22:51

==================== Ende von FRST.txt ============================

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-04-2016
durchgeführt von Philipp (2016-04-16 11:42:30)
Gestartet von C:\Users\Philipp\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-13 19:04:53)
Start-Modus: Normal
==========================================================

==================== Konten: =============================

Administrator (S-1-5-21-984584555-1158884173-326051070-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-984584555-1158884173-326051070-503 - Limited - Disabled)
Gast (S-1-5-21-984584555-1158884173-326051070-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-984584555-1158884173-326051070-1003 - Limited - Enabled)
Philipp (S-1-5-21-984584555-1158884173-326051070-1001 - Administrator - Enabled) => C:\Users\Philipp

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Acer Instant Update Service (HKLM\...\{4E8D1AAE-509F-46DE-AAB4-CE9BCABA2D35}) (Version: 1.00.3001 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version: - )
Driver Booster 3.3 (HKLM-x32\...\Driver Booster_is1) (Version: 3.3 - IObit)
Dropbox (HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
EViews 8 (HKLM-x32\...\InstallShield_{1D78E62C-B585-446A-8FC7-2754332C0521}) (Version: 8.00.0000 - IHS Global Inc.)
EViews 8 (x32 Version: 8.00.0000 - IHS Global Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Svenska (HKLM-x32\...\{90150000-001F-041D-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 45.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x64 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 de)) (Version: 38.7.2 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.16.00 - NETGEAR Inc.)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.93.20.0 - Overwolf Ltd.)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 0.99.878 - RStudio)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
UvASecureW2 (HKLM-x32\...\SecureW2) (Version: UvASecureW2: 3.5.15.1 - University of Amsterdam)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.140 - Zemana Ltd.)
Zoom (HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Philipp\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-984584555-1158884173-326051070-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00D0C302-1F9F-4A9B-95E8-A2D346C041CC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {018874CE-EDDE-4D0A-9531-5870B5156950} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {01D8F085-6EB9-4B98-9BDC-20BCB2AD6FC8} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()
Task: {022067D2-8661-48B5-994E-5D06A62B7C51} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-03-28] (IObit)
Task: {0577EBA1-2D27-423B-B96D-D6114EBE51F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {08BE9CE1-A50F-44B4-9154-C8CE2BA312B2} - System32\Tasks\{BD98DA74-D16C-4459-B59A-C1ABF1963DD3} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}\setup.exe" -c -runfromtemp -l0x0407
Task: {0F2E588C-D5CA-4359-87BE-CAB647C8FF6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {14757D4A-A3B6-4E4B-9A84-7B2376DF185E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {1DF0C399-A9A2-4F2F-AEA4-8F3253DAC94A} - System32\Tasks\Driver Booster SkipUAC (Philipp) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-04-01] (IObit)
Task: {24C031FC-D00D-4ACF-A938-D337C9233477} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-06-23] (Microsoft Corporation)
Task: {267548CC-0EA0-4C44-AA00-28AB3C3B4754} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {28550ECE-A80F-4697-B4C7-7F0A32A14AE1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {28E091A7-0563-4AC3-99EF-7D0689323059} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2B2B4554-234E-4AC7-8C5A-847F6D18E7D7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {33571CA9-9E1B-4210-BBB9-48B39414E369} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {3C5832A9-8F6C-4C01-99DB-8325AB40D930} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4CC348C2-1331-40D8-AF96-23B60FEDC545} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4E547851-1F23-4275-96DF-7197DED8932A} - System32\Tasks\{30EFF018-75A5-44B4-96C5-898063EB116B} => pcalua.exe -a D:\setup.exe -d D:\ -c /autorun
Task: {52205327-8911-4677-9DB5-0FF9DF0AE79A} - System32\Tasks\{6A46FA29-EBB7-4255-AED9-5D3B70452B71} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.59.104/de/abandoninstall?page=tsMain
Task: {538EAC77-A595-4476-9B2A-AF5A4A175224} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {5471406E-D5FF-4D6D-8DAC-0BC3C3BE5A7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {55E17939-B67A-4509-AA8E-52A5C4D5DE84} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5716E2FB-F236-4291-AC59-02021116F73B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {58FCDE4B-DBBA-4481-A3B1-F39405D812A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {5DA5ECA2-2472-466F-AD12-41C146A923AC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {5DFDE2A4-0C58-41A6-BB19-55224BDB46DE} - System32\Tasks\{B3F1D5E0-4BCD-40D9-8A66-403E24620894} => pcalua.exe -a C:\Users\Philipp\Downloads\Duesterburg-v1.21-Full.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {60238EFE-2605-4AD3-A1DC-B21AB19C7E68} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {623832B6-1B5A-4D89-9467-140A1A97A544} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {723C31D7-ECC6-4997-84DC-44DA05334C3A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-984584555-1158884173-326051070-1001Core => C:\Users\Philipp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {73027593-FA02-4166-97E2-B1AD46550445} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7521ADA1-1B70-469F-98F5-514D6A6415C2} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-04-05] (Overwolf LTD)
Task: {75D39CB2-BD97-47AA-A991-506006C9DBDC} - System32\Tasks\SafeZone scheduled Autoupdate 1458725782 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {78B50F09-CD18-43EB-B5E6-A3CB8D13F0E5} - System32\Tasks\Win Cleaner => C:\Users\Philipp\AppData\Roaming\Win Cleaner\Win Cleaner.exe <==== ACHTUNG
Task: {7CF7BFFA-70B1-49A5-9F2F-796E01DE8FD3} - System32\Tasks\Anti Virus Security Uninstaller => C:\Program Files (x86)\Anti Virus Security\Anti VirusSecurity.exe [2015-10-25] (Backup Updater) <==== ACHTUNG
Task: {8B15AE7F-C114-492C-A40A-1A110D2DD839} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {8DBA6628-BD48-42BF-8FFA-FCA2A5045EF6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8FCCD5FC-865A-49C0-8A55-FF5E70DD5FA1} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {957EBEE4-ED2D-41C7-BF25-067F93C22411} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {961115B9-02EC-4EF1-BADF-C735C7F422E4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {9858A213-A75F-40A6-A77B-F13A4B8816AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {9ADAD58A-799B-4718-A076-848ABAF83664} - System32\Tasks\InternetSoft Protector Job => C:\Program Files (x86)\InternetSoft Protector\msnworker.exe [2016-04-05] () <==== ACHTUNG
Task: {9BC2A552-49CE-4E50-BD00-D0382A3835BB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {9E93B199-C01D-4D1A-BBAA-83BB713915B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-06-23] (Microsoft Corporation)
Task: {A49BB8E1-23D7-4021-BBAF-22AD7F2F3558} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AB61133F-D7B5-4CC2-A715-70342F2380C6} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {ABDB99D3-CE34-477F-A894-1E9B9E42D486} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-19] (AVAST Software)
Task: {AD09C226-691B-44D1-96BB-D45F6BC6C7EC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B31728D1-C585-406C-A2A7-AD80C90CD229} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {BB48B2FE-9E2F-4BB1-B572-23E326EC0975} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {BF4376D4-37E2-48C7-A520-1B868F609CDF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-984584555-1158884173-326051070-1001UA => C:\Users\Philipp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {C22D605F-D547-4DF0-A0B7-15E1F622C68D} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {C24B60D3-6D9D-4279-B5B1-E00F033715C3} - System32\Tasks\{735D34F3-EF06-49FD-BA91-53730AB4F4FB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.59.104/de/privacy
Task: {CF755071-C4C9-4968-B9F8-69F0DBB5E40A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {D40566A2-07FD-4D32-8A4E-7AECE8FCE47C} - \Re-markit Update -> Keine Datei <==== ACHTUNG
Task: {DC486354-47CF-4052-AE80-6927A3A7FB79} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {DE8BDA79-FE56-4E1A-9245-94DDB5B3A2E9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {DED57325-9BAB-422B-A528-3FC28506193A} - System32\Tasks\{9589D77C-DE3B-43DF-A9E5-4D7B0FF36A59} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?LastError=1638
Task: {e51db901-bf03-4849-90ad-ad3ebd49a441} - kein Dateipfad
Task: {ECEDCA06-4AE0-4088-877D-16891E8FD0FE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {ED2A3640-1EF3-452C-81B3-16A84A0394FC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {EF9D92F9-6EE1-46F6-863B-5EF2E1B17E00} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {EFD779FF-C69B-48AD-9A4A-53F635F4A8E6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F1CF41AC-B867-40CB-9994-D8844AF977C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {F4017108-2B3A-4E76-AAD8-635CD39591B6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {F9A9F030-7DE7-4D16-B0EA-DD80E6499A10} - System32\Tasks\{AF427D5C-9217-4980-83AC-94A4FA640ED8} => pcalua.exe -a C:\Users\Philipp\Downloads\europaeischer-zeichensatz-komplett.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {FEC991B9-EDC4-4CED-A5D4-CAFB9ED93841} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-984584555-1158884173-326051070-1001Core.job => C:\Users\Philipp\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-984584555-1158884173-326051070-1001UA.job => C:\Users\Philipp\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-12-01 06:33 - 2011-10-04 23:43 - 00087552 _____ () C:\WINDOWS\System32\custmon64i.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-13 20:19 - 2015-12-16 16:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-13 10:34 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:34 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-06-23 18:19 - 2012-06-23 18:19 - 06307928 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-01-13 19:58 - 2016-01-13 19:58 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 10:33 - 2016-04-02 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 10:33 - 2016-04-02 05:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 10:33 - 2016-04-02 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 10:33 - 2016-04-02 04:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 10:33 - 2016-04-02 05:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-02-21 00:34 - 2012-02-21 00:34 - 00040552 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-02-21 00:34 - 2012-02-21 00:34 - 00022632 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2016-01-22 13:39 - 2016-01-22 13:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-19 11:03 - 2016-02-19 11:03 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-19 11:03 - 2016-02-19 11:03 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-15 20:09 - 2016-04-15 20:09 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041501\algo.dll
2016-04-14 11:54 - 2016-04-14 11:54 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-03-26 08:37 - 2012-02-02 01:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-04-28 08:05 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-01-05 21:14 - 2015-12-16 18:59 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-02-19 11:03 - 2016-02-19 11:03 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-22 13:39 - 2016-01-22 13:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 13:39 - 2016-01-22 13:39 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\olb.de -> hxxps://www.olb.de

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-984584555-1158884173-326051070-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-984584555-1158884173-326051070-1001\...\StartupApproved\Run: => "GoogleDriveSync"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{D3F94E49-554F-4C49-88D8-5BF50A0B8CDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{62721436-FCC4-4504-A8DE-524F9B58DD10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{431AB459-2BFF-47D2-83E6-6379AA6D7196}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{713C011C-9EA6-42A3-8C0F-819E2B277202}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B53768BF-575F-4C6E-AA72-9988FBFBBF2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B7FCE1BF-6D8B-4283-B6A8-5A090469C9F6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3CEAA77A-0772-4E06-9EBF-1288EB15CF48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{73023A80-6D7D-4FA4-B8AD-841671E0680B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F4623816-E014-454B-96FD-F833C46E78A5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33A4038D-55B1-4934-96BC-181B2C733866}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{426E7A8B-AB2F-4D3C-8C61-9AF93DEA9C53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7C7105D-C4D5-4BEE-A041-23FB49AA5D5A}] => (Allow) C:\Users\Philipp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EFB3F83C-9A41-4FD2-931D-E434C579E9AA}] => (Allow) C:\Users\Philipp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{60679DB8-7FF3-45A4-B055-95A688EB089F}C:\users\philipp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{55739401-0B1C-4F54-9F44-8BA2131FD620}C:\users\philipp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9BAF2586-8D10-465C-8EA8-ECEDA2829538}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{308A3C04-0F58-42E3-AE30-3B630CCAB60F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A43044E4-B964-4096-82BD-73EB166B0EB1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{AA02744A-713F-43CF-BA65-2FA785D5D245}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D25D21F9-F010-40FC-B1C8-66CEA113BF95}] => (Allow) LPort=2869
FirewallRules: [{CEDFA3C5-CE19-43A6-B35F-6E6441148194}] => (Allow) LPort=1900
FirewallRules: [{537BF1E7-2C18-4EED-8EED-60C8451DDC0B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D11B2CA3-3A00-4497-A206-1FEFCA823C48}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F902E5D6-9A47-41D7-A532-2AF1B8B9FD79}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{367F6382-8925-4522-8C2F-19B4F5A8FBAE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{E4A1D70F-2EF7-48DD-ABE3-8235EA0C37E3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{EEE9FB30-3262-4F6F-A504-06D2D0DA37C1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{28617EE7-2BA0-4552-A5E0-82C2F363C745}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{7E643419-F9CD-4FFF-BE0C-67BBAB9AB9F3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{61256C66-A1BE-48EF-A216-A3D3D668D9A0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{4661C85D-B703-47C6-931B-6C494BC49935}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{04C97C20-DE2F-4B66-9E52-0CE3A01D7B3D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\PlayMovie.exe
FirewallRules: [{111C3657-052B-4EBA-919D-08FDFC52C437}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7515253A-6E8A-487F-90A2-91775AAE051A}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{03C5E91D-6D06-4511-9E6D-A2B8E78C06DE}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{4CB42E6D-0172-43BD-9760-EA24803C21F4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{DC098E36-1E72-45A4-89EC-BC4BF15AA421}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{E7E1D2B1-29B8-4F5A-85AD-B8D37442A71B}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{DAB177D1-2AE7-406F-BE83-1B9D321C171F}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{60019A7A-E336-45AC-A50E-D3268EF45734}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{271EA4A0-5E3B-4A6E-8B93-71A237D2F20F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{779AC460-B8B0-4A85-8E7A-68D22F6DF41A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F955C03B-37B3-4816-BA58-C88C8F9DEC9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{37B50416-D70D-42C3-AB35-831FC79999D5}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{93D1578A-301F-4005-814C-56124C477773}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{1111A48E-360A-4880-AF43-5E23B54178F3}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{EB1756A8-9BEC-4C52-8DE8-3D29E5F6F7A7}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [TCP Query User{C2EA0769-C36D-42DD-8AC6-0137D264FF2B}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{DEB35171-FA65-4C59-9A6C-375E78038FAF}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [{1BE9415D-50BB-4B21-8E73-3F9C4E977915}] => (Allow) C:\Users\Philipp\AppData\Local\Temp\SmallInstaller\InstallFiles\ccdd.exe
FirewallRules: [{051B56EE-ADE4-45CD-8FC2-EC4B8A2DABD0}] => (Allow) C:\Users\Philipp\AppData\Local\Temp\SmallInstaller\InstallFiles\ccdd.exe
FirewallRules: [{6595093B-DE9C-49EF-A385-A85744D5873E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9ACF1285-BD04-4427-809C-DDFC28B572A7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{D2FDE4B3-65F2-4934-9230-325B112B8A67}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{58F1AAA2-5C39-483B-B6B5-BF825B3A3305}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{FC4B5BAD-27C8-4CAF-9A49-8DF48DD865DF}] => (Allow) C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{37B14A68-CABE-4A4C-B973-01E3560A027A}] => (Allow) C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{1D499D8B-2759-406B-9122-62AD533D03DA}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{C7914F52-7CB7-45DA-A149-F24A6C19BEB2}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{E9CD7368-3321-4873-B3C1-33DF8B1D1550}C:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7DF8626F-9CF2-4E64-B95E-E4F492426714}C:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{EBA1F040-A2D0-4119-87B6-657DCDD56F10}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{05B10E7E-89D6-4996-9452-D72E1EEFBCC9}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [{399A984B-2FD4-49E2-BBB7-603128D1B91F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{53E8A4D9-C120-4EBC-89DD-5FFAE49529D5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{03631554-1F04-4CE5-A302-5FCA64E261D2}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{55E374B1-E295-4408-9751-8745F5469AEA}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{0AD8F616-8141-4E5A-984C-D3CF198CD8D8}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{8E0F4A7F-98F2-4032-A199-79041434546B}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{5A9C2105-5C3B-4DA9-B3AA-6E64AE5F5257}] => (Block) %ProgramFiles% (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3879D582-A6C2-48DF-8165-5A76C0F6C912}] => (Block) %ProgramFiles% (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0358960-1A92-494D-8529-38A41ABCB7BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{3465D648-5D96-473B-8732-603CF9ECBA03}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{744A3998-EF56-4C7C-A2E4-2138B5FAB6BF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3144989A-2C59-43FE-87BA-401C5482C907}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AB630647-8652-4859-B3F7-96FB47A56F6D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{6A6C9EE7-93C6-4843-88AA-ECBFC31642F2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{AEAC91BD-7A9E-4B46-8295-286F63D958F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{B665FFC8-65E9-4E66-8F32-2D83DE8D134F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{EE18D721-B8DC-4599-AFE7-1ECD060791CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{81BC0743-CE0D-4D09-8FA8-85F9BFC4FCB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{B47EB321-EFCD-484D-A959-F48A0228E1D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EA2AC7A3-A069-4503-85B2-3AEFA456707F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{087A2BAA-4A89-43F1-9A65-CD422B78B99A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{C7A66631-B223-461C-986F-CB4D5C352669}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{39D19AE3-1E0B-4BB0-8EC6-16BDA4DAE0CC}] => (Allow) C:\Users\Philipp\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{99456C35-FF7F-468B-BCE5-AD3A0AFB22A1}] => (Allow) C:\Users\Philipp\AppData\Roaming\Zoom\bin\airhost.exe
FirewallRules: [{36278D2A-53B4-4A42-9562-74CFB27EC2BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{4C246B6A-D6CC-4578-9356-BEAA5FB0911E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B4147F4C-771E-4649-9124-964350B41C65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E755E7B-2A3D-4F8C-905B-D45CDBF7BF16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C9BC2738-2561-4847-B406-FDC44669BA6C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AC28EDD3-B492-48B8-9796-1443754A77C2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BB504E5C-1B2C-47A4-9CF7-2EB5761D70B5}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{B8C1A0DB-407C-46A2-90F7-5B2F6647D1A1}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{52CFEB70-FD81-4332-A48E-271CD7E567D1}] => (Allow) LPort=8743
FirewallRules: [{0B81C643-BECA-4A71-B5F0-A7374393B500}] => (Allow) LPort=8643
FirewallRules: [{F54A59E0-E809-4D4A-9AEE-2BE1AFAB0321}] => (Allow) LPort=7676
FirewallRules: [{C928B036-2515-42C9-88CC-3E82B7988387}] => (Allow) LPort=7679
FirewallRules: [{D139473A-DFF0-4CCD-A0D0-23C46E0E1564}] => (Allow) LPort=24234
FirewallRules: [{75E6B238-126D-48D4-BE94-9120C6E8CD49}] => (Allow) LPort=7900
FirewallRules: [{0B93E773-DC6B-4BC7-85BC-8CFCF87809E6}] => (Allow) LPort=1900
FirewallRules: [{F6A84AEC-A60C-4725-A84D-E42C3EA68E5C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{23465F38-6F09-4B96-9EA5-2B7959C61DF0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{8D30AA4F-5C63-4AB9-B448-B92A02CE234A}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{B3123026-C263-4541-BBE7-697D7C988D9B}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [{4DACD062-7074-4396-AB93-6596159A8E08}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E90BC49B-AEF7-4057-AEA1-5C390C669563}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{C03D0D6C-251C-4C30-A9EF-05E28EA13977}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{59E5A56B-C7BB-47B8-BF8E-35B088F3B9CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DC5F5E75-0BCD-478A-9876-314106B46F3B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Wiederherstellungspunkte =========================

31-03-2016 10:28:29 Geplanter Prüfpunkt
11-04-2016 10:13:59 Geplanter Prüfpunkt
15-04-2016 20:37:55 Driver Booster : 3rd Gen Core processor DRAM Controller - 0154

==================== Fehlerhafte Geräte im Gerätemanager =============

==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/15/2016 09:23:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (04/15/2016 09:13:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (04/15/2016 09:13:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/15/2016 09:13:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/15/2016 09:13:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/15/2016 09:13:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/15/2016 09:13:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/15/2016 09:13:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/15/2016 09:10:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.10586.218, Zeitstempel: 0x56ff3b2e
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x56fa0e13
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000782c7
ID des fehlerhaften Prozesses: 0x1c8c
Startzeit der fehlerhaften Anwendung: 0xMicrosoftEdge.exe0
Pfad der fehlerhaften Anwendung: MicrosoftEdge.exe1
Pfad des fehlerhaften Moduls: MicrosoftEdge.exe2
Berichtskennung: MicrosoftEdge.exe3
Vollständiger Name des fehlerhaften Pakets: MicrosoftEdge.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge.exe5

Error: (04/15/2016 08:38:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Systemfehler:
=============
Error: (04/16/2016 10:04:52 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "DESKTOP-D4P0UCB",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C8642D60-FE64-452B-8393-DA6134916B2E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/15/2016 10:23:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_457d5" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/15/2016 09:17:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/15/2016 09:17:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Error: (04/15/2016 09:14:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/15/2016 09:13:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FontCache3.0.0.0 erreicht.

Error: (04/15/2016 09:13:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetPipeActivator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/15/2016 09:13:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NetPipeActivator erreicht.

Error: (04/15/2016 09:12:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NvStreamSvc erreicht.

Error: (04/15/2016 09:12:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

CodeIntegrity:
===================================
Date: 2016-04-14 16:09:34.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-14 09:56:57.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-13 18:42:00.790
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 10:36:31.740
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-14 07:45:23.426
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 07:41:04.251
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-03 14:14:42.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-03 12:15:37.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-12 09:26:35.625
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-11 19:06:53.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 8030.35 MB
Verfügbarer physikalischer RAM: 5669.63 MB
Summe virtueller Speicher: 8542.35 MB
Verfügbarer virtueller Speicher: 6105.7 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:681.54 GB) (Free:281.32 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CCF75840)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=681.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

#2
Essexboy

Posted 16 April 2016 - 06:50 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you let me know if this cures it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\System32\winrnr.dll"
2016-03-18 21:43 - 2016-04-16 10:30 - 00003422 _____ C:\WINDOWS\System32\Tasks\InternetSoft Protector Job
2016-03-18 21:43 - 2016-02-18 20:00 - 00000000 ____D C:\Program Files (x86)\InternetSoft Protector
Task: {78B50F09-CD18-43EB-B5E6-A3CB8D13F0E5} - System32\Tasks\Win Cleaner => C:\Users\Philipp\AppData\Roaming\Win Cleaner\Win Cleaner.exe <==== ACHTUNG
Task: {7CF7BFFA-70B1-49A5-9F2F-796E01DE8FD3} - System32\Tasks\Anti Virus Security Uninstaller => C:\Program Files (x86)\Anti Virus Security\Anti VirusSecurity.exe [2015-10-25] (Backup Updater) <==== ACHTUNG
Task: {9ADAD58A-799B-4718-A076-848ABAF83664} - System32\Tasks\InternetSoft Protector Job => C:\Program Files (x86)\InternetSoft Protector\msnworker.exe [2016-04-05] () <==== ACHTUNG
Task: {D40566A2-07FD-4D32-8A4E-7AECE8FCE47C} - \Re-markit Update -> Keine Datei <==== ACHTUNG
C:\Users\Philipp\AppData\Roaming\Win Cleaner
C:\Program Files (x86)\Anti Virus Security
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

#3
Mairuu

Posted 16 April 2016 - 07:17 AM

New Member

Topic Starter
Member
3 posts

Here's the fixlog:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-04-2016
durchgeführt von Philipp (2016-04-16 15:06:20) Run:1
Gestartet von C:\Users\Philipp\Desktop
Geladene Profile: Philipp (Verfügbare Profile: Philipp & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CreateRestorePoint:
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ACHTUNG: LibraryPath sollte sein "%SystemRoot%\System32\winrnr.dll"
2016-03-18 21:43 - 2016-04-16 10:30 - 00003422 _____ C:\WINDOWS\System32\Tasks\InternetSoft Protector Job
2016-03-18 21:43 - 2016-02-18 20:00 - 00000000 ____D C:\Program Files (x86)\InternetSoft Protector
Task: {78B50F09-CD18-43EB-B5E6-A3CB8D13F0E5} - System32\Tasks\Win Cleaner => C:\Users\Philipp\AppData\Roaming\Win Cleaner\Win Cleaner.exe <==== ACHTUNG
Task: {7CF7BFFA-70B1-49A5-9F2F-796E01DE8FD3} - System32\Tasks\Anti Virus Security Uninstaller => C:\Program Files (x86)\Anti Virus Security\Anti VirusSecurity.exe [2015-10-25] (Backup Updater) <==== ACHTUNG
Task: {9ADAD58A-799B-4718-A076-848ABAF83664} - System32\Tasks\InternetSoft Protector Job => C:\Program Files (x86)\InternetSoft Protector\msnworker.exe [2016-04-05] () <==== ACHTUNG
Task: {D40566A2-07FD-4D32-8A4E-7AECE8FCE47C} - \Re-markit Update -> Keine Datei <==== ACHTUNG
C:\Users\Philipp\AppData\Roaming\Win Cleaner
C:\Program Files (x86)\Anti Virus Security
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Winsock: Catalog5 000000000001\\LibraryPath => erfolgreich wiederhergestellt (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000002\\LibraryPath => erfolgreich wiederhergestellt (%SystemRoot%\system32\napinsp.dll)
Winsock: Catalog5 000000000003\\LibraryPath => erfolgreich wiederhergestellt (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000004\\LibraryPath => erfolgreich wiederhergestellt (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000005\\LibraryPath => erfolgreich wiederhergestellt (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5 000000000006\\LibraryPath => erfolgreich wiederhergestellt (%SystemRoot%\System32\winrnr.dll)
C:\WINDOWS\System32\Tasks\InternetSoft Protector Job => erfolgreich verschoben
C:\Program Files (x86)\InternetSoft Protector => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78B50F09-CD18-43EB-B5E6-A3CB8D13F0E5}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78B50F09-CD18-43EB-B5E6-A3CB8D13F0E5}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Win Cleaner => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Cleaner" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CF7BFFA-70B1-49A5-9F2F-796E01DE8FD3}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CF7BFFA-70B1-49A5-9F2F-796E01DE8FD3}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Anti Virus Security Uninstaller => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Anti Virus Security Uninstaller" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ADAD58A-799B-4718-A076-848ABAF83664}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ADAD58A-799B-4718-A076-848ABAF83664}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\InternetSoft Protector Job => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\InternetSoft Protector Job" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D40566A2-07FD-4D32-8A4E-7AECE8FCE47C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D40566A2-07FD-4D32-8A4E-7AECE8FCE47C}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update => Schlüssel nicht gefunden.
C:\Users\Philipp\AppData\Roaming\Win Cleaner => erfolgreich verschoben
C:\Program Files (x86)\Anti Virus Security => erfolgreich verschoben

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Der Vorgang wurde erfolgreich beendet.

========= Ende von Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Der Vorgang wurde erfolgreich beendet.

========= Ende von Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-984584555-1158884173-326051070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-984584555-1158884173-326051070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt

========= Ende von RemoveProxy: =========

========= netsh advfirewall reset =========

OK.

========= Ende von CMD: =========

========= netsh advfirewall set allprofiles state ON =========

OK.

========= Ende von CMD: =========

========= ipconfig /flushdns =========

Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========

========= netsh winsock reset catalog =========

Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.

========= Ende von CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Global wird zur�ckgesetzt... OK
Schnittstelle wird zur�ckgesetzt... OK
Unicastadresse wird zur�ckgesetzt... OK
Nachbar wird zur�ckgesetzt... OK
Pfad wird zur�ckgesetzt... OK
wird zur�ckgesetzt... Fehler
Zugriff verweigert

wird zur�ckgesetzt... OK
Starten Sie den Computer neu, um die Aktion abzuschlie�en.

========= Ende von CMD: =========

========= ipconfig /release =========

Windows-IP-Konfiguration

Es kann kein Vorgang auf LAN-Verbindung ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 2 ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter LAN-Verbindung:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 2:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

   Verbindungsspezifisches DNS-Suffix:
   Verbindungslokale IPv6-Adresse . : fe80::1141:448d:5d2b:1355%18
   Standardgateway . . . . . . . . . :

========= Ende von CMD: =========

========= ipconfig /renew =========

Windows-IP-Konfiguration

Es kann kein Vorgang auf LAN-Verbindung ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 2 ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter LAN-Verbindung:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 2:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

   Verbindungsspezifisches DNS-Suffix: fritz.box
   Verbindungslokale IPv6-Adresse . : fe80::1141:448d:5d2b:1355%18
   IPv4-Adresse . . . . . . . . . . : 192.168.178.59
   Subnetzmaske . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . : 192.168.178.1

Tunneladapter isatap.fritz.box:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: fritz.box

========= Ende von CMD: =========

========= netsh int ipv4 reset =========

Schnittstelle wird zur�ckgesetzt... OK
wird zur�ckgesetzt... Fehler
Zugriff verweigert

Starten Sie den Computer neu, um die Aktion abzuschlie�en.

========= Ende von CMD: =========

========= netsh int ipv6 reset =========

Schnittstelle wird zur�ckgesetzt... OK
Nachbar wird zur�ckgesetzt... OK
Pfad wird zur�ckgesetzt... OK
wird zur�ckgesetzt... Fehler
Zugriff verweigert

wird zur�ckgesetzt... OK
wird zur�ckgesetzt... OK
Starten Sie den Computer neu, um die Aktion abzuschlie�en.

========= Ende von CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{2F29504E-2254-4EB1-B128-ACD2E65A90AB} canceled.
1 out of 1 jobs canceled.

========= Ende von CMD: =========

EmptyTemp: => 7 GB temporäre Dateien entfernt.

Das System musste neu gestartet werden.

==== Ende von Fixlog 15:10:45 ====

I will follow with the adwcleaner log in a minute

#4
Mairuu

Posted 16 April 2016 - 07:32 AM

New Member

Topic Starter
Member
3 posts

Whether It really worked I will only be able to say in a few days because thats how long it usually took for the adware to reappear. But a lot of thanks to you already! Below the adwcleander report:

# AdwCleaner v5.111 - Bericht erstellt am 16/04/2016 um 15:26:48
# Aktualisiert am 14/04/2016 von Xplode
# Datenbank : 2016-04-15.1 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Philipp - R116020
# Gestartet von : C:\Users\Philipp\Downloads\adwcleaner5111 (2).exe
# Option : Suchlauf
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****

***** [ Ordner ] *****

***** [ Dateien ] *****

***** [ DLL ] *****

***** [ Verknüpfungen ] *****

***** [ Aufgabenplanung ] *****

***** [ Registrierungsdatenbank ] *****

***** [ Internetbrowser ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [11597 Bytes] - [15/04/2016 21:10:32]
C:\AdwCleaner\AdwCleaner[R0].txt - [21803 Bytes] - [13/04/2014 19:10:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [17868 Bytes] - [13/04/2014 19:11:30]
C:\AdwCleaner\AdwCleaner[S1].txt - [12009 Bytes] - [15/04/2016 21:07:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [952 Bytes] - [16/04/2016 15:26:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1024 Bytes] ##########

#5
Essexboy

Posted 16 April 2016 - 07:41 AM

GeekU Moderator

Retired Staff
69,964 posts

OK use the system as normal for a day or so and then let me know

#6
Essexboy

Posted 20 April 2016 - 08:44 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: helper2, adware

Security → Virus, Spyware, Malware Removal → suffering with a bad case of malware :( HELP please [Closed] Started by lukey246 , 01 Aug 2019 Malware adware spyware, malware and 3 more...	2 replies 2,965 views	iMacg3 05 Aug 2019
Security → Virus, Spyware, Malware Removal → clipconverter.cc popups removal [Closed] Started by Labelia , 07 May 2018 malware, adware	2 replies 4,631 views	JSntgRvr 16 May 2018
Security → Virus, Spyware, Malware Removal → Computer slow and closing programs Started by musicianindistress , 25 Mar 2018 Slow, Virus, Adware, Closing and 1 more... 1 2	Hot 22 replies 8,862 views	Bruce1270 01 May 2018
Hardware → Smartphones and Tablets → My phone is installing applications without my permission Started by gody09 , 20 Mar 2018 mobile, adware	2 replies 3,751 views	angelaperryman228 14 Feb 2019
Security → Virus, Spyware, Malware Removal → malware or not? [Solved] Started by lazyoli , 13 Nov 2017 trojan, malware, adware and 2 more...	11 replies 8,233 views	RKinner 19 Nov 2017