| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7/8: Continue Live Installation (und mehr?) eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.09.2015, 18:11
| #1 |
| |  Windows 7/8: Continue Live Installation (und mehr?) eingefangen Hallo, ich habe mir heute auf meinem Laptop den Trojaner Continue live installation eingefangen, als ich eine Software für eine Handycam runterladen wollte  Da ich eine Niete in Sachen Computer bin, bräuchte ich Hilfe. Vielleicht habe ich mir auch noch mehr eingefangen, auf dem Desktop sind neben Continue Live installation bereits weitere neue Anwendungen Continue installation, PC Speed Up und Crossbrowse. Wenn ich auf Programme deinstallieren in der Systemsteuerung klicke, finden sich weitere neue Programme vom heutigen Tag (Tendenz steigend), die ich anscheinend im versehentlich installiert habe: Microsoft Silverlight, Google Toolbar for IE, Games Desktop 014.005010101, Games Desktop 014.005010100, Space Bar Use, Smart Web, CPU Mine, Cine Plus 1.44V29.09. Schon beim Hochfahren des Computers - ich benutze übrigens Windows 7, habe aber auch die Kacheln von Windows 8 - werden irgendwelche Programme gestartet. Immer wieder tauchen Pop-Ups auf, die sich nicht schließen lassen oder nur mit irgendeiner Zustimmung zu weiteren Installation. Ich trau mich nicht einmal auf abbrechen klicken. Wer könnte mir helfen, ich bin verzweifelt Viele Grüße, Fabi |
|
29.09.2015, 18:21
| #2 |
| /// TB-Ausbilder   |  Windows 7/8: Continue Live Installation (und mehr?) eingefangen Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
29.09.2015, 19:20
| #3 |
| | FRST.txtCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01 durchgeführt von Fabian (Administrator) auf FABUS (29-09-2015 20:04:59) Gestartet von C:\Users\Fabian\Downloads Geladene Profile: Fabian (Verfügbare Profile: Fabian & Weltklasse & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\PCSUService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Users\Fabian\AppData\Local\A2F8EA6C-1443547698-E211-83C6-B888E3FC2648\snstAD49.tmp (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe () C:\Program Files (x86)\A2F8EA6C-1443540423-E211-83C6-B888E3FC2648\hnsfFFD3.tmp () C:\Program Files (x86)\RayDld\ihpmServer.exe () C:\Program Files (x86)\A2F8EA6C-1443540423-E211-83C6-B888E3FC2648\jnsoD5B4.tmp (Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe () C:\Program Files (x86)\A2F8EA6C-1443540423-E211-83C6-B888E3FC2648\knswAA0A.tmpfs (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe () C:\Users\Fabian\AppData\Local\gmsd_de_005010100\upgmsd_de_005010100.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Windows\System32\cpm.exe (Open Source) C:\Users\Fabian\AppData\Roaming\cpuminer\sgminer\sgm.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (SoftBrain Technologies Ltd.) C:\Users\Fabian\AppData\Local\SmartWeb\SmartWebHelper.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (SoftBrain Technologies Ltd.) C:\Users\Fabian\AppData\Local\SmartWeb\SmartWebApp.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files (x86)\gmsd_de_005010100\gmsd_de_005010100.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (DTools LIMITED) C:\ProgramData\1WdsManPro1\WdsManPro.exe (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe (CinePlus-1.44V29.09) C:\Program Files (x86)\CinePlus-1.44V29.09\f49a23c4-a72f-4f54-93e7-08b94ed1f986-10.exe (CinePlus-1.44V29.09) C:\Program Files (x86)\CinePlus-1.44V29.09\f49a23c4-a72f-4f54-93e7-08b94ed1f986-6.exe () C:\Program Files (x86)\gmsd_de_005010101\gmsd_de_005010101.exe (CinePlus-1.44V29.09) C:\Program Files (x86)\CinePlus-1.44V29.09\f49a23c4-a72f-4f54-93e7-08b94ed1f986-1-6.exe () C:\Users\Fabian\AppData\Local\Temp\nswE0C6.tmp (CMI Limited) C:\Users\Fabian\AppData\Local\Temp\nsg7914.tmp (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2013-01-01] (Realtek Semiconductor) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2793200 2013-11-29] (Synaptics Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710720 2015-09-25] (Dropbox, Inc.) HKLM-x32\...\RunOnce: [upgmsd_de_005010101.exe] => C:\Users\Fabian\AppData\Local\gmsd_de_005010101\upgmsd_de_005010101.exe -runonce HKLM-x32\...\RunOnce: [upgmsd_de_005010100.exe] => C:\Users\Fabian\AppData\Local\gmsd_de_005010100\upgmsd_de_005010100.exe [3324560 2015-09-28] () HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation) HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-31] (Google Inc.) HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [Facebook Update] => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-26] (Facebook Inc.) HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\MountPoints2: {22932296-5eba-11e4-bf1b-50b7c3614c0f} - "E:\AutoRun.exe" HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\MountPoints2: {5819ac44-78c4-11e4-bf1c-001e101f8d7f} - "E:\AutoRun.exe" HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\MountPoints2: {ddca8fa6-5d0d-11e4-bf1a-50b7c3614c0f} - "E:\AutoRun.exe" HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\MountPoints2: {ddca8fe2-5d0d-11e4-bf1a-50b7c3614c0f} - "E:\AutoRun.exe" ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-14] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-05] ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Weltklasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-09] ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{83FF6AEB-B3D1-430F-B3D2-D431FDBC3517}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-03-30] (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-10-31] (Qualcomm Atheros Commnucations) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-29] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-03-30] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-03-30] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-29] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-03-30] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-29] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-29] (Google Inc.) Toolbar: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-29] (Google Inc.) Toolbar: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> Kein Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Keine Datei Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-03-30] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default FF SearchEngineOrder.1: Search By ZoneAlarm FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1443541655&z=95f1fd592bc84a8cc7f9954g0z2z4c9wcz8g3zfq4g&from=cmi&uid=HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX FF Keyword.URL: hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=55ae97b08b424b198a0d350b62d91f50&tu=10GXz00Co1C01u0&sku=&tstsId=&ver=&&q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] () FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [Keine Datei] FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-05-23] (Citrix Systems, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-03-30] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-30] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2678595623-4148133582-4009595467-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Fabian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2678595623-4148133582-4009595467-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-07-13] (Intel) FF SearchPlugin: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\searchplugins\youtube-videosuche.xml [2015-05-09] FF SearchPlugin: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\searchplugins\zonealarm.xml [2014-03-06] FF Extension: LyricXeeker - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\Extensions\128 [2013-08-18] FF Extension: zonealarm.com - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\Extensions\ffxtlbr@zonealarm.com [2014-03-06] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => nicht gefunden FF Extension: Kein Name - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\extensions\deskCutv2@gmail.com [nicht gefunden] FF Extension: Kein Name - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\extensions\defsearchp@gmail.com [nicht gefunden] FF Extension: Kein Name - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [nicht gefunden] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1443541655&z=95f1fd592bc84a8cc7f9954g0z2z4c9wcz8g3zfq4g&from=cmi&uid=HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1443541655&z=95f1fd592bc84a8cc7f9954g0z2z4c9wcz8g3zfq4g&from=cmi&uid=HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX" CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1443544239&z=0a446fd311a8435d266f9cfgdzez8cfw0z0z5ecz0m&from=cmi&uid=HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX&q={searchTerms} CHR DefaultSearchKeyword: Default -> mystartsearch CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\pdf.dll => Keine Datei CHR Plugin: (Norton Confidential) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-31] CHR Extension: (Google Search) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-31] CHR Extension: (Freemake Video Converter) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-08-08] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28] CHR Extension: (Gmail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-31] CHR HKLM-x32\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Fabian\AppData\Roaming\SpeedanAlysis\speedanalysis.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-07-27] StartMenuInternet: Google Chrome - Chrome.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-29] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-29] (Dropbox, Inc.) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-12-10] (TuneUp Software) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [Datei ist nicht signiert] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc [X] <==== ACHTUNG S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ACHTUNG ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.) S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-10-31] (Qualcomm Atheros) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-29] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) S3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2013-01-01] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X] S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X] S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X] S1 MpKslce08bbb0; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D842C845-EC9E-4F68-9647-40816D3CEB29}\MpKslce08bbb0.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-29 20:04 - 2015-09-29 20:05 - 00032678 _____ C:\Users\Fabian\Downloads\FRST.txt 2015-09-29 20:04 - 2015-09-29 20:05 - 00000000 ____D C:\FRST 2015-09-29 20:03 - 2015-09-29 20:03 - 02192384 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe 2015-09-29 20:03 - 2015-09-29 20:03 - 01696256 _____ (Farbar) C:\Users\Fabian\Downloads\FRST.exe 2015-09-29 20:01 - 2015-09-29 19:12 - 00000108 _____ C:\Users\Fabian\Desktop\Wichtig.txt 2015-09-29 18:51 - 2015-09-29 18:35 - 00613255 _____ (CMI Limited) C:\Users\Fabian\AppData\Local\nsg7914.tmp 2015-09-29 18:35 - 2015-09-29 19:55 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx 2015-09-29 18:34 - 2015-09-29 19:55 - 00000000 ____D C:\Program Files (x86)\gmsd_de_005010101 2015-09-29 18:34 - 2015-09-29 18:34 - 00004028 _____ C:\WINDOWS\System32\Tasks\MZhXnKSOZpeGB0VKC0d 2015-09-29 18:34 - 2015-09-29 18:34 - 00004016 _____ C:\WINDOWS\System32\Tasks\5naU0BRS17ZiL 2015-09-29 18:34 - 2015-09-29 18:34 - 00001026 _____ C:\WINDOWS\Tasks\MZhXnKSOZpeGB0VKC0d.job 2015-09-29 18:34 - 2015-09-29 18:34 - 00001014 _____ C:\WINDOWS\Tasks\5naU0BRS17ZiL.job 2015-09-29 18:33 - 2015-09-29 19:56 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-09-29 18:33 - 2015-09-29 19:33 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-09-29 18:33 - 2015-09-29 18:33 - 00000000 ____D C:\Users\Fabian\AppData\Local\globalUpdate 2015-09-29 18:33 - 2015-09-29 18:33 - 00000000 ____D C:\Program Files (x86)\42db7398-4c6e-4869-8b96-ba76ddc26801 2015-09-29 18:32 - 2015-09-29 19:55 - 00000000 ____D C:\Program Files (x86)\CinePlus-1.44V29.09 2015-09-29 18:30 - 2015-09-29 19:56 - 00000000 ____D C:\ProgramData\1WdsManPro1 2015-09-29 17:48 - 2015-09-29 19:56 - 00000000 ____D C:\Users\Fabian\AppData\Local\gmsd_de_005010100 2015-09-29 17:48 - 2015-09-29 19:55 - 00000000 ____D C:\Program Files (x86)\SFK 2015-09-29 17:48 - 2015-09-29 19:55 - 00000000 ____D C:\Program Files (x86)\gmsd_de_005010100 2015-09-29 17:48 - 2015-09-29 18:30 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-09-29 17:47 - 2015-09-29 17:47 - 00000588 _____ C:\task.vbs 2015-09-29 17:45 - 2015-09-29 19:55 - 00000000 ____D C:\Users\Fabian\AppData\Local\SmartWeb 2015-09-29 17:40 - 2015-09-29 19:56 - 00001127 _____ C:\Users\Fabian\Desktop\Continue Live Installation.lnk 2015-09-29 17:35 - 2015-09-29 19:56 - 00000000 ____D C:\Program Files (x86)\PC Speed Up 2015-09-29 17:35 - 2015-09-29 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-09-29 17:35 - 2015-09-29 17:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-09-29 17:34 - 2015-09-29 17:34 - 00000000 ____D C:\Program Files (x86)\predm 2015-09-29 17:32 - 2015-09-29 19:55 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\cpuminer 2015-09-29 17:32 - 2015-09-29 17:32 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 2015-09-29 17:29 - 2015-09-29 17:29 - 03687352 _____ (Sony Corporation) C:\Users\Fabian\Downloads\picture-motion-browser-5.8.02.exe 2015-09-29 17:28 - 2015-09-29 19:55 - 00000000 ____D C:\Users\Fabian\AppData\Local\A2F8EA6C-1443547698-E211-83C6-B888E3FC2648 2015-09-29 17:27 - 2015-09-29 19:55 - 00000000 ____D C:\Program Files (x86)\A2F8EA6C-1443540423-E211-83C6-B888E3FC2648 2015-09-29 17:27 - 2015-09-06 12:54 - 00000856 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-09-29 17:24 - 2015-09-29 19:56 - 00000000 ____D C:\Program Files (x86)\RayDld 2015-09-29 17:21 - 2015-09-29 19:56 - 00001271 _____ C:\Users\Fabian\Desktop\Continue installation .lnk 2015-09-29 17:19 - 2015-09-29 17:20 - 01567200 _____ C:\Users\Fabian\Downloads\Sony+dcr+dvd106+driver+wi_10924_i65360158_il345.exe 2015-09-29 13:07 - 2015-09-29 19:56 - 00001234 _____ C:\Users\Fabian\Desktop\Dropbox.lnk 2015-09-29 13:07 - 2015-09-29 18:02 - 00000000 ___RD C:\Users\Fabian\Dropbox 2015-09-29 13:05 - 2015-09-29 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-09-29 13:03 - 2015-09-29 13:03 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Dropbox 2015-09-29 12:55 - 2015-09-29 20:00 - 00001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2015-09-29 12:55 - 2015-09-29 18:02 - 00000000 ____D C:\Users\Fabian\AppData\Local\Dropbox 2015-09-29 12:55 - 2015-09-29 17:59 - 00001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2015-09-29 12:55 - 2015-09-29 13:05 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-09-29 12:55 - 2015-09-29 12:55 - 00660960 _____ (Dropbox, Inc.) C:\Users\Fabian\Downloads\DropboxInstaller.exe 2015-09-29 12:55 - 2015-09-29 12:55 - 00004198 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2015-09-29 12:55 - 2015-09-29 12:55 - 00003962 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2015-09-29 12:55 - 2015-09-29 12:55 - 00000000 ____D C:\ProgramData\Dropbox 2015-09-23 02:35 - 2015-09-23 02:35 - 01423680 ____N C:\WINDOWS\system32\cpm.exe 2015-09-21 23:11 - 2015-09-21 23:11 - 00000220 _____ C:\WINDOWS\system32\cpuminer-conf.json 2015-09-19 18:36 - 2015-09-19 18:40 - 00000000 ____D C:\Users\Fabian\Desktop\Tennis neu 2015-09-16 17:05 - 2015-09-16 17:05 - 02517044 _____ C:\Users\Fabian\Downloads\Foto(1).zip 2015-09-15 13:23 - 2015-09-15 13:23 - 00826072 _____ C:\WINDOWS\Minidump\091515-44859-01.dmp 2015-09-15 12:13 - 2015-09-15 12:13 - 00798800 _____ C:\WINDOWS\Minidump\091515-53031-01.dmp 2015-09-09 13:19 - 2015-09-09 13:19 - 01028457 _____ C:\Users\Fabian\Downloads\Hh.zip 2015-09-08 23:33 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2015-09-08 23:33 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2015-09-08 23:33 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-09-08 23:33 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-09-08 23:33 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll 2015-09-08 23:33 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2015-09-08 23:33 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2015-09-08 23:33 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2015-09-08 23:32 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-09-08 23:32 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-09-08 23:32 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-09-08 23:32 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-09-08 23:32 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-09-08 23:32 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-09-08 23:32 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-09-08 23:32 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-09-08 23:32 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-09-08 23:32 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-09-08 23:32 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-09-08 23:32 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-09-08 23:32 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-09-08 23:32 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-08 23:32 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-08 23:32 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-09-08 23:32 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-08 23:32 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-09-08 23:32 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-09-08 23:32 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-09-08 23:32 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-09-08 23:32 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-09-08 23:32 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-09-08 23:32 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-08 23:32 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-09-08 23:32 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-09-08 23:32 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-09-08 23:32 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-09-08 23:32 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-09-08 23:32 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-09-08 23:32 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-09-08 23:32 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-09-08 23:32 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-09-08 23:32 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-09-08 23:32 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-09-08 23:32 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-09-08 23:32 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-09-08 23:32 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-09-08 23:32 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-09-08 23:32 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-09-08 23:32 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-09-08 23:32 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll 2015-09-08 23:32 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll 2015-09-08 23:32 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2015-09-08 23:28 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2015-09-08 23:28 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2015-09-08 23:27 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-08 23:27 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-08 23:27 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-09-08 23:27 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-09-08 23:27 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-08 23:27 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-08 23:27 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2015-09-08 23:27 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2015-09-08 23:27 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-09-08 23:26 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-09-08 23:26 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-08 23:26 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-08 23:26 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-09-08 23:26 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-09-08 23:26 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2015-09-08 23:26 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2015-09-08 23:26 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2015-09-08 23:26 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe 2015-09-08 23:26 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe 2015-09-08 23:26 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-08 23:26 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe 2015-09-08 23:26 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe 2015-09-08 23:26 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-09-08 23:26 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-09-08 23:20 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe 2015-09-08 23:20 - 2015-07-10 21:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2015-09-08 12:50 - 2015-09-08 12:50 - 02860258 _____ C:\Users\Fabian\Downloads\Foto.zip 2015-09-06 13:18 - 2015-09-13 11:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-06 12:54 - 2015-09-06 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-09-06 12:54 - 2015-09-06 12:54 - 00000000 ____D C:\Program Files\McAfee Security Scan ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-29 20:04 - 2012-12-31 14:38 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-29 20:01 - 2014-03-18 12:03 - 00338484 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-29 20:01 - 2014-03-18 11:25 - 03434242 _____ C:\WINDOWS\system32\perfh007.dat 2015-09-29 20:01 - 2014-03-18 11:25 - 00958384 _____ C:\WINDOWS\system32\perfc007.dat 2015-09-29 20:01 - 2012-12-31 14:29 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001 2015-09-29 20:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-09-29 20:00 - 2013-08-22 16:46 - 00392271 _____ C:\WINDOWS\setupact.log 2015-09-29 19:57 - 2014-09-19 10:53 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-09-29 19:57 - 2014-03-28 19:46 - 00001386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-09-29 19:57 - 2014-03-28 19:46 - 00001313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-09-29 19:57 - 2014-02-04 14:38 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-09-29 19:57 - 2013-07-18 21:06 - 00002551 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-09-29 19:57 - 2013-05-07 16:17 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk 2015-09-29 19:57 - 2013-01-09 23:07 - 00002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allshare Play.lnk 2015-09-29 19:57 - 2013-01-08 14:29 - 00001584 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk 2015-09-29 19:57 - 2013-01-04 17:01 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-09-29 19:56 - 2015-01-18 16:03 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-09-29 19:56 - 2014-09-19 11:09 - 00001454 _____ C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-09-29 19:56 - 2014-09-19 10:45 - 00000469 _____ C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-09-29 19:56 - 2014-09-19 10:45 - 00000467 _____ C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-09-29 19:56 - 2014-06-14 21:33 - 00001946 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-09-29 19:56 - 2014-05-27 20:51 - 00001088 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-29 19:56 - 2014-02-18 01:06 - 00001589 _____ C:\Users\Public\Desktop\Free Audio CD to MP3 Converter.lnk 2015-09-29 19:56 - 2013-08-19 16:06 - 00001906 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk 2015-09-29 19:56 - 2013-07-27 10:13 - 00001358 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk 2015-09-29 19:56 - 2013-05-07 15:31 - 00001049 _____ C:\Users\Fabian\Desktop\PhotoScape.lnk 2015-09-29 19:56 - 2013-04-14 16:19 - 00001206 _____ C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk 2015-09-29 19:56 - 2013-03-15 17:26 - 00001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Driver Updater.lnk 2015-09-29 19:56 - 2013-01-03 13:44 - 00002224 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk 2015-09-29 19:56 - 2012-12-31 14:22 - 00000896 _____ C:\Users\Fabian\Desktop\Downloads.lnk 2015-09-29 19:55 - 2013-03-15 17:26 - 00000000 ____D C:\Users\Fabian\AppData\Local\TempDIR 2015-09-29 19:34 - 2014-09-19 11:05 - 01792763 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-29 19:30 - 2013-01-15 15:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-09-29 18:40 - 2012-12-31 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-09-29 18:23 - 2014-05-27 20:51 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-09-29 18:21 - 2013-09-26 21:16 - 00000944 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001UA.job 2015-09-29 18:07 - 2013-01-02 00:13 - 00000000 ____D C:\ProgramData\WinClon 2015-09-29 18:00 - 2014-09-19 11:16 - 00000000 __RDO C:\Users\Fabian\OneDrive 2015-09-29 17:59 - 2012-12-31 14:38 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-29 17:58 - 2014-09-19 10:45 - 00000000 ____D C:\Users\Fabian 2015-09-29 17:58 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-29 17:56 - 2014-03-18 03:50 - 00118636 _____ C:\WINDOWS\PFRO.log 2015-09-29 17:51 - 2014-05-27 20:51 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-29 17:36 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-09-29 15:42 - 2014-09-19 16:14 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3F8CFDF7-E308-453A-87C7-259271A41379} 2015-09-28 21:21 - 2013-09-26 21:16 - 00000922 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001Core.job 2015-09-22 13:32 - 2014-03-28 20:16 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\vlc 2015-09-22 11:11 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-22 10:33 - 2013-01-15 15:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-09-20 21:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2015-09-20 12:35 - 2014-06-15 20:57 - 00000000 ____D C:\Users\Fabian\AppData\Local\Microsoft Help 2015-09-15 15:15 - 2012-12-31 14:22 - 00000000 ____D C:\Users\Fabian\AppData\Local\Packages 2015-09-15 13:59 - 2012-12-31 14:38 - 00004102 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-15 13:59 - 2012-12-31 14:38 - 00003866 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-15 13:23 - 2015-04-29 14:20 - 616777006 _____ C:\WINDOWS\MEMORY.DMP 2015-09-15 13:23 - 2015-04-29 14:20 - 00000000 ____D C:\WINDOWS\Minidump 2015-09-15 03:18 - 2015-07-28 14:10 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-15 03:18 - 2015-07-28 14:10 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-13 11:31 - 2013-08-22 16:44 - 00508344 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-13 11:30 - 2013-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-13 11:29 - 2013-08-22 15:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI 2015-09-13 11:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-09-09 14:24 - 2013-01-11 16:19 - 00000000 ____D C:\Users\Fabian\Desktop\FH 2015-09-09 04:14 - 2014-03-18 11:40 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-09 04:06 - 2013-07-13 12:09 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-06 12:56 - 2015-07-16 16:25 - 00002996 _____ C:\WINDOWS\System32\Tasks\SUPatchForW10Up 2015-09-06 12:56 - 2012-12-31 14:52 - 00000000 ____D C:\ProgramData\Samsung ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL 2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe 2013-08-19 01:40 - 2013-08-19 01:40 - 0000055 _____ () C:\Users\Fabian\AppData\Roaming\WB.CFG 2013-08-19 01:40 - 2013-08-19 01:40 - 0000005 _____ () C:\Users\Fabian\AppData\Roaming\WBPU-TTL.DAT 2015-09-29 18:51 - 2015-09-29 18:35 - 0613255 _____ (CMI Limited) C:\Users\Fabian\AppData\Local\nsg7914.tmp 2013-03-02 13:02 - 2013-02-21 17:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-03-02 13:02 - 2013-01-13 00:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml 2013-03-15 17:26 - 2013-03-15 17:26 - 0004974 _____ () C:\ProgramData\mtbjfghn.xbe 2015-09-29 17:48 - 2015-09-29 18:30 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\MakeMarkerFile.exe C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Einige Dateien in TEMP: ==================== C:\Users\Fabian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzv2bai.dll C:\Users\Fabian\AppData\Local\Temp\Opera_NI_stable.exe C:\Users\Fabian\AppData\Local\Temp\Sony dcr dvd106 driver wi__10924_i1683836682_il768469.exe C:\Users\Fabian\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-29 18:16 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von Fabian (2015-09-29 20:06:04)
Gestartet von C:\Users\Fabian\Downloads
Windows 8.1 (X64) (2014-09-19 09:08:18)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2678595623-4148133582-4009595467-500 - Administrator - Disabled) => C:\Users\Administrator
Fabian (S-1-5-21-2678595623-4148133582-4009595467-1001 - Administrator - Enabled) => C:\Users\Fabian
Gast (S-1-5-21-2678595623-4148133582-4009595467-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2678595623-4148133582-4009595467-1005 - Limited - Enabled)
Weltklasse (S-1-5-21-2678595623-4148133582-4009595467-1003 - Administrator - Enabled) => C:\Users\Weltklasse
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AMD Catalyst Install Manager (HKLM\...\{D1FE6D8B-E5EE-5205-3E53-CDA000257D99}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Carambis Driver Updater (HKLM-x32\...\Driver Updater) (Version: 2.0.0.6003 - MEDIA FOG LTD)
CinePlus-1.44V29.09 (HKLM-x32\...\CinePlus-1.44V29.09) (Version: 1.36.01.22 - CinePlus-1.44V29.09) <==== ACHTUNG
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.201.3 - Citrix Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
DV Studio3 (HKLM-x32\...\{5DF68560-292A-11D5-99D1-00010256D40E}) (Version: - )
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.2 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.2 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden
SD Viewer (HKLM-x32\...\{09CF19F8-4552-11D5-99D1-00010256D40E}) (Version: - )
Self-Service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SpeedAnalysis.com (HKLM-x32\...\SpeedAnalysis.com) (Version: 1.0.0.1 - SpeedAnalysis.com) <==== ACHTUNG
Support Center (HKLM\...\{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}) (Version: 2.1.100 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{1687FC01-135F-4ADE-B828-B461CC74BD8A}) (Version: 2.2.4 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.0.0 - Synaptics Incorporated)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.179 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
Update for Open It! - Zip Extractor (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\DSite) (Version: - ) <==== ACHTUNG
User Guide (HKLM-x32\...\{C7588111-1A12-4EFE-8CA0-DA4344480D92}) (Version: 1.4.00 - Samsung Electronics CO., LTD.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Zip Opener Packages (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Zip Opener Packages) (Version: - ) <==== ACHTUNG
ZoneAlarm Antivirus (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 12.0.118.000 - Check Point)
ZoneAlarm Security (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.28.13 - Check Point Software Technologies LTD)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Wiederherstellungspunkte =========================
09-09-2015 03:59:46 Windows Update
20-09-2015 21:34:06 Geplanter Prüfpunkt
29-09-2015 09:33:13 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2015-09-06 12:54 - 00000856 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04B6B6E1-A935-4981-869F-0B965A4C467B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {0554DCE7-9957-421D-B877-FC50D04AEF53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {0675AED6-6D32-4617-A286-712207A91E8B} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {0CF1088D-8B82-49BF-A2DD-18E55392041A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {26D9AD83-5FD7-4EF7-BEED-867743CEA15D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001Core => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-26] (Facebook Inc.)
Task: {3AF07318-F42E-400E-B0C2-073B34BAB0BE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-30] (Microsoft Corporation)
Task: {4E579C2F-5DEC-4BD2-901A-5B354F360654} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {56C66FE2-F5CB-49C4-A7F1-7481FE48FC4D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {5E9A02CE-1C23-429F-8696-9DB79B87198C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {67B75DFF-32FA-41DE-9AB9-8BF5004502F7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {6D635B4B-D8F2-4218-AAFC-178FF18E5C99} - System32\Tasks\SUPatchForW10Up => %programdata%\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Task: {7765C541-1D1A-452D-A647-54DE5308D80B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {972B1E71-9351-439F-A484-C2D370408FB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-30] (Microsoft Corporation)
Task: {98031C1D-C9D1-4B59-A7A4-049CE31DC7BD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001UA => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-26] (Facebook Inc.)
Task: {9DCAE56A-934A-4476-8952-E3B213C0E1F2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.)
Task: {9F108CA9-D542-46ED-B3FE-774E6A110EDF} - System32\Tasks\MZhXnKSOZpeGB0VKC0d => C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe [2015-04-20] () <==== ACHTUNG
Task: {A5CD3962-2EE4-471D-83F7-A9F92FBDD405} - System32\Tasks\5naU0BRS17ZiL => C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe [2015-04-20] () <==== ACHTUNG
Task: {ABBD97C8-8221-4017-8D4A-410AF50B65FF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-12-10] (TuneUp Software)
Task: {ADB850B7-CEF6-4B75-9869-796725C67467} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-30] (Microsoft Corporation)
Task: {BA8FC497-0083-4A59-BB62-427673047967} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-29] (Dropbox, Inc.)
Task: {BFB41CCF-9E0B-4A28-9741-CD62AF36DBD7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-29] (Dropbox, Inc.)
Task: {C8B32519-3B74-4EC6-913D-7B7350B87631} - System32\Tasks\{CC4E6D00-A58A-4177-A897-466DF1DB4AB2} => pcalua.exe -a "C:\Users\Fabian\AppData\Roaming\Open It! - Zip Extractor Packages\uninstaller.exe" -c /Uninstall /NM="Open It! - Zip Extractor Packages" /AN="" /MBN="Open It! - Zip Extractor Packages"
Task: {F886FD86-0C6C-4CA3-B71C-4F8A7E9B6E17} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-12-16] (SEC)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\5naU0BRS17ZiL.job => C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001Core.job => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001UA.job => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MZhXnKSOZpeGB0VKC0d.job => C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-03-30 22:35 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-30 22:35 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-09-29 17:29 - 2015-09-29 17:29 - 00303616 _____ () C:\Users\Fabian\AppData\Local\A2F8EA6C-1443547698-E211-83C6-B888E3FC2648\snstAD49.tmp
2015-09-29 17:27 - 2015-09-29 17:27 - 00203776 _____ () C:\Program Files (x86)\A2F8EA6C-1443540423-E211-83C6-B888E3FC2648\hnsfFFD3.tmp
2015-09-25 09:32 - 2015-09-25 09:32 - 00268520 _____ () C:\Program Files (x86)\RayDld\ihpmServer.exe
2015-09-29 17:27 - 2015-09-29 17:27 - 00181760 _____ () C:\Program Files (x86)\A2F8EA6C-1443540423-E211-83C6-B888E3FC2648\jnsoD5B4.tmp
2013-12-10 19:45 - 2013-12-10 19:45 - 00753464 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2015-09-29 15:56 - 2015-09-29 15:56 - 00445952 _____ () C:\Program Files (x86)\A2F8EA6C-1443540423-E211-83C6-B888E3FC2648\knswAA0A.tmpfs
2015-09-29 17:48 - 2015-09-28 18:46 - 03324560 _____ () C:\Users\Fabian\AppData\Local\gmsd_de_005010100\upgmsd_de_005010100.exe
2014-10-29 17:19 - 2014-10-29 17:19 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-10-31 21:57 - 2012-10-31 21:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 21:52 - 2012-10-31 21:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-31 21:55 - 2012-10-31 21:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-31 21:57 - 2012-10-31 21:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-09-23 02:35 - 2015-09-23 02:35 - 01423680 ____N () C:\Windows\System32\cpm.exe
2015-09-29 17:48 - 2015-09-28 18:46 - 03982480 _____ () C:\Program Files (x86)\gmsd_de_005010100\gmsd_de_005010100.exe
2015-09-29 18:34 - 2015-09-29 13:56 - 03978384 _____ () C:\Program Files (x86)\gmsd_de_005010101\gmsd_de_005010101.exe
2015-09-29 18:34 - 2015-09-29 18:34 - 00228667 ____N () C:\Users\Fabian\AppData\Local\Temp\nswE0C6.tmp
2015-09-29 17:35 - 2012-01-16 22:06 - 00577621 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-01-03 13:38 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-09-29 18:01 - 2015-09-29 18:01 - 00071168 _____ () c:\users\fabian\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzv2bai.dll
2015-09-29 13:04 - 2015-09-03 01:03 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-09-29 13:04 - 2015-09-03 01:03 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-29 13:04 - 2015-09-03 01:03 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-29 13:04 - 2015-09-03 01:03 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2014-10-24 11:53 - 2014-10-24 11:53 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
2015-09-29 18:34 - 2015-09-29 18:34 - 00011264 _____ () C:\Users\Fabian\AppData\Local\Temp\nskFD5.tmp\System.dll
2015-09-29 18:34 - 2015-09-29 18:34 - 00009728 _____ () C:\Users\Fabian\AppData\Local\Temp\nskFD5.tmp\nsDialogs.dll
2015-09-29 18:34 - 2015-09-29 18:34 - 00025088 _____ () C:\Users\Fabian\AppData\Local\Temp\nskFD5.tmp\registry.dll
2015-09-29 18:34 - 2015-09-29 18:34 - 00067584 _____ () C:\Users\Fabian\AppData\Local\Temp\nskFD5.tmp\Math.dll
2015-09-29 18:35 - 2015-09-29 18:35 - 00058368 ____N () C:\Users\Fabian\AppData\Local\Temp\nskFD5.tmp\nsCBHTML5.dll
2015-09-29 18:35 - 2015-09-29 18:35 - 00011264 _____ () C:\Users\Fabian\AppData\Local\Temp\nsc2C62.tmp\System.dll
2015-09-29 18:51 - 2015-09-29 18:51 - 00042496 _____ () C:\Users\Fabian\AppData\Local\Temp\nsc2C62.tmp\ProcessKiller.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Fabian\OneDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "ISW"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CCEC2687-B896-4148-AB21-C44B43B3DFEC}] => (Allow) C:\Users\Fabian\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{53CBF2FC-5CD0-4322-BCC2-928D7E3E6E14}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{DCF7A183-488F-4DD4-8042-68E110CBC77A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{ABB16930-BD84-49D6-97A7-E35376951EF8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7DA4BE13-A71B-4375-ADB0-C9E3A4ECAC08}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C5FE278E-D9A9-4A66-87BD-F1411EACF024}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F0538CD0-A869-4CCD-9EE3-05CEADCAEF4E}] => (Allow) LPort=1900
FirewallRules: [{570194D2-4649-4F96-B6A0-27C403EE568E}] => (Allow) LPort=2869
FirewallRules: [{3209939F-6182-41C3-B2B0-30D075FA997E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{81F44DA5-CF3F-47E9-8133-51B5FBA0EB2B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{203F441B-153E-4B26-89A0-0CE580DB9C5A}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{C88907CC-D78B-4ACF-B86C-5EE1520E3286}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{587B288B-72CE-4813-8F3E-EAF0F91C34F6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{1483A208-B4DC-48FA-B467-B7FA478A9F16}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{80ABDF25-E148-4913-88F8-244BB75D0E69}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{82B12C4B-4534-4582-96A1-366904403825}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2CDE42C8-4A7D-4117-9AF7-4D67785E8075}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9795B058-5CAA-41D0-BC34-C6BDDDFA623A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8BAC6E8E-617E-4951-94F7-EBB57EE3F051}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D520EE0F-474E-4E14-92B8-D32FC71B538A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{80E2CB57-B033-4420-8553-11F29586898C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CB9AF74A-4808-4C75-902E-060E5D58068A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FA214E37-652E-4435-9C4F-5564E0C03625}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2D3FB84-D182-4A5B-AE7B-D68D97BF1BA3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9F68CE6A-908E-4600-AD82-11B1B6C9C5FF}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/29/2015 08:03:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe, Version: 19.0.0.185, Zeitstempel: 0x55f117ef
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x741bca20
ID des fehlerhaften Prozesses: 0x15b4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_19_0_0_185.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_19_0_0_185.exe2
Berichtskennung: FlashPlayerPlugin_19_0_0_185.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_19_0_0_185.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_19_0_0_185.exe5
Error: (09/29/2015 08:03:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe, Version: 19.0.0.185, Zeitstempel: 0x55f117ef
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x03935ce0
ID des fehlerhaften Prozesses: 0x15b4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_19_0_0_185.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_19_0_0_185.exe2
Berichtskennung: FlashPlayerPlugin_19_0_0_185.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_19_0_0_185.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_19_0_0_185.exe5
Error: (09/29/2015 08:01:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (09/29/2015 07:35:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe, Version: 19.0.0.185, Zeitstempel: 0x55f117ef
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x741bca20
ID des fehlerhaften Prozesses: 0x17b8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_19_0_0_185.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_19_0_0_185.exe2
Berichtskennung: FlashPlayerPlugin_19_0_0_185.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_19_0_0_185.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_19_0_0_185.exe5
Error: (09/29/2015 07:35:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe, Version: 19.0.0.185, Zeitstempel: 0x55f117ef
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x02535ce0
ID des fehlerhaften Prozesses: 0x17b8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_19_0_0_185.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_19_0_0_185.exe2
Berichtskennung: FlashPlayerPlugin_19_0_0_185.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_19_0_0_185.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_19_0_0_185.exe5
Error: (09/29/2015 06:33:25 PM) (Source: MsiInstaller) (EventID: 11316) (User: FABUS)
Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (09/29/2015 06:05:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Uninstall_PCSpeedUp.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1124
Startzeit: 01d0fad078e53a2a
Endzeit: 4294967295
Anwendungspfad: C:\Users\Fabian\AppData\Local\Temp\is-0H48G.tmp\Uninstall_PCSpeedUp.tmp
Berichts-ID: e6bfca80-66c3-11e5-bf7c-b888e3fc2648
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/29/2015 06:05:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gentlemjmp_ieu.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17b0
Startzeit: 01d0fad06552a9c5
Endzeit: 4294967295
Anwendungspfad: C:\Users\Fabian\AppData\Local\Temp\is-34449.tmp\gentlemjmp_ieu.tmp
Berichts-ID: de29bc4d-66c3-11e5-bf7c-b888e3fc2648
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/29/2015 06:05:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (09/29/2015 05:58:31 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Systemfehler:
=============
Error: (09/29/2015 05:58:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.09.2015 um 17:38:22 unerwartet heruntergefahren.
Error: (09/29/2015 05:35:09 PM) (Source: DCOM) (EventID: 10010) (User: FABUS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (09/29/2015 05:35:09 PM) (Source: DCOM) (EventID: 10010) (User: FABUS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (09/29/2015 05:24:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ihpmServer" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (09/28/2015 08:12:57 PM) (Source: DCOM) (EventID: 10010) (User: FABUS)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
Error: (09/28/2015 08:09:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.09.2015 um 15:46:30 unerwartet heruntergefahren.
Error: (09/23/2015 03:44:54 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (09/23/2015 12:59:29 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/23/2015 10:26:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 22.09.2015 um 23:18:23 unerwartet heruntergefahren.
Error: (09/22/2015 10:37:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
CodeIntegrity:
===================================
Date: 2015-09-29 17:57:50.315
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-29 17:38:10.550
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-28 20:09:27.785
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-23 10:26:07.127
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-15 13:23:00.096
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-15 12:13:40.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-13 11:30:56.488
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-06 12:48:46.473
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 8083.44 MB
Verfügbarer physikalischer RAM: 5703.51 MB
Summe virtueller Speicher: 16787.45 MB
Verfügbarer virtueller Speicher: 12892.47 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:673.3 GB) (Free:567.98 GB) NTFS
Drive d: () (Removable) (Total:0.98 GB) (Free:0.41 GB) FAT
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4F494D44)
Partition: GPT.
========================================================
Disk: 1 (Size: 1007.3 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
==================== Ende von Addition.txt ============================
|
|
29.09.2015, 19:21
| #4 |
| | Logdatei TDSS-KillerCode:
ATTFilter 20:09:09.0159 0x09e0 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
20:09:09.0159 0x09e0 UEFI system
20:10:08.0303 0x09e0 ============================================================
20:10:08.0303 0x09e0 Current date / time: 2015/09/29 20:10:08.0303
20:10:08.0303 0x09e0 SystemInfo:
20:10:08.0303 0x09e0
20:10:08.0303 0x09e0 OS Version: 6.3.9600 ServicePack: 0.0
20:10:08.0303 0x09e0 Product type: Workstation
20:10:08.0303 0x09e0 ComputerName: FABUS
20:10:08.0303 0x09e0 UserName: Fabian
20:10:08.0303 0x09e0 Windows directory: C:\WINDOWS
20:10:08.0303 0x09e0 System windows directory: C:\WINDOWS
20:10:08.0303 0x09e0 Running under WOW64
20:10:08.0303 0x09e0 Processor architecture: Intel x64
20:10:08.0303 0x09e0 Number of processors: 4
20:10:08.0303 0x09e0 Page size: 0x1000
20:10:08.0303 0x09e0 Boot type: Normal boot
20:10:08.0303 0x09e0 ============================================================
20:10:10.0094 0x09e0 KLMD registered as C:\WINDOWS\system32\drivers\01397281.sys
20:10:16.0250 0x09e0 System UUID: {CB8F8DAD-1A33-8DFD-B706-9884A117CC61}
20:10:17.0245 0x09e0 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:17.0248 0x09e0 Drive \Device\Harddisk1\DR1 - Size: 0x3EF40000 ( 0.98 Gb ), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:10:17.0249 0x09e0 ============================================================
20:10:17.0249 0x09e0 \Device\Harddisk0\DR0:
20:10:17.0249 0x09e0 GPT partitions:
20:10:17.0250 0x09e0 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {773D8363-07B0-45BE-B93F-34B4BFC98DDD}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFA000
20:10:17.0250 0x09e0 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0AB4B6FC-A86D-438E-8697-47DDF9BD36C9}, Name: EFI system partition, StartLBA 0xFA800, BlocksNum 0x96000
20:10:17.0250 0x09e0 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B8131779-5D35-4BCE-A0D3-378A0B9CDA7C}, Name: Microsoft reserved partition, StartLBA 0x190800, BlocksNum 0x40000
20:10:17.0250 0x09e0 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {96E8B7EC-9EFE-4EEE-BDD8-272A4F448C84}, Name: Basic data partition, StartLBA 0x1D0800, BlocksNum 0x54298800
20:10:17.0250 0x09e0 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {48EEC500-8CBE-47FF-BF4B-CADD7A6480FE}, Name: , StartLBA 0x54469000, BlocksNum 0xE1000
20:10:17.0250 0x09e0 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4153B478-E7E8-4309-9905-06561AA031F2}, Name: Basic data partition, StartLBA 0x5454A000, BlocksNum 0x2DFC000
20:10:17.0250 0x09e0 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {329F1834-D5A5-4A48-4173-636C65706975}, Name: Basic data partition, StartLBA 0x57346000, BlocksNum 0x200000
20:10:17.0250 0x09e0 MBR partitions:
20:10:17.0250 0x09e0 \Device\Harddisk1\DR1:
20:10:17.0251 0x09e0 MBR partitions:
20:10:17.0251 0x09e0 ============================================================
20:10:17.0272 0x09e0 C: <-> \Device\Harddisk0\DR0\Partition4
20:10:17.0272 0x09e0 ============================================================
20:10:17.0272 0x09e0 Initialize success
20:10:17.0272 0x09e0 ============================================================
20:11:38.0205 0x1744 ============================================================
20:11:38.0205 0x1744 Scan started
20:11:38.0205 0x1744 Mode: Manual; SigCheck; TDLFS;
20:11:38.0205 0x1744 ============================================================
20:11:38.0205 0x1744 KSN ping started
20:11:40.0731 0x1744 KSN ping finished: true
20:11:43.0646 0x1744 ================ Scan system memory ========================
20:11:43.0646 0x1744 System memory - ok
20:11:43.0646 0x1744 ================ Scan services =============================
20:11:43.0826 0x1744 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
20:11:43.0858 0x1744 1394ohci - ok
20:11:43.0873 0x1744 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
20:11:43.0885 0x1744 3ware - ok
20:11:43.0930 0x1744 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
20:11:43.0952 0x1744 ACPI - ok
20:11:43.0988 0x1744 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
20:11:43.0998 0x1744 acpiex - ok
20:11:44.0008 0x1744 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
20:11:44.0016 0x1744 acpipagr - ok
20:11:44.0043 0x1744 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
20:11:44.0051 0x1744 AcpiPmi - ok
20:11:44.0089 0x1744 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
20:11:44.0097 0x1744 acpitime - ok
20:11:44.0156 0x1744 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:11:44.0163 0x1744 AdobeARMservice - ok
20:11:44.0252 0x1744 [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:44.0261 0x1744 AdobeFlashPlayerUpdateSvc - ok
20:11:44.0307 0x1744 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:11:44.0334 0x1744 ADP80XX - ok
20:11:44.0373 0x1744 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
20:11:44.0393 0x1744 AeLookupSvc - ok
20:11:44.0428 0x1744 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
20:11:44.0447 0x1744 AFD - ok
20:11:44.0472 0x1744 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
20:11:44.0482 0x1744 agp440 - ok
20:11:44.0502 0x1744 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:11:44.0512 0x1744 ahcache - ok
20:11:44.0546 0x1744 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
20:11:44.0557 0x1744 ALG - ok
20:11:44.0578 0x1744 [ 6CF81DD5083D7F94A7E76E50429A949C, 19240502A6406924F889D1AFA975B975A300776D8B2D0557181DF13649622E2B ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
20:11:44.0605 0x1744 AMD External Events Utility - ok
20:11:44.0637 0x1744 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
20:11:44.0646 0x1744 AmdK8 - ok
20:11:45.0004 0x1744 [ 71F8D8B977ACC5973FA042BF906E709F, 8106C5F5C8E40344CCCDB912845786DF287BDF068D7A6EF9D26B00FA1754C1BC ] amdkmdag C:\WINDOWS\system32\DRIVERS\atikmdag.sys
20:11:45.0309 0x1744 amdkmdag - ok
20:11:45.0338 0x1744 [ 4AA027F91A8093B1CDF453B5394F6715, E6D15E959637C102A34F73F66BFDC38436575A2FEFFC3976ACF399A472F126A5 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
20:11:45.0365 0x1744 amdkmdap - ok
20:11:45.0386 0x1744 [ 8A375CB3B6D1A56A2AEEE72A5F1D0926, 03D6EA77B141675B719E66DA09D1DACC7137B19F9918C303DD6870B3F36ADEBB ] amdkmpfd C:\WINDOWS\system32\drivers\amdkmpfd.sys
20:11:45.0397 0x1744 amdkmpfd - ok
20:11:45.0412 0x1744 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
20:11:45.0423 0x1744 AmdPPM - ok
20:11:45.0449 0x1744 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
20:11:45.0458 0x1744 amdsata - ok
20:11:45.0475 0x1744 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
20:11:45.0490 0x1744 amdsbs - ok
20:11:45.0502 0x1744 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
20:11:45.0509 0x1744 amdxata - ok
20:11:45.0548 0x1744 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
20:11:45.0558 0x1744 AppID - ok
20:11:45.0581 0x1744 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
20:11:45.0590 0x1744 AppIDSvc - ok
20:11:45.0628 0x1744 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
20:11:45.0638 0x1744 Appinfo - ok
20:11:45.0683 0x1744 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
20:11:45.0700 0x1744 AppReadiness - ok
20:11:45.0762 0x1744 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
20:11:45.0795 0x1744 AppXSvc - ok
20:11:45.0808 0x1744 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
20:11:45.0818 0x1744 arcsas - ok
20:11:45.0851 0x1744 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:11:45.0863 0x1744 AsyncMac - ok
20:11:45.0876 0x1744 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
20:11:45.0885 0x1744 atapi - ok
20:11:45.0913 0x1744 [ 51C6777AD7649F6C3ED389151CFD9DE6, B010089D83A9D96DC5D1C525B8EA913CF2F80FA0254684A16DD29CCA9BE84620 ] AthBTPort C:\WINDOWS\system32\DRIVERS\btath_flt.sys
20:11:45.0922 0x1744 AthBTPort - ok
20:11:45.0961 0x1744 [ 565D8842C642BCF6B4F8B84CD7C282F6, 2CE79EA067B5471E126C4033C81D94D4125352CE1BED9DE1EF1EC2C55E27981B ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:11:45.0970 0x1744 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:11:48.0467 0x1744 Detect skipped due to KSN trusted
20:11:48.0468 0x1744 AtherosSvc - ok
20:11:48.0605 0x1744 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr C:\WINDOWS\system32\DRIVERS\athw8x.sys
20:11:48.0695 0x1744 athr - ok
20:11:48.0732 0x1744 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:11:48.0745 0x1744 AudioEndpointBuilder - ok
20:11:48.0783 0x1744 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
20:11:48.0811 0x1744 Audiosrv - ok
20:11:48.0839 0x1744 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
20:11:48.0849 0x1744 AxInstSV - ok
20:11:48.0884 0x1744 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
20:11:48.0905 0x1744 b06bdrv - ok
20:11:48.0923 0x1744 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:11:48.0931 0x1744 BasicDisplay - ok
20:11:48.0952 0x1744 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
20:11:48.0962 0x1744 BasicRender - ok
20:11:48.0982 0x1744 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
20:11:48.0988 0x1744 bcmfn2 - ok
20:11:49.0023 0x1744 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
20:11:49.0037 0x1744 BDESVC - ok
20:11:49.0066 0x1744 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:11:49.0084 0x1744 Beep - ok
20:11:49.0128 0x1744 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\WINDOWS\System32\bfe.dll
20:11:49.0154 0x1744 BFE - ok
20:11:49.0209 0x1744 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
20:11:49.0239 0x1744 BITS - ok
20:11:49.0269 0x1744 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
20:11:49.0281 0x1744 bowser - ok
20:11:49.0314 0x1744 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:11:49.0327 0x1744 BrokerInfrastructure - ok
20:11:49.0354 0x1744 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
20:11:49.0364 0x1744 Browser - ok
20:11:49.0396 0x1744 [ B600D86961C6DF87EEB637D4C4ABB663, 1847B661373AFC14607682C51A786D5E450E10A10ADCEE4A3951055552531301 ] BTATH_A2DP C:\WINDOWS\system32\drivers\btath_a2dp.sys
20:11:49.0408 0x1744 BTATH_A2DP - ok
20:11:49.0422 0x1744 [ 43C965027229D9FF6E52E4C71C03B09E, AF0E39EAD8B17A65F885272BEF12BF91578289C183FB39BB803183BE0E5547D1 ] btath_avdt C:\WINDOWS\system32\drivers\btath_avdt.sys
20:11:49.0428 0x1744 btath_avdt - ok
20:11:49.0449 0x1744 [ 3DD64966A764BCAFF07C9DC064BD410E, 456252339BCA224549E4CBCD5A0501AF10340211CFD567C577067ABF5DABB21F ] BTATH_HCRP C:\WINDOWS\System32\drivers\btath_hcrp.sys
20:11:49.0459 0x1744 BTATH_HCRP - ok
20:11:49.0484 0x1744 [ EB7A217767AF751365B8BF5F8D4F352A, 9260291C7622A14C5A7854D9ED31FFE74B4CB55B0E5F89E7E67516EFF1191A74 ] BTATH_HID C:\WINDOWS\system32\DRIVERS\btath_hid.sys
20:11:49.0494 0x1744 BTATH_HID - ok
20:11:49.0514 0x1744 [ B68EE0721EAC305AB1C9C989CDF1AEFF, 3F7CE8E244836E23456E519E48E53E4B9331C9AD9BAF13C208C922404575638A ] BTATH_LWFLT C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
20:11:49.0520 0x1744 BTATH_LWFLT - ok
20:11:49.0535 0x1744 [ 057DA8351AD21AE485A11A8237DC9263, 151C0A591A26E26C7700F00EC8E95C6D8A5406869109A0CA01A3C38D1C5FBA2A ] BTATH_RCP C:\WINDOWS\System32\drivers\btath_rcp.sys
20:11:49.0543 0x1744 BTATH_RCP - ok
20:11:49.0583 0x1744 [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
20:11:49.0601 0x1744 BtFilter - ok
20:11:49.0635 0x1744 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:11:49.0644 0x1744 BthAvrcpTg - ok
20:11:49.0667 0x1744 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
20:11:49.0677 0x1744 BthEnum - ok
20:11:49.0699 0x1744 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
20:11:49.0710 0x1744 BthHFEnum - ok
20:11:49.0741 0x1744 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
20:11:49.0749 0x1744 bthhfhid - ok
20:11:49.0784 0x1744 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
20:11:49.0797 0x1744 BthHFSrv - ok
20:11:49.0828 0x1744 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
20:11:49.0839 0x1744 BthLEEnum - ok
20:11:49.0857 0x1744 [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
20:11:49.0866 0x1744 BTHMODEM - ok
20:11:49.0888 0x1744 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
20:11:49.0897 0x1744 BthPan - ok
20:11:49.0948 0x1744 [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
20:11:49.0977 0x1744 BTHPORT - ok
20:11:50.0001 0x1744 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
20:11:50.0011 0x1744 bthserv - ok
20:11:50.0044 0x1744 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
20:11:50.0053 0x1744 BTHUSB - ok
20:11:50.0070 0x1744 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:11:50.0080 0x1744 cdfs - ok
20:11:50.0088 0x1744 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
20:11:50.0098 0x1744 cdrom - ok
20:11:50.0134 0x1744 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
20:11:50.0157 0x1744 CertPropSvc - ok
20:11:50.0193 0x1744 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
20:11:50.0201 0x1744 circlass - ok
20:11:50.0232 0x1744 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
20:11:50.0249 0x1744 CLFS - ok
20:11:50.0385 0x1744 [ 03F5F6B3FA0BACD7D385C5CE6D309F7A, 068CC6DBF3A9BB5AB59C3DA913BA198D160F32717F8E8D09ABCFC2FF405A09B4 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
20:11:50.0434 0x1744 ClickToRunSvc - ok
20:11:50.0467 0x1744 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
20:11:50.0474 0x1744 CLVirtualDrive - ok
20:11:50.0513 0x1744 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
20:11:50.0521 0x1744 CmBatt - ok
20:11:50.0553 0x1744 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
20:11:50.0576 0x1744 CNG - ok
20:11:50.0604 0x1744 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
20:11:50.0612 0x1744 CompositeBus - ok
20:11:50.0616 0x1744 COMSysApp - ok
20:11:50.0638 0x1744 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
20:11:50.0649 0x1744 condrv - ok
20:11:50.0738 0x1744 [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:11:50.0748 0x1744 cphs - ok
20:11:50.0782 0x1744 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
20:11:50.0796 0x1744 CryptSvc - ok
20:11:50.0826 0x1744 [ F02D7FD231AF76C69A8F09C619DEE384, 8A491BB0BFBD99804262A23E2687C58323A4042748CF201A32E35079FEDAF218 ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
20:11:50.0832 0x1744 ctxusbm - ok
20:11:50.0844 0x1744 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
20:11:50.0853 0x1744 dam - ok
20:11:50.0925 0x1744 dbupdate - ok
20:11:50.0942 0x1744 dbupdatem - ok
20:11:51.0001 0x1744 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:11:51.0027 0x1744 DcomLaunch - ok
20:11:51.0070 0x1744 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
20:11:51.0088 0x1744 defragsvc - ok
20:11:51.0120 0x1744 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:11:51.0135 0x1744 DeviceAssociationService - ok
20:11:51.0183 0x1744 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
20:11:51.0197 0x1744 DeviceInstall - ok
20:11:51.0239 0x1744 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
20:11:51.0248 0x1744 Dfsc - ok
20:11:51.0271 0x1744 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
20:11:51.0280 0x1744 dg_ssudbus - ok
20:11:51.0324 0x1744 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
20:11:51.0340 0x1744 Dhcp - ok
20:11:51.0395 0x1744 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
20:11:51.0434 0x1744 DiagTrack - ok
20:11:51.0478 0x1744 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
20:11:51.0559 0x1744 disk - ok
20:11:51.0604 0x1744 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
20:11:51.0612 0x1744 dmvsc - ok
20:11:51.0661 0x1744 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:11:51.0675 0x1744 Dnscache - ok
20:11:51.0709 0x1744 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
20:11:51.0721 0x1744 dot3svc - ok
20:11:51.0755 0x1744 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
20:11:51.0766 0x1744 DPS - ok
20:11:51.0805 0x1744 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:11:51.0812 0x1744 drmkaud - ok
20:11:51.0841 0x1744 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
20:11:51.0856 0x1744 DsmSvc - ok
20:11:51.0931 0x1744 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:11:51.0978 0x1744 DXGKrnl - ok
20:11:52.0013 0x1744 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
20:11:52.0022 0x1744 Eaphost - ok
20:11:52.0132 0x1744 [ 843E8B2127D7283845E29E6176C15887, F755EB9B8DEAE9B5E90D7729A3A9B3B74B3D1B6A2775BDC82624F4D80D0DCCD3 ] Easy Launcher C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
20:11:52.0168 0x1744 Easy Launcher - ok
20:11:52.0281 0x1744 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
20:11:52.0372 0x1744 ebdrv - ok
20:11:52.0405 0x1744 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
20:11:52.0415 0x1744 EFS - ok
20:11:52.0441 0x1744 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
20:11:52.0449 0x1744 EhStorClass - ok
20:11:52.0467 0x1744 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:11:52.0477 0x1744 EhStorTcgDrv - ok
20:11:52.0493 0x1744 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
20:11:52.0501 0x1744 ErrDev - ok
20:11:52.0554 0x1744 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
20:11:52.0571 0x1744 EventSystem - ok
20:11:52.0575 0x1744 ewusbmbb - ok
20:11:52.0579 0x1744 ew_hwusbdev - ok
20:11:52.0616 0x1744 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
20:11:52.0634 0x1744 exfat - ok
20:11:52.0655 0x1744 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
20:11:52.0667 0x1744 fastfat - ok
20:11:52.0711 0x1744 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
20:11:52.0735 0x1744 Fax - ok
20:11:52.0768 0x1744 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
20:11:52.0778 0x1744 fdc - ok
20:11:52.0799 0x1744 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
20:11:52.0808 0x1744 fdPHost - ok
20:11:52.0837 0x1744 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
20:11:52.0846 0x1744 FDResPub - ok
20:11:52.0885 0x1744 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
20:11:52.0897 0x1744 fhsvc - ok
20:11:52.0933 0x1744 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
20:11:52.0942 0x1744 FileInfo - ok
20:11:52.0946 0x1744 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
20:11:52.0962 0x1744 Filetrace - ok
20:11:52.0975 0x1744 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
20:11:52.0984 0x1744 flpydisk - ok
20:11:53.0026 0x1744 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:11:53.0042 0x1744 FltMgr - ok
20:11:53.0100 0x1744 [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache C:\WINDOWS\system32\FntCache.dll
20:11:53.0135 0x1744 FontCache - ok
20:11:53.0214 0x1744 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:53.0221 0x1744 FontCache3.0.0.0 - ok
20:11:53.0246 0x1744 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
20:11:53.0253 0x1744 FsDepends - ok
20:11:53.0287 0x1744 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:11:53.0298 0x1744 Fs_Rec - ok
20:11:53.0342 0x1744 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:11:53.0362 0x1744 fvevol - ok
20:11:53.0378 0x1744 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
20:11:53.0386 0x1744 FxPPM - ok
20:11:53.0418 0x1744 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
20:11:53.0428 0x1744 gagp30kx - ok
20:11:53.0464 0x1744 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
20:11:53.0471 0x1744 gencounter - ok
20:11:53.0491 0x1744 globalUpdate - ok
20:11:53.0493 0x1744 globalUpdatem - ok
20:11:53.0526 0x1744 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:11:53.0539 0x1744 GPIOClx0101 - ok
20:11:53.0595 0x1744 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
20:11:53.0630 0x1744 gpsvc - ok
20:11:53.0672 0x1744 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:53.0681 0x1744 gupdate - ok
20:11:53.0686 0x1744 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:53.0693 0x1744 gupdatem - ok
20:11:53.0715 0x1744 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:11:53.0725 0x1744 gusvc - ok
20:11:53.0757 0x1744 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
20:11:53.0771 0x1744 HDAudBus - ok
20:11:53.0793 0x1744 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
20:11:53.0800 0x1744 HidBatt - ok
20:11:53.0821 0x1744 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
20:11:53.0830 0x1744 HidBth - ok
20:11:53.0850 0x1744 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
20:11:53.0861 0x1744 hidi2c - ok
20:11:53.0891 0x1744 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
20:11:53.0900 0x1744 HidIr - ok
20:11:53.0917 0x1744 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
20:11:53.0928 0x1744 hidserv - ok
20:11:53.0956 0x1744 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
20:11:53.0964 0x1744 HidUsb - ok
20:11:53.0996 0x1744 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
20:11:54.0011 0x1744 hkmsvc - ok
20:11:54.0046 0x1744 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:11:54.0061 0x1744 HomeGroupListener - ok
20:11:54.0108 0x1744 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:11:54.0123 0x1744 HomeGroupProvider - ok
20:11:54.0152 0x1744 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
20:11:54.0160 0x1744 HpSAMD - ok
20:11:54.0215 0x1744 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
20:11:54.0246 0x1744 HTTP - ok
20:11:54.0251 0x1744 huawei_enumerator - ok
20:11:54.0255 0x1744 hwdatacard - ok
20:11:54.0284 0x1744 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
20:11:54.0293 0x1744 hwpolicy - ok
20:11:54.0322 0x1744 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
20:11:54.0332 0x1744 hyperkbd - ok
20:11:54.0339 0x1744 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
20:11:54.0349 0x1744 HyperVideo - ok
20:11:54.0374 0x1744 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
20:11:54.0386 0x1744 i8042prt - ok
20:11:54.0416 0x1744 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:11:54.0424 0x1744 iaLPSSi_GPIO - ok
20:11:54.0433 0x1744 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:11:54.0441 0x1744 iaLPSSi_I2C - ok
20:11:54.0481 0x1744 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
20:11:54.0500 0x1744 iaStorA - ok
20:11:54.0549 0x1744 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
20:11:54.0568 0x1744 iaStorAV - ok
20:11:54.0634 0x1744 [ 584068E03829BC5C63F54B05E6244E97, C075E8A4853C0DE09A9BF846338F9C8997FE7ACD604B4EC02AA89F0DAA1D985B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:11:54.0636 0x1744 IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:11:57.0139 0x1744 Detect skipped due to KSN trusted
20:11:57.0139 0x1744 IAStorDataMgrSvc - ok
20:11:57.0190 0x1744 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
20:11:57.0205 0x1744 iaStorV - ok
20:11:57.0209 0x1744 IEEtwCollectorService - ok
20:11:57.0323 0x1744 [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:11:57.0432 0x1744 igfx - ok
20:11:57.0467 0x1744 [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:11:57.0478 0x1744 igfxCUIService1.0.0.0 - ok
20:11:57.0529 0x1744 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
20:11:57.0558 0x1744 IKEEXT - ok
20:11:57.0581 0x1744 [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
20:11:57.0586 0x1744 intaud_WaveExtensible - ok
20:11:57.0701 0x1744 [ 5C20DBF6A00AF50C7CB74DB233E03AF0, 1AB043E8F08857D6A08D4EF8613C8B2ECB85364BAC0D485443D3ADDA8E6072AC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:11:57.0782 0x1744 IntcAzAudAddService - ok
20:11:57.0828 0x1744 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:11:57.0843 0x1744 IntcDAud - ok
20:11:57.0871 0x1744 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
20:11:57.0879 0x1744 intelide - ok
20:11:57.0897 0x1744 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
20:11:57.0904 0x1744 intelpep - ok
20:11:57.0924 0x1744 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
20:11:57.0935 0x1744 intelppm - ok
20:11:57.0953 0x1744 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:11:57.0967 0x1744 IpFilterDriver - ok
20:11:58.0017 0x1744 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
20:11:58.0044 0x1744 iphlpsvc - ok
20:11:58.0065 0x1744 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:11:58.0074 0x1744 IPMIDRV - ok
20:11:58.0085 0x1744 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
20:11:58.0094 0x1744 IPNAT - ok
20:11:58.0127 0x1744 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
20:11:58.0136 0x1744 IRENUM - ok
20:11:58.0160 0x1744 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
20:11:58.0167 0x1744 isapnp - ok
20:11:58.0195 0x1744 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
20:11:58.0209 0x1744 iScsiPrt - ok
20:11:58.0231 0x1744 [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
20:11:58.0236 0x1744 iwdbus - ok
20:11:58.0261 0x1744 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
20:11:58.0271 0x1744 kbdclass - ok
20:11:58.0280 0x1744 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
20:11:58.0288 0x1744 kbdhid - ok
20:11:58.0320 0x1744 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
20:11:58.0328 0x1744 kdnic - ok
20:11:58.0338 0x1744 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
20:11:58.0348 0x1744 KeyIso - ok
20:11:58.0382 0x1744 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
20:11:58.0391 0x1744 KSecDD - ok
20:11:58.0421 0x1744 [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:11:58.0433 0x1744 KSecPkg - ok
20:11:58.0462 0x1744 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
20:11:58.0473 0x1744 ksthunk - ok
20:11:58.0496 0x1744 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
20:11:58.0514 0x1744 KtmRm - ok
20:11:58.0552 0x1744 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
20:11:58.0568 0x1744 LanmanServer - ok
20:11:58.0612 0x1744 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:11:58.0628 0x1744 LanmanWorkstation - ok
20:11:58.0669 0x1744 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
20:11:58.0689 0x1744 lfsvc - ok
20:11:58.0705 0x1744 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
20:11:58.0719 0x1744 lltdio - ok
20:11:58.0746 0x1744 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
20:11:58.0759 0x1744 lltdsvc - ok
20:11:58.0786 0x1744 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
20:11:58.0795 0x1744 lmhosts - ok
20:11:58.0824 0x1744 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
20:11:58.0835 0x1744 LSI_SAS - ok
20:11:58.0859 0x1744 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
20:11:58.0868 0x1744 LSI_SAS2 - ok
20:11:58.0881 0x1744 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
20:11:58.0891 0x1744 LSI_SAS3 - ok
20:11:58.0903 0x1744 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
20:11:58.0911 0x1744 LSI_SSS - ok
20:11:58.0950 0x1744 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
20:11:58.0976 0x1744 LSM - ok
20:11:59.0011 0x1744 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
20:11:59.0022 0x1744 luafv - ok
20:11:59.0061 0x1744 [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:11:59.0066 0x1744 MBAMProtector - ok
20:11:59.0151 0x1744 [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
20:11:59.0179 0x1744 MBAMService - ok
20:11:59.0251 0x1744 [ 8F22037D3F5A6BB676525D825A1388B9, 2AAC748D46136DFA1BE45150BF0AB7707D45391CAC1F63B964D341D11B135C91 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
20:11:59.0259 0x1744 MBAMSwissArmy - ok
20:11:59.0277 0x1744 [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
20:11:59.0282 0x1744 MBAMWebAccessControl - ok
20:11:59.0364 0x1744 [ D8DBCF7C20F3D39AA0037C64118A5FC4, B29CD8F9C3AFED9C55716A331496FC98F563BBB895BF7D36A5C54DCEA37A7366 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe
20:11:59.0375 0x1744 McComponentHostService - ok
20:11:59.0416 0x1744 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
20:11:59.0424 0x1744 megasas - ok
20:11:59.0458 0x1744 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
20:11:59.0481 0x1744 megasr - ok
20:11:59.0507 0x1744 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
20:11:59.0513 0x1744 MEIx64 - ok
20:11:59.0536 0x1744 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
20:11:59.0545 0x1744 MMCSS - ok
20:11:59.0556 0x1744 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
20:11:59.0566 0x1744 Modem - ok
20:11:59.0587 0x1744 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
20:11:59.0595 0x1744 monitor - ok
20:11:59.0604 0x1744 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
20:11:59.0615 0x1744 mouclass - ok
20:11:59.0638 0x1744 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
20:11:59.0648 0x1744 mouhid - ok
20:11:59.0701 0x1744 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
20:11:59.0711 0x1744 mountmgr - ok
20:11:59.0747 0x1744 [ CC11EEB7AF4617D65DF0E9A21FC1ABD0, A683A5FB26E1B9FB4EEB40A9C7186F8433E3FB0A45848DF6102EF07B4DC75AC8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:11:59.0757 0x1744 MozillaMaintenance - ok
20:11:59.0803 0x1744 MpKslce08bbb0 - ok
20:11:59.0827 0x1744 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
20:11:59.0838 0x1744 mpsdrv - ok
20:11:59.0885 0x1744 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
20:11:59.0909 0x1744 MpsSvc - ok
20:11:59.0935 0x1744 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
20:11:59.0944 0x1744 MRxDAV - ok
20:11:59.0969 0x1744 [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:11:59.0985 0x1744 mrxsmb - ok
20:12:00.0008 0x1744 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:12:00.0021 0x1744 mrxsmb10 - ok
20:12:00.0029 0x1744 [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:12:00.0039 0x1744 mrxsmb20 - ok
20:12:00.0064 0x1744 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
20:12:00.0075 0x1744 MsBridge - ok
20:12:00.0108 0x1744 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:12:00.0121 0x1744 MSDTC - ok
20:12:00.0156 0x1744 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:12:00.0177 0x1744 Msfs - ok
20:12:00.0208 0x1744 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:12:00.0215 0x1744 msgpiowin32 - ok
20:12:00.0234 0x1744 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:12:00.0244 0x1744 mshidkmdf - ok
20:12:00.0262 0x1744 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
20:12:00.0270 0x1744 mshidumdf - ok
20:12:00.0309 0x1744 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
20:12:00.0315 0x1744 msisadrv - ok
20:12:00.0335 0x1744 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
20:12:00.0345 0x1744 MSiSCSI - ok
20:12:00.0349 0x1744 msiserver - ok
20:12:00.0364 0x1744 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:12:00.0372 0x1744 MSKSSRV - ok
20:12:00.0392 0x1744 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
20:12:00.0400 0x1744 MsLldp - ok
20:12:00.0429 0x1744 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:12:00.0437 0x1744 MSPCLOCK - ok
20:12:00.0446 0x1744 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:12:00.0454 0x1744 MSPQM - ok
20:12:00.0476 0x1744 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
20:12:00.0496 0x1744 MsRPC - ok
20:12:00.0503 0x1744 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
20:12:00.0513 0x1744 mssmbios - ok
20:12:00.0521 0x1744 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:12:00.0528 0x1744 MSTEE - ok
20:12:00.0540 0x1744 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
20:12:00.0548 0x1744 MTConfig - ok
20:12:00.0566 0x1744 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
20:12:00.0574 0x1744 Mup - ok
20:12:00.0590 0x1744 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
20:12:00.0598 0x1744 mvumis - ok
20:12:00.0633 0x1744 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
20:12:00.0652 0x1744 napagent - ok
20:12:00.0691 0x1744 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:12:00.0707 0x1744 NativeWifiP - ok
20:12:00.0734 0x1744 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
20:12:00.0747 0x1744 NcaSvc - ok
20:12:00.0790 0x1744 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
20:12:00.0800 0x1744 NcbService - ok
20:12:00.0817 0x1744 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
20:12:00.0828 0x1744 NcdAutoSetup - ok
20:12:00.0883 0x1744 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
20:12:00.0917 0x1744 NDIS - ok
20:12:00.0942 0x1744 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
20:12:00.0952 0x1744 NdisCap - ok
20:12:00.0977 0x1744 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
20:12:00.0987 0x1744 NdisImPlatform - ok
20:12:01.0011 0x1744 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:12:01.0019 0x1744 NdisTapi - ok
20:12:01.0096 0x1744 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:12:01.0104 0x1744 Ndisuio - ok
20:12:01.0108 0x1744 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:12:01.0121 0x1744 NdisVirtualBus - ok
20:12:01.0139 0x1744 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:12:01.0154 0x1744 NdisWan - ok
20:12:01.0162 0x1744 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:12:01.0178 0x1744 NdisWanLegacy - ok
20:12:01.0207 0x1744 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:12:01.0216 0x1744 NDProxy - ok
20:12:01.0247 0x1744 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
20:12:01.0256 0x1744 Ndu - ok
20:12:01.0274 0x1744 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:12:01.0282 0x1744 NetBIOS - ok
20:12:01.0320 0x1744 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:12:01.0335 0x1744 NetBT - ok
20:12:01.0350 0x1744 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
20:12:01.0358 0x1744 Netlogon - ok
20:12:01.0393 0x1744 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
20:12:01.0406 0x1744 Netman - ok
20:12:01.0441 0x1744 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
20:12:01.0461 0x1744 netprofm - ok
20:12:01.0507 0x1744 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:12:01.0516 0x1744 NetTcpPortSharing - ok
20:12:01.0554 0x1744 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
20:12:01.0563 0x1744 netvsc - ok
20:12:01.0600 0x1744 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
20:12:01.0617 0x1744 NlaSvc - ok
20:12:01.0643 0x1744 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:12:01.0663 0x1744 Npfs - ok
20:12:01.0699 0x1744 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
20:12:01.0719 0x1744 npsvctrig - ok
20:12:01.0733 0x1744 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
20:12:01.0742 0x1744 nsi - ok
20:12:01.0762 0x1744 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
20:12:01.0770 0x1744 nsiproxy - ok
20:12:01.0858 0x1744 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:12:01.0926 0x1744 Ntfs - ok
20:12:01.0952 0x1744 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
20:12:01.0961 0x1744 Null - ok
20:12:01.0974 0x1744 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
20:12:01.0986 0x1744 nvraid - ok
20:12:02.0003 0x1744 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
20:12:02.0014 0x1744 nvstor - ok
20:12:02.0022 0x1744 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
20:12:02.0031 0x1744 nv_agp - ok
20:12:02.0089 0x1744 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:12:02.0099 0x1744 ose - ok
20:12:02.0132 0x1744 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
20:12:02.0151 0x1744 p2pimsvc - ok
20:12:02.0193 0x1744 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
20:12:02.0209 0x1744 p2psvc - ok
20:12:02.0223 0x1744 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
20:12:02.0232 0x1744 Parport - ok
20:12:02.0273 0x1744 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
20:12:02.0284 0x1744 partmgr - ok
20:12:02.0328 0x1744 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
20:12:02.0344 0x1744 PcaSvc - ok
20:12:02.0363 0x1744 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
20:12:02.0378 0x1744 pci - ok
20:12:02.0415 0x1744 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
20:12:02.0422 0x1744 pciide - ok
20:12:02.0438 0x1744 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
20:12:02.0447 0x1744 pcmcia - ok
20:12:02.0465 0x1744 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
20:12:02.0473 0x1744 pcw - ok
20:12:02.0498 0x1744 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
20:12:02.0508 0x1744 pdc - ok
20:12:02.0554 0x1744 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
20:12:02.0574 0x1744 PEAUTH - ok
20:12:02.0642 0x1744 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
20:12:02.0650 0x1744 PerfHost - ok
20:12:02.0724 0x1744 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
20:12:02.0770 0x1744 pla - ok
20:12:02.0794 0x1744 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
20:12:02.0805 0x1744 PlugPlay - ok
20:12:02.0821 0x1744 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
20:12:02.0832 0x1744 PNRPAutoReg - ok
20:12:02.0853 0x1744 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
20:12:02.0868 0x1744 PNRPsvc - ok
20:12:02.0910 0x1744 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
20:12:02.0927 0x1744 PolicyAgent - ok
20:12:02.0949 0x1744 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
20:12:02.0962 0x1744 Power - ok
20:12:03.0006 0x1744 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:12:03.0016 0x1744 PptpMiniport - ok
20:12:03.0149 0x1744 [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:12:03.0214 0x1744 PrintNotify - ok
20:12:03.0253 0x1744 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
20:12:03.0263 0x1744 Processor - ok
20:12:03.0293 0x1744 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
20:12:03.0308 0x1744 ProfSvc - ok
20:12:03.0341 0x1744 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
20:12:03.0350 0x1744 Psched - ok
20:12:03.0385 0x1744 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
20:12:03.0397 0x1744 QWAVE - ok
20:12:03.0421 0x1744 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
20:12:03.0429 0x1744 QWAVEdrv - ok
20:12:03.0453 0x1744 [ 194ED3C117525613E701FF257882303E, F9D771B573078C6335F352812E24918CB79529BAE2262117E8E0DD4C57AA64C1 ] RadioHIDMini C:\WINDOWS\System32\drivers\RadioHIDMini.sys
20:12:03.0458 0x1744 RadioHIDMini - detected UnsignedFile.Multi.Generic ( 1 )
20:12:05.0931 0x1744 Detect skipped due to KSN trusted
20:12:05.0931 0x1744 RadioHIDMini - ok
20:12:05.0960 0x1744 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:12:05.0968 0x1744 RasAcd - ok
20:12:06.0002 0x1744 [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
20:12:06.0012 0x1744 RasAgileVpn - ok
20:12:06.0034 0x1744 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:12:06.0047 0x1744 RasAuto - ok
20:12:06.0059 0x1744 [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:12:06.0070 0x1744 Rasl2tp - ok
20:12:06.0109 0x1744 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:12:06.0128 0x1744 RasMan - ok
20:12:06.0146 0x1744 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:12:06.0159 0x1744 RasPppoe - ok
20:12:06.0196 0x1744 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
20:12:06.0205 0x1744 RasSstp - ok
20:12:06.0242 0x1744 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:12:06.0259 0x1744 rdbss - ok
20:12:06.0296 0x1744 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
20:12:06.0315 0x1744 rdpbus - ok
20:12:06.0331 0x1744 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
20:12:06.0343 0x1744 RDPDR - ok
20:12:06.0372 0x1744 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:12:06.0382 0x1744 RdpVideoMiniport - ok
20:12:06.0400 0x1744 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
20:12:06.0413 0x1744 rdyboost - ok
20:12:06.0462 0x1744 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
20:12:06.0496 0x1744 ReFS - ok
20:12:06.0531 0x1744 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:12:06.0543 0x1744 RemoteAccess - ok
20:12:06.0564 0x1744 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:12:06.0574 0x1744 RemoteRegistry - ok
20:12:06.0603 0x1744 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
20:12:06.0613 0x1744 RFCOMM - ok
20:12:06.0635 0x1744 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
20:12:06.0645 0x1744 RpcEptMapper - ok
20:12:06.0668 0x1744 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
20:12:06.0678 0x1744 RpcLocator - ok
20:12:06.0732 0x1744 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:12:06.0759 0x1744 RpcSs - ok
20:12:06.0793 0x1744 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
20:12:06.0803 0x1744 rspndr - ok
20:12:06.0839 0x1744 [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys
20:12:06.0849 0x1744 RSUSBVSTOR - ok
20:12:06.0883 0x1744 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
20:12:06.0904 0x1744 RTL8168 - ok
20:12:06.0934 0x1744 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
20:12:06.0942 0x1744 s3cap - ok
20:12:06.0961 0x1744 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
20:12:06.0970 0x1744 SamSs - ok
20:12:07.0002 0x1744 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
20:12:07.0012 0x1744 sbp2port - ok
20:12:07.0046 0x1744 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
20:12:07.0058 0x1744 SCardSvr - ok
20:12:07.0084 0x1744 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
20:12:07.0095 0x1744 ScDeviceEnum - ok
20:12:07.0128 0x1744 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:12:07.0136 0x1744 scfilter - ok
20:12:07.0191 0x1744 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:12:07.0224 0x1744 Schedule - ok
20:12:07.0257 0x1744 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
20:12:07.0270 0x1744 SCPolicySvc - ok
20:12:07.0298 0x1744 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
20:12:07.0312 0x1744 sdbus - ok
20:12:07.0343 0x1744 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
20:12:07.0353 0x1744 sdstor - ok
20:12:07.0381 0x1744 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
20:12:07.0401 0x1744 secdrv - ok
20:12:07.0412 0x1744 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
20:12:07.0424 0x1744 seclogon - ok
20:12:07.0452 0x1744 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
20:12:07.0462 0x1744 SENS - ok
20:12:07.0489 0x1744 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
20:12:07.0501 0x1744 SensrSvc - ok
20:12:07.0517 0x1744 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
20:12:07.0525 0x1744 SerCx - ok
20:12:07.0540 0x1744 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
20:12:07.0551 0x1744 SerCx2 - ok
20:12:07.0577 0x1744 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
20:12:07.0585 0x1744 Serenum - ok
20:12:07.0599 0x1744 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
20:12:07.0608 0x1744 Serial - ok
20:12:07.0628 0x1744 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
20:12:07.0637 0x1744 sermouse - ok
20:12:07.0680 0x1744 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
20:12:07.0695 0x1744 SessionEnv - ok
20:12:07.0723 0x1744 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
20:12:07.0732 0x1744 sfloppy - ok
20:12:07.0785 0x1744 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:12:07.0802 0x1744 SharedAccess - ok
20:12:07.0858 0x1744 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:12:07.0878 0x1744 ShellHWDetection - ok
20:12:07.0912 0x1744 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:12:07.0920 0x1744 SiSRaid2 - ok
20:12:07.0931 0x1744 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
20:12:07.0944 0x1744 SiSRaid4 - ok
20:12:07.0996 0x1744 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:12:08.0012 0x1744 SkypeUpdate - ok
20:12:08.0046 0x1744 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
20:12:08.0057 0x1744 smphost - ok
20:12:08.0080 0x1744 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
20:12:08.0088 0x1744 SNMPTRAP - ok
20:12:08.0126 0x1744 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
20:12:08.0142 0x1744 spaceport - ok
20:12:08.0168 0x1744 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
20:12:08.0179 0x1744 SpbCx - ok
20:12:08.0232 0x1744 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
20:12:08.0258 0x1744 Spooler - ok
20:12:08.0449 0x1744 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
20:12:08.0614 0x1744 sppsvc - ok
20:12:08.0656 0x1744 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:12:08.0670 0x1744 srv - ok
20:12:08.0709 0x1744 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
20:12:08.0743 0x1744 srv2 - ok
20:12:08.0770 0x1744 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:12:08.0782 0x1744 srvnet - ok
20:12:08.0824 0x1744 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:12:08.0840 0x1744 SSDPSRV - ok
20:12:08.0870 0x1744 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
20:12:08.0883 0x1744 SstpSvc - ok
20:12:08.0917 0x1744 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
20:12:08.0926 0x1744 ssudmdm - ok
20:12:08.0958 0x1744 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
20:12:08.0965 0x1744 stexstor - ok
20:12:09.0013 0x1744 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
20:12:09.0036 0x1744 stisvc - ok
20:12:09.0055 0x1744 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
20:12:09.0066 0x1744 storahci - ok
20:12:09.0093 0x1744 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
20:12:09.0102 0x1744 storflt - ok
20:12:09.0139 0x1744 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
20:12:09.0148 0x1744 stornvme - ok
20:12:09.0173 0x1744 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
20:12:09.0184 0x1744 StorSvc - ok
20:12:09.0210 0x1744 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
20:12:09.0219 0x1744 storvsc - ok
20:12:09.0253 0x1744 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
20:12:09.0265 0x1744 svsvc - ok
20:12:09.0286 0x1744 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
20:12:09.0295 0x1744 swenum - ok
20:12:09.0345 0x1744 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
20:12:09.0369 0x1744 swprv - ok
20:12:09.0428 0x1744 SWUpdateService - ok
20:12:09.0459 0x1744 [ 092506B413EA5CCA425B31DCC776D2DC, D9DAB4299657BFD7F176C94F988FD8359E2CE62071457AF5F7EF3722FD3EC0A8 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:12:09.0473 0x1744 SynTP - ok
20:12:09.0534 0x1744 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
20:12:09.0567 0x1744 SysMain - ok
20:12:09.0591 0x1744 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:12:09.0607 0x1744 SystemEventsBroker - ok
20:12:09.0642 0x1744 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:12:09.0653 0x1744 TabletInputService - ok
20:12:09.0686 0x1744 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:12:09.0701 0x1744 TapiSrv - ok
20:12:09.0778 0x1744 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
20:12:09.0845 0x1744 Tcpip - ok
20:12:09.0899 0x1744 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:12:09.0963 0x1744 TCPIP6 - ok
20:12:10.0003 0x1744 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
20:12:10.0011 0x1744 tcpipreg - ok
20:12:10.0051 0x1744 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
20:12:10.0061 0x1744 tdx - ok
20:12:10.0098 0x1744 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
20:12:10.0107 0x1744 terminpt - ok
20:12:10.0171 0x1744 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
20:12:10.0201 0x1744 TermService - ok
20:12:10.0225 0x1744 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
20:12:10.0238 0x1744 Themes - ok
20:12:10.0258 0x1744 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
20:12:10.0269 0x1744 THREADORDER - ok
20:12:10.0313 0x1744 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
20:12:10.0327 0x1744 TimeBroker - ok
20:12:10.0350 0x1744 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
20:12:10.0362 0x1744 TPM - ok
20:12:10.0386 0x1744 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
20:12:10.0396 0x1744 TrkWks - ok
20:12:10.0437 0x1744 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:12:10.0447 0x1744 TrustedInstaller - ok
20:12:10.0464 0x1744 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
20:12:10.0472 0x1744 TsUsbFlt - ok
20:12:10.0502 0x1744 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:12:10.0511 0x1744 TsUsbGD - ok
20:12:10.0646 0x1744 [ 77334CAE68DA54F69CF2F5347092E081, C7D0EF5D49C68DFCFE44F702357F410223A685D87B6F95C9A488082C391CE330 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
20:12:10.0695 0x1744 TuneUp.UtilitiesSvc - ok
20:12:10.0719 0x1744 [ 7BC3381C0713F613B31ACDE38B71CB53, 275A6CB6A6157270C35FD7D6213D0D99030AEE5AE852E0D929CBE879C63FAB2F ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
20:12:10.0724 0x1744 TuneUpUtilitiesDrv - ok
20:12:10.0756 0x1744 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
20:12:10.0768 0x1744 tunnel - ok
20:12:10.0800 0x1744 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
20:12:10.0808 0x1744 uagp35 - ok
20:12:10.0824 0x1744 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
20:12:10.0832 0x1744 UASPStor - ok
20:12:10.0851 0x1744 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
20:12:10.0862 0x1744 UCX01000 - ok
20:12:10.0895 0x1744 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
20:12:10.0910 0x1744 udfs - ok
20:12:10.0940 0x1744 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
20:12:10.0947 0x1744 UEFI - ok
20:12:10.0983 0x1744 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
20:12:10.0992 0x1744 UI0Detect - ok
20:12:11.0021 0x1744 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
20:12:11.0030 0x1744 uliagpkx - ok
20:12:11.0041 0x1744 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
20:12:11.0050 0x1744 umbus - ok
20:12:11.0064 0x1744 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
20:12:11.0073 0x1744 UmPass - ok
20:12:11.0107 0x1744 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
20:12:11.0121 0x1744 UmRdpService - ok
20:12:11.0168 0x1744 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:12:11.0185 0x1744 upnphost - ok
20:12:11.0222 0x1744 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
20:12:11.0233 0x1744 usbccgp - ok
20:12:11.0262 0x1744 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
20:12:11.0271 0x1744 usbcir - ok
20:12:11.0298 0x1744 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
20:12:11.0308 0x1744 usbehci - ok
20:12:11.0347 0x1744 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
20:12:11.0365 0x1744 usbhub - ok
20:12:11.0411 0x1744 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
20:12:11.0428 0x1744 USBHUB3 - ok
20:12:11.0482 0x1744 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
20:12:11.0489 0x1744 usbohci - ok
20:12:11.0512 0x1744 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
20:12:11.0520 0x1744 usbprint - ok
20:12:11.0545 0x1744 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:12:11.0557 0x1744 USBSTOR - ok
20:12:11.0564 0x1744 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
20:12:11.0572 0x1744 usbuhci - ok
20:12:11.0600 0x1744 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
20:12:11.0611 0x1744 usbvideo - ok
20:12:11.0643 0x1744 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:12:11.0656 0x1744 USBXHCI - ok
20:12:11.0668 0x1744 [ 8BECC6BBB746523C9ADF547249012402, 134052B4141BF68416CB422A407E2352B4AA373F75E88BCD48E3E80AE8E914F1 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
20:12:11.0674 0x1744 UxTuneUp - ok
20:12:11.0683 0x1744 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
20:12:11.0694 0x1744 VaultSvc - ok
20:12:11.0730 0x1744 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
20:12:11.0739 0x1744 vdrvroot - ok
20:12:11.0799 0x1744 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
20:12:11.0833 0x1744 vds - ok
20:12:11.0877 0x1744 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
20:12:11.0888 0x1744 VerifierExt - ok
20:12:11.0959 0x1744 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
20:12:11.0979 0x1744 vhdmp - ok
20:12:12.0007 0x1744 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
20:12:12.0017 0x1744 viaide - ok
20:12:12.0033 0x1744 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
20:12:12.0041 0x1744 vmbus - ok
20:12:12.0068 0x1744 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
20:12:12.0078 0x1744 VMBusHID - ok
20:12:12.0120 0x1744 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
20:12:12.0141 0x1744 vmicguestinterface - ok
20:12:12.0156 0x1744 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
20:12:12.0173 0x1744 vmicheartbeat - ok
20:12:12.0190 0x1744 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
20:12:12.0207 0x1744 vmickvpexchange - ok
20:12:12.0221 0x1744 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
20:12:12.0240 0x1744 vmicrdv - ok
20:12:12.0253 0x1744 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
20:12:12.0274 0x1744 vmicshutdown - ok
20:12:12.0287 0x1744 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
20:12:12.0305 0x1744 vmictimesync - ok
20:12:12.0318 0x1744 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
20:12:12.0337 0x1744 vmicvss - ok
20:12:12.0366 0x1744 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
20:12:12.0374 0x1744 volmgr - ok
20:12:12.0385 0x1744 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
20:12:12.0400 0x1744 volmgrx - ok
20:12:12.0422 0x1744 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
20:12:12.0438 0x1744 volsnap - ok
20:12:12.0462 0x1744 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
20:12:12.0472 0x1744 vpci - ok
20:12:12.0510 0x1744 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
20:12:12.0523 0x1744 vsmraid - ok
20:12:12.0582 0x1744 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
20:12:12.0620 0x1744 VSS - ok
20:12:12.0657 0x1744 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
20:12:12.0670 0x1744 VSTXRAID - ok
20:12:12.0723 0x1744 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
20:12:12.0730 0x1744 vwifibus - ok
20:12:12.0762 0x1744 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
20:12:12.0785 0x1744 vwififlt - ok
20:12:12.0810 0x1744 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
20:12:12.0818 0x1744 vwifimp - ok
20:12:12.0856 0x1744 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
20:12:12.0873 0x1744 W32Time - ok
20:12:12.0883 0x1744 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
20:12:12.0892 0x1744 WacomPen - ok
20:12:12.0917 0x1744 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:12:12.0927 0x1744 Wanarp - ok
20:12:12.0932 0x1744 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:12:12.0940 0x1744 Wanarpv6 - ok
20:12:12.0999 0x1744 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
20:12:13.0037 0x1744 wbengine - ok
20:12:13.0073 0x1744 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
20:12:13.0090 0x1744 WbioSrvc - ok
20:12:13.0112 0x1744 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
20:12:13.0129 0x1744 Wcmsvc - ok
20:12:13.0169 0x1744 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
20:12:13.0185 0x1744 wcncsvc - ok
20:12:13.0214 0x1744 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
20:12:13.0223 0x1744 WcsPlugInService - ok
20:12:13.0250 0x1744 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
20:12:13.0261 0x1744 WdBoot - ok
20:12:13.0328 0x1744 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
20:12:13.0351 0x1744 Wdf01000 - ok
20:12:13.0375 0x1744 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
20:12:13.0390 0x1744 WdFilter - ok
20:12:13.0424 0x1744 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
20:12:13.0437 0x1744 WdiServiceHost - ok
20:12:13.0441 0x1744 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
20:12:13.0454 0x1744 WdiSystemHost - ok
20:12:13.0471 0x1744 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:12:13.0482 0x1744 WdNisDrv - ok
20:12:13.0499 0x1744 WdNisSvc - ok
20:12:13.0530 0x1744 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
20:12:13.0541 0x1744 WebClient - ok
20:12:13.0575 0x1744 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
20:12:13.0588 0x1744 Wecsvc - ok
20:12:13.0607 0x1744 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
20:12:13.0637 0x1744 WEPHOSTSVC - ok
20:12:13.0665 0x1744 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
20:12:13.0690 0x1744 wercplsupport - ok
20:12:13.0709 0x1744 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
20:12:13.0723 0x1744 WerSvc - ok
20:12:13.0767 0x1744 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
20:12:13.0777 0x1744 WFPLWFS - ok
20:12:13.0802 0x1744 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
20:12:13.0811 0x1744 WiaRpc - ok
20:12:13.0835 0x1744 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
20:12:13.0844 0x1744 WIMMount - ok
20:12:13.0846 0x1744 WinDefend - ok
20:12:13.0905 0x1744 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:12:13.0929 0x1744 WinHttpAutoProxySvc - ok
20:12:13.0977 0x1744 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:12:13.0988 0x1744 Winmgmt - ok
20:12:14.0086 0x1744 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:12:14.0145 0x1744 WinRM - ok
20:12:14.0187 0x1744 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
20:12:14.0195 0x1744 WinUsb - ok
20:12:14.0252 0x1744 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
20:12:14.0296 0x1744 WlanSvc - ok
20:12:14.0373 0x1744 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
20:12:14.0418 0x1744 wlidsvc - ok
20:12:14.0445 0x1744 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
20:12:14.0453 0x1744 WmiAcpi - ok
20:12:14.0490 0x1744 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:12:14.0501 0x1744 wmiApSrv - ok
20:12:14.0518 0x1744 WMPNetworkSvc - ok
20:12:14.0552 0x1744 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
20:12:14.0564 0x1744 Wof - ok
20:12:14.0642 0x1744 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
20:12:14.0682 0x1744 workfolderssvc - ok
20:12:14.0707 0x1744 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
20:12:14.0716 0x1744 wpcfltr - ok
20:12:14.0735 0x1744 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
20:12:14.0745 0x1744 WPCSvc - ok
20:12:14.0778 0x1744 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
20:12:14.0791 0x1744 WPDBusEnum - ok
20:12:14.0812 0x1744 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:12:14.0819 0x1744 WpdUpFltr - ok
20:12:14.0852 0x1744 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:12:14.0862 0x1744 ws2ifsl - ok
20:12:14.0890 0x1744 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
20:12:14.0903 0x1744 wscsvc - ok
20:12:14.0912 0x1744 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
20:12:14.0920 0x1744 WSDPrintDevice - ok
20:12:14.0940 0x1744 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\System32\drivers\WSDScan.sys
20:12:14.0948 0x1744 WSDScan - ok
20:12:14.0951 0x1744 WSearch - ok
20:12:15.0059 0x1744 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
20:12:15.0153 0x1744 WSService - ok
20:12:15.0276 0x1744 [ 3F726FF7B1ACC7D5E89940EA5BFF0E61, DF84486870C677B30985005A909CFDF8446BD566F601A295FF29F258E1D1AFF4 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
20:12:15.0357 0x1744 wuauserv - ok
20:12:15.0393 0x1744 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
20:12:15.0402 0x1744 WudfPf - ok
20:12:15.0433 0x1744 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
20:12:15.0446 0x1744 WUDFRd - ok
20:12:15.0452 0x1744 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\System32\drivers\WUDFRd.sys
20:12:15.0463 0x1744 WUDFSensorLP - ok
20:12:15.0489 0x1744 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
20:12:15.0500 0x1744 wudfsvc - ok
20:12:15.0522 0x1744 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
20:12:15.0533 0x1744 WUDFWpdFs - ok
20:12:15.0539 0x1744 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
20:12:15.0553 0x1744 WUDFWpdMtp - ok
20:12:15.0589 0x1744 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
20:12:15.0609 0x1744 WwanSvc - ok
20:12:15.0648 0x1744 [ 03CD249A16CF815FFFD347DC61EF9E6D, 3DE860B1BACF3F1D48B773FD6F4E25977F5193F01897278AED6CD276595356CE ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
20:12:15.0657 0x1744 ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
20:12:18.0144 0x1744 Detect skipped due to KSN trusted
20:12:18.0144 0x1744 ZAtheros Bt and Wlan Coex Agent - ok
20:12:18.0155 0x1744 ================ Scan global ===============================
20:12:18.0213 0x1744 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
20:12:18.0249 0x1744 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
20:12:18.0280 0x1744 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
20:12:18.0305 0x1744 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
20:12:18.0312 0x1744 [ Global ] - ok
20:12:18.0312 0x1744 ================ Scan MBR ==================================
20:12:18.0325 0x1744 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:12:18.0425 0x1744 \Device\Harddisk0\DR0 - ok
20:12:18.0431 0x1744 [ 1C7541521776A69244D30AC7B78AD174 ] \Device\Harddisk1\DR1
20:12:18.0548 0x1744 \Device\Harddisk1\DR1 - ok
20:12:18.0548 0x1744 ================ Scan VBR ==================================
20:12:18.0550 0x1744 [ B7C21B5FF06971933315A538A3AABF9C ] \Device\Harddisk0\DR0\Partition1
20:12:18.0558 0x1744 \Device\Harddisk0\DR0\Partition1 - ok
20:12:18.0570 0x1744 [ 5E44F906C2356CADA7B5CA6C3FE29B5E ] \Device\Harddisk0\DR0\Partition2
20:12:18.0579 0x1744 \Device\Harddisk0\DR0\Partition2 - ok
20:12:18.0588 0x1744 [ AE5ADFEE0D015A1B00D6211A33DDF529 ] \Device\Harddisk0\DR0\Partition3
20:12:18.0588 0x1744 \Device\Harddisk0\DR0\Partition3 - ok
20:12:18.0602 0x1744 [ 73C1043C1C680C6AB54957ADBFBC3EFA ] \Device\Harddisk0\DR0\Partition4
20:12:18.0619 0x1744 \Device\Harddisk0\DR0\Partition4 - ok
20:12:18.0644 0x1744 [ D0031F45E9C5B2508304346259F7278D ] \Device\Harddisk0\DR0\Partition5
20:12:18.0660 0x1744 \Device\Harddisk0\DR0\Partition5 - ok
20:12:18.0674 0x1744 [ 29DAFF8C47EB4F343ED499BADB4B465E ] \Device\Harddisk0\DR0\Partition6
20:12:18.0687 0x1744 \Device\Harddisk0\DR0\Partition6 - ok
20:12:18.0702 0x1744 [ 8B43A3D3CEB01B9AFBB041B9F8DA5A7D ] \Device\Harddisk0\DR0\Partition7
20:12:18.0702 0x1744 \Device\Harddisk0\DR0\Partition7 - ok
20:12:18.0703 0x1744 ================ Scan generic autorun ======================
20:12:19.0107 0x1744 [ 6947FF3D8868225600913BE99A653A59, 7FDC4A4BFE7473D8EE281A362C37DCFB6E3DB7E5136E225117ECB7F60580CD77 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:12:19.0498 0x1744 RtHDVCpl - ok
20:12:19.0541 0x1744 [ E85BD90950497619C39D1F5068228CF4, BA5CD7035EC1ACDB214EB8D534B00EA409739DD2DDD01D92D98A1B3925FB428E ] C:\windows\system32\igfxtray.exe
20:12:19.0556 0x1744 IgfxTray - ok
20:12:19.0588 0x1744 [ 22ABE03E569F93E0A6EDE41366EE4604, C818EBF234C6907DA2ADBA0549C3A4786986E1704A21BA54DC298F4FFDE55EC8 ] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
20:12:19.0629 0x1744 BtTray - detected UnsignedFile.Multi.Generic ( 1 )
20:12:22.0113 0x1744 Detect skipped due to KSN trusted
20:12:22.0113 0x1744 BtTray - ok
20:12:22.0140 0x1744 [ 45D7C498FB3BFEDC1241878DEECE3C96, 3A25C8DEDAB4E1EC1DA448070E9798A524FB4DB7E06A359FA849A9B9A248B3EB ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
20:12:22.0153 0x1744 BtvStack - detected UnsignedFile.Multi.Generic ( 1 )
20:12:24.0666 0x1744 Detect skipped due to KSN trusted
20:12:24.0666 0x1744 BtvStack - ok
20:12:24.0667 0x1744 SynTPEnh - ok
20:12:24.0752 0x1744 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:12:24.0779 0x1744 Adobe ARM - ok
20:12:24.0834 0x1744 [ 28BBBFCC1AD839D1EED3AB392353590F, 9273EF234AC64DBC50EC25DE2DB5B99AAB42F340D9F7327F2AD88CAAC887EDDC ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
20:12:24.0839 0x1744 IAStorIcon - ok
20:12:24.0893 0x1744 [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
20:12:24.0901 0x1744 CLMLServer_For_P2G8 - ok
20:12:24.0929 0x1744 [ 44C5C8A5DF192FDC4D530F57612FA49C, DD8D69698361CBD042AEB69BC040DAD92BB642429B68A9169247E1A8A96D391D ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
20:12:24.0943 0x1744 CLVirtualDrive - ok
20:12:24.0978 0x1744 [ 43E946AAD268FEAFB1E286677E70CB5D, 7798926B3CF11D1CF7DFF9B3D67AD3DC67010A62F3132CAEA273EB299A61B176 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
20:12:24.0987 0x1744 Intel AppUp(SM) center - ok
20:12:25.0019 0x1744 [ AE29724E282EDBE7D0F49E9982642EFD, E7637C08A35F1D7AF810500804FAC45557C5598FA887BE26484B50D305213658 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
20:12:25.0026 0x1744 RemoteControl10 - ok
20:12:25.0066 0x1744 [ 61C6C887A22065A630E46820BA6B8940, A08FA9DA790E8B8A8D8DF1D3CC040773AA5315C1EA3F8C37BFBCDA475ED2453B ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
20:12:25.0079 0x1744 ConnectionCenter - ok
20:12:25.0111 0x1744 [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:12:25.0118 0x1744 APSDaemon - ok
20:12:25.0190 0x1744 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe
20:12:25.0201 0x1744 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
20:12:27.0706 0x1744 Detect skipped due to KSN trusted
20:12:27.0706 0x1744 QuickTime Task - ok
20:12:27.0798 0x1744 [ 73F1B07CF82235B25BCC3E9A7522ACCB, 47221B8DFF5A44050AFB0AB5A249FEECE36BE2E000D6529E099128EEDFA647DA ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:12:27.0821 0x1744 StartCCC - ok
20:12:27.0872 0x1744 Dropbox - ok
20:12:27.0921 0x1744 upgmsd_de_005010101.exe - ok
20:12:28.0042 0x1744 [ 70E4C176B99906958D2D8A98963EF9B6, 2577AB95C58513932294B4389C4F7B212AC9B41F10BD4DACFC8C0131F6B4B94B ] C:\Users\Fabian\AppData\Local\gmsd_de_005010100\upgmsd_de_005010100.exe
20:12:28.0092 0x1744 Suspicious file ( Forged ): C:\Users\Fabian\AppData\Local\gmsd_de_005010100\upgmsd_de_005010100.exe. Real md5: 70E4C176B99906958D2D8A98963EF9B6, sha256: 2577AB95C58513932294B4389C4F7B212AC9B41F10BD4DACFC8C0131F6B4B94B, fake md5: 32F72289F9B2585CBFE6A057FBB55A1F, fake sha256: 607373CE8F74ED14C342984D9F779156E662CE6D1B274BD4C880541ED205BA71
20:12:28.0094 0x1744 upgmsd_de_005010100.exe - detected ForgedFile.Multi.Generic ( 1 )
20:12:30.0630 0x1744 upgmsd_de_005010100.exe ( ForgedFile.Multi.Generic ) - warning
20:12:33.0186 0x1744 [ A994A921E954BA55BEA4CC8767F64E0F, 06883BE86BD7A13A33802166874096E00903732B8EB53B715F8F72DDE0EC5668 ] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe
20:12:33.0191 0x1744 Malwarebytes Anti-Malware (cleanup) - ok
20:12:33.0233 0x1744 [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
20:12:33.0240 0x1744 swg - ok
20:12:33.0264 0x1744 [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe
20:12:33.0271 0x1744 Facebook Update - ok
20:12:33.0333 0x1744 [ 369993D4B8C009393A2F9BCBB7BD2587, DD9FBF8C32BB3A29F7062BABA23B84FB9F7395A4AB3FB7001071154CDE92F7D5 ] C:\Program Files (x86)\Windows Mail\wab.exe
20:12:33.0365 0x1744 WAB Migrate - ok
20:12:33.0377 0x1744 [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
20:12:33.0382 0x1744 swg - ok
20:12:33.0408 0x1744 [ 369993D4B8C009393A2F9BCBB7BD2587, DD9FBF8C32BB3A29F7062BABA23B84FB9F7395A4AB3FB7001071154CDE92F7D5 ] C:\Program Files (x86)\Windows Mail\wab.exe
20:12:33.0426 0x1744 WAB Migrate - ok
20:12:33.0427 0x1744 Waiting for KSN requests completion. In queue: 6
20:12:34.0428 0x1744 Waiting for KSN requests completion. In queue: 6
20:12:35.0429 0x1744 Waiting for KSN requests completion. In queue: 6
20:12:36.0436 0x1744 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x61100 ( enabled : updated )
20:12:36.0439 0x1744 Win FW state via NFP2: enabled ( trusted )
20:12:38.0812 0x1744 ============================================================
20:12:38.0812 0x1744 Scan finished
20:12:38.0812 0x1744 ============================================================
20:12:38.0820 0x1bd8 Detected object count: 1
20:12:38.0820 0x1bd8 Actual detected object count: 1
20:12:50.0131 0x1bd8 upgmsd_de_005010100.exe ( ForgedFile.Multi.Generic ) - skipped by user
20:12:50.0131 0x1bd8 upgmsd_de_005010100.exe ( ForgedFile.Multi.Generic ) - User select action: Skip
|
|
29.09.2015, 20:47
| #5 |
| /// TB-Ausbilder | Windows 7/8: Continue Live Installation (und mehr?) eingefangen Servus, da haste ja eine ganze Menge an Adware auf deinem Rechner.  Daher bist du ab sofort mein neuer Lieblingsfreund.  Wir beginnen erst einmal so: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
29.09.2015, 22:37
| #6 |
| | Logdatei ADWCleanerCode:
ATTFilter # AdwCleaner v5.009 - Bericht erstellt am 29/09/2015 um 22:27:59
# Aktualisiert am 27/09/2015 von Xplode
# Datenbank : 2015-09-27.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Fabian - FABUS
# Gestartet von : C:\Users\Fabian\Downloads\AdwCleaner_5.009.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
[-] Dienst Gelöscht : globalUpdate
[-] Dienst Gelöscht : globalUpdatem
[-] Dienst Gelöscht : pcsuservice
[-] Dienst Gelöscht : SCService
[-] Dienst Gelöscht : SSFK
[-] Dienst Gelöscht : WdsManPro
[-] Dienst Gelöscht : ihpmServer
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
[-] Ordner Gelöscht : C:\Program Files (x86)\pc speed up
[-] Ordner Gelöscht : C:\Program Files (x86)\predm
[-] Ordner Gelöscht : C:\Program Files (x86)\SpeedAnalysis.com
[-] Ordner Gelöscht : C:\Program Files (x86)\VideoPerformer
[-] Ordner Gelöscht : C:\Program Files (x86)\Check Point Software Technologies LTD
[-] Ordner Gelöscht : C:\Program Files (x86)\SFK
[-] Ordner Gelöscht : C:\Program Files (x86)\RayDld
[-] Ordner Gelöscht : C:\Program Files (x86)\A2F8EA6C-1443540423-E211-83C6-B888E3FC2648
[-] Ordner Gelöscht : C:\Program Files (x86)\CinePlus-1.44V29.09
[-] Ordner Gelöscht : C:\ProgramData\Babylon
[-] Ordner Gelöscht : C:\ProgramData\Tarma Installer
[-] Ordner Gelöscht : C:\ProgramData\1WdsManPro1
[-] Ordner Gelöscht : C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
[-] Ordner Gelöscht : C:\ProgramData\DatacardService
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\Local\globalUpdate
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\Local\A2F8EA6C-1443547698-E211-83C6-B888E3FC2648
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\LocalLow\Delta
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\DSite
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\PerformerSoft
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\Check Point Software Technologies LTD
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\Extensions\128
[-] Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\Extensions\ffxtlbr@zonealarm.com
[!] Ordner Nicht Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\Extensions\128
[-] Ordner Gelöscht : C:\Users\Weltklasse\AppData\LocalLow\Delta
[-] Ordner Gelöscht : C:\Users\Weltklasse\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.ask.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.ask.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.yhs4.search.yahoo.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.yhs4.search.yahoo.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_photoscape.softonic.de_0.localstorage
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_photoscape.softonic.de_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\invalidprefs.js
[-] Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\searchplugins\zonealarm.xml
[-] Datei Gelöscht : C:\Users\Fabian\Desktop\Continue Live Installation.lnk
[-] Datei Gelöscht : C:\WINDOWS\Sysnative\cpuminer-conf.json
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
[-] Task Gelöscht : Adobe Flash Player Updater
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
[-] Wert Gelöscht : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
[-] Wert Gelöscht : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
[-] Wert Gelöscht : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
[-] Schlüssel Gelöscht : HKCU\Software\5e28d8db66eeb49
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\751ea961-5674-484d-9dc8-40229e5255be
[-] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Schlüssel Gelöscht : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C402865-4845-409D-BD6C-FC55DFAC509C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{30195ABF-E343-4827-9EE0-CF88CD0C2457}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5D08AF8C-7CC2-45A4-BBA7-E997C3B21CDB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\IBUpdaterService
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Schlüssel Gelöscht : HKCU\Software\APN PIP
[-] Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
[-] Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Pokki
[-] Schlüssel Gelöscht : HKCU\Software\Tutorials
[-] Schlüssel Gelöscht : HKCU\Software\CrossBrowser
[-] Schlüssel Gelöscht : HKCU\Software\Crossbrowse
[-] Schlüssel Gelöscht : HKCU\Software\YorkNewCin
[-] Schlüssel Gelöscht : HKCU\Software\HighDefAction
[-] Schlüssel Gelöscht : HKCU\Software\ArenaHD
[-] Schlüssel Gelöscht : HKCU\Software\DAILYPCCLEAN
[-] Schlüssel Gelöscht : HKCU\Software\CinePlus-1.44V29.09
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinePlus-1.44V29.09
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\APN PIP
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\GlobalUpdate
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Pokki
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Tutorials
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\CrossBrowser
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Crossbrowse
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\YorkNewCin
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\HighDefAction
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\ArenaHD
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\DAILYPCCLEAN
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\CinePlus-1.44V29.09
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpuminer
[!] Schlüssel Nicht Gelöscht : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\AppDataLow\Software\Crossrider
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\AppDataLow\Software\lyrixeeker
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\AppDataLow\Software\SmartWeb
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
***** [ Internetbrowser ] *****
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=55ae97b08b424b198a0d350b62d91f50&tu=10GX000841B0008&sku=&tstsId=&ver=&");
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.zonealarm.hpOld0", "hxxp://www.delta-search.com/?affID=119649&tt=190313_wo1&babsrc=HP_ss&mntrId=54CD50B7C3614C10");
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=55ae97b08b424b198a0d350b62d91f50&tu=10GXz00Co1C01u0&sku=&tstsId=&ver=&&q=");
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=de&gu=55ae97b08b424b198a0d350b62d91f50&tu=10GX000841B0008&sku=&tstsId=&ver=&");
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=55ae97b08b424b198a0d350b62d91f50&tu=10GXz00Co1C01u0&sku=&tstsId=&ver=&&q=");
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("extentions.y2layers.installId", "4fa678e3-4777-4f89-b294-4a422a33b235");
[-] [C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\prefs.js] [Preference] Gelöscht : user_pref("keyword.URL", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=55ae97b08b424b198a0d350b62d91f50&tu=10GXz00Co1C01u0&sku=&tstsId=&ver=&&q=");
[-] [C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : www1.delta-search.com
[-] [C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : delta-search.com
[-] [C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Gelöscht : hxxp://www.mystartsearch.com/?type=hp&ts=1443541655&z=95f1fd592bc84a8cc7f9954g0z2z4c9wcz8g3zfq4g&from=cmi&uid=HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX
[-] [C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Gelöscht : hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] [C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : papbadoldddalgcjcicnikcfenodpghp
[-] [C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Gelöscht : hxxp://www.mystartsearch.com/?type=hp&ts=1443541655&z=95f1fd592bc84a8cc7f9954g0z2z4c9wcz8g3zfq4g&from=cmi&uid=HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX
[-] [C:\Users\Weltklasse\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : de.ask.com
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [28366 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 29.09.2015 Suchlaufzeit: 22:45 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.09.29.06 Rootkit-Datenbank: v2015.09.22.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Fabian Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 487491 Abgelaufene Zeit: 31 Min., 38 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 5 PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}, In Quarantäne, [c8e250e58b0038fe46b3936158aa7888], PUP.Optional.MyBrowser, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}, In Quarantäne, [c8e250e58b0038fe46b3936158aa7888], PUP.Optional.CinePlus, HKLM\SOFTWARE\WOW6432NODE\CinePlus-1.44V29.09-nv-ie, In Quarantäne, [1595fb3ab3d8c76f49a240556a9aa957], PUP.Optional.CinePlus, HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\CinePlus-1.44V29.09-nv, In Quarantäne, [41695fd6a2e9f64043a7d3c2db29f60a], PUP.Optional.CinePlus, HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\CinePlus-1.44V29.09-nv-ie, In Quarantäne, [f2b8d164018aa0963baf1283c73d9c64], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 15 PUP.Optional.CrossRider, C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe, In Quarantäne, [a604a78e890253e31599094d748c22de], PUP.Optional.CrossRider, C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe, In Quarantäne, [7b2f44f1008b60d62e31b70525dc857b], PUP.Optional.CrossRider, C:\Program Files (x86)\42db7398-4c6e-4869-8b96-ba76ddc26801\0de7bdcd-3e95-4d20-9145-99885918aa6f.dll, In Quarantäne, [73372a0b9fec171f12780cac4db4b749], PUP.Optional.Nova, C:\Program Files (x86)\42db7398-4c6e-4869-8b96-ba76ddc26801\9bb21ec4-ae94-4405-b395-5d41a0f6b0fb.dll, In Quarantäne, [5c4e70c5bbd08babc11e754ae51c20e0], PUP.Optional.EoRezo, C:\Users\Fabian\AppData\Local\Temp\is-2GQ7R.tmp\380.exe, In Quarantäne, [545638fd0d7e63d3936bb5076c95847c], PUP.Optional.EoRezo, C:\Users\Fabian\AppData\Local\Temp\is-2GQ7R.tmp\420.exe, In Quarantäne, [9515cc69c2c92a0ca15d6c500cf51be5], PUP.Optional.EoRezo, C:\Users\Fabian\AppData\Local\Temp\is-2GQ7R.tmp\455.exe, In Quarantäne, [d7d30d288dfe3006e5196a52e21ff30d], PUP.Optional.EoRezo, C:\Users\Fabian\AppData\Local\Temp\is-2GQ7R.tmp\465.exe, In Quarantäne, [ebbf7bbaa0ebe452f905af0de61b9b65], PUP.Optional.EoRezo, C:\Users\Fabian\AppData\Local\Temp\is-2GQ7R.tmp\473.exe, In Quarantäne, [466472c38dfed561ce3053696d941ee2], PUP.Optional.EoRezo, C:\Users\Fabian\AppData\Local\Temp\is-2GQ7R.tmp\600.exe, In Quarantäne, [525842f3bad1ef47bb43972519e89070], PUP.Optional.EoRezo, C:\Users\Fabian\AppData\Local\Temp\is-2GQ7R.tmp\package_BubbleSound_installer_multilang.exe, In Quarantäne, [3a7039fca4e79a9c44baa715ae531ee2], PUP.Optional.EoRezo, C:\Users\Fabian\AppData\Local\Temp\is-2GQ7R.tmp\package_oursurfing_installer_multilang.exe, In Quarantäne, [4c5e74c1e2a969cd4fafba024db4de22], PUP.Optional.EoRezo, C:\Users\Fabian\AppData\Local\Temp\is-2GQ7R.tmp\package_SByoutube_installer_multilang.exe, In Quarantäne, [92181f166625fc3ace304775649dca36], PUP.Optional.Tuto4PC, C:\Users\Fabian\AppData\Local\Temp\is-QAFKK.tmp\gentlemjmp_ieu.exe, In Quarantäne, [efbbcf66dcaf37ffc9135b57f4113ac6], PUP.Optional.AnyProtect, C:\Users\Fabian\AppData\Local\nsg7914.tmp, In Quarantäne, [1199c66fdfacea4c3e4cd9b953af6799], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by Fabian on 29.09.2015 at 23:28:42,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
~~~ Files
Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
~~~ Folders
Successfully deleted: [Folder] C:\Users\Fabian\Appdata\Local\tempdir
~~~ FireFox
Successfully deleted the following from C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\6dxoysjt.default\prefs.js
user_pref(browser.search.searchengine.alias, mystartsearch);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.mystartsearch.com/favicon.ico);
user_pref(browser.search.searchengine.name, mystartsearch);
user_pref(browser.search.searchengine.ptid, cmi);
user_pref(browser.search.searchengine.uid, HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX);
user_pref(browser.search.searchengine.url, hxxp://www.mystartsearch.com/web/?type=ds&ts=1443544239&z=0a446fd311a8435d266f9cfgdzez8cfw0z0z5ecz0m&from=cmi&uid=HitachiXHTS5475
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, de);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 54cd2b7800000000000050b7c3614c10);
user_pref(extensions.delta.instlDay, 15913);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.22.0);
user_pref(extensions.delta.vrsnTs, 1.8.22.010:13:57);
user_pref(extensions.delta.vrsni, 1.8.22.0);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=121564&tsp=4956);
user_pref(extensions.delta_i.srcExt, ss);
Emptied folder: C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\6dxoysjt.default\minidumps [12 files]
~~~ Chrome
[C:\Users\Fabian\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Fabian\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
papbadoldddalgcjcicnikcfenodpghp
[C:\Users\Fabian\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Fabian\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.09.2015 at 23:30:59,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
durchgeführt von Fabian (Administrator) auf FABUS (29-09-2015 23:34:24)
Gestartet von C:\Users\Fabian\Downloads
Geladene Profile: Fabian (Verfügbare Profile: Fabian & Weltklasse & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2013-01-01] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2793200 2013-11-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710720 2015-09-25] (Dropbox, Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-31] (Google Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [Facebook Update] => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-26] (Facebook Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\MountPoints2: {22932296-5eba-11e4-bf1b-50b7c3614c0f} - "E:\AutoRun.exe"
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\MountPoints2: {5819ac44-78c4-11e4-bf1c-001e101f8d7f} - "E:\AutoRun.exe"
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\MountPoints2: {ddca8fa6-5d0d-11e4-bf1a-50b7c3614c0f} - "E:\AutoRun.exe"
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\MountPoints2: {ddca8fe2-5d0d-11e4-bf1a-50b7c3614c0f} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-05]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Weltklasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-09]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{83FF6AEB-B3D1-430F-B3D2-D431FDBC3517}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL =
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-03-30] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-10-31] (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-29] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-03-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-03-30] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-29] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-03-30] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-03-30] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> Kein Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-03-30] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1443541655&z=95f1fd592bc84a8cc7f9954g0z2z4c9wcz8g3zfq4g&from=cmi&uid=HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-05-23] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-03-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2678595623-4148133582-4009595467-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Fabian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2678595623-4148133582-4009595467-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-07-13] (Intel)
FF SearchPlugin: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\searchplugins\youtube-videosuche.xml [2015-05-09]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\pdf.dll => Keine Datei
CHR Plugin: (Norton Confidential) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-31]
CHR Extension: (Google-Suche) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-28]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Google Mail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-31]
StartMenuInternet: Google Chrome - Chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-29] (Dropbox, Inc.)
S2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Datei ist nicht signiert]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-12-10] (TuneUp Software)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-10-31] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2013-01-01] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
S1 MpKslce08bbb0; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D842C845-EC9E-4F68-9647-40816D3CEB29}\MpKslce08bbb0.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-29 23:30 - 2015-09-29 23:30 - 00003977 _____ C:\Users\Fabian\Desktop\JRT.txt
2015-09-29 23:28 - 2015-09-29 20:15 - 01801288 _____ (Malwarebytes) C:\Users\Fabian\Desktop\JRT.exe
2015-09-29 23:27 - 2015-09-29 23:28 - 01798976 _____ (Malwarebytes) C:\Users\Fabian\Downloads\JRT.exe
2015-09-29 23:24 - 2015-09-29 23:24 - 00004046 _____ C:\Users\Fabian\Desktop\mbam.txt
2015-09-29 22:33 - 2015-09-29 22:39 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Fabian\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-29 22:26 - 2015-09-29 22:27 - 00000000 ____D C:\AdwCleaner
2015-09-29 22:23 - 2015-09-29 22:23 - 01670656 _____ C:\Users\Fabian\Downloads\AdwCleaner_5.009.exe
2015-09-29 20:08 - 2015-09-29 20:09 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Fabian\Downloads\tdsskiller.exe
2015-09-29 20:07 - 2015-09-29 20:06 - 00057731 _____ C:\Users\Fabian\Desktop\FRST.txt
2015-09-29 20:07 - 2015-09-29 20:06 - 00042749 _____ C:\Users\Fabian\Desktop\Addition.txt
2015-09-29 20:06 - 2015-09-29 20:06 - 00042749 _____ C:\Users\Fabian\Downloads\Addition.txt
2015-09-29 20:04 - 2015-09-29 23:34 - 00025512 _____ C:\Users\Fabian\Downloads\FRST.txt
2015-09-29 20:04 - 2015-09-29 23:34 - 00000000 ____D C:\FRST
2015-09-29 20:03 - 2015-09-29 20:03 - 02192384 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2015-09-29 20:03 - 2015-09-29 20:03 - 01696256 _____ (Farbar) C:\Users\Fabian\Downloads\FRST.exe
2015-09-29 20:01 - 2015-09-29 19:12 - 00000108 _____ C:\Users\Fabian\Desktop\Wichtig.txt
2015-09-29 18:34 - 2015-09-29 23:19 - 00001026 _____ C:\WINDOWS\Tasks\MZhXnKSOZpeGB0VKC0d.job
2015-09-29 18:34 - 2015-09-29 23:19 - 00001014 _____ C:\WINDOWS\Tasks\5naU0BRS17ZiL.job
2015-09-29 18:34 - 2015-09-29 18:34 - 00004028 _____ C:\WINDOWS\System32\Tasks\MZhXnKSOZpeGB0VKC0d
2015-09-29 18:34 - 2015-09-29 18:34 - 00004016 _____ C:\WINDOWS\System32\Tasks\5naU0BRS17ZiL
2015-09-29 18:33 - 2015-09-29 23:17 - 00000000 ____D C:\Program Files (x86)\42db7398-4c6e-4869-8b96-ba76ddc26801
2015-09-29 18:33 - 2015-09-29 19:33 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-29 17:47 - 2015-09-29 17:47 - 00000588 _____ C:\task.vbs
2015-09-29 17:35 - 2015-09-29 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-29 17:35 - 2015-09-29 17:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-29 17:29 - 2015-09-29 17:29 - 03687352 _____ (Sony Corporation) C:\Users\Fabian\Downloads\picture-motion-browser-5.8.02.exe
2015-09-29 17:27 - 2015-09-06 12:54 - 00000856 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-09-29 17:21 - 2015-09-29 19:56 - 00001271 _____ C:\Users\Fabian\Desktop\Continue installation .lnk
2015-09-29 17:19 - 2015-09-29 17:20 - 01567200 _____ C:\Users\Fabian\Downloads\Sony+dcr+dvd106+driver+wi_10924_i65360158_il345.exe
2015-09-29 13:07 - 2015-09-29 23:20 - 00000000 ___RD C:\Users\Fabian\Dropbox
2015-09-29 13:07 - 2015-09-29 19:56 - 00001234 _____ C:\Users\Fabian\Desktop\Dropbox.lnk
2015-09-29 13:05 - 2015-09-29 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-29 13:03 - 2015-09-29 13:03 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Dropbox
2015-09-29 12:55 - 2015-09-29 23:20 - 00000000 ____D C:\Users\Fabian\AppData\Local\Dropbox
2015-09-29 12:55 - 2015-09-29 23:19 - 00001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-29 12:55 - 2015-09-29 23:00 - 00001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-29 12:55 - 2015-09-29 13:05 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-09-29 12:55 - 2015-09-29 12:55 - 00660960 _____ (Dropbox, Inc.) C:\Users\Fabian\Downloads\DropboxInstaller.exe
2015-09-29 12:55 - 2015-09-29 12:55 - 00004198 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-09-29 12:55 - 2015-09-29 12:55 - 00003962 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-09-29 12:55 - 2015-09-29 12:55 - 00000000 ____D C:\ProgramData\Dropbox
2015-09-19 18:36 - 2015-09-19 18:40 - 00000000 ____D C:\Users\Fabian\Desktop\Tennis neu
2015-09-16 17:05 - 2015-09-16 17:05 - 02517044 _____ C:\Users\Fabian\Downloads\Foto(1).zip
2015-09-15 13:23 - 2015-09-15 13:23 - 00826072 _____ C:\WINDOWS\Minidump\091515-44859-01.dmp
2015-09-15 12:13 - 2015-09-15 12:13 - 00798800 _____ C:\WINDOWS\Minidump\091515-53031-01.dmp
2015-09-09 13:19 - 2015-09-09 13:19 - 01028457 _____ C:\Users\Fabian\Downloads\Hh.zip
2015-09-08 23:33 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-08 23:33 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-08 23:33 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-08 23:33 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-08 23:33 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-08 23:33 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-08 23:33 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-08 23:33 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-08 23:32 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-08 23:32 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-08 23:32 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-08 23:32 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-08 23:32 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-08 23:32 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-08 23:32 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-08 23:32 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-08 23:32 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-08 23:32 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-08 23:32 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-08 23:32 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-08 23:32 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-08 23:32 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-08 23:32 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-08 23:32 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-08 23:32 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-08 23:32 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-08 23:32 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-08 23:32 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-08 23:32 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-08 23:32 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-08 23:32 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-08 23:32 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-08 23:32 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-08 23:32 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-08 23:32 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-08 23:32 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-08 23:32 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-08 23:32 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-08 23:32 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-08 23:32 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-08 23:32 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-08 23:32 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-08 23:32 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-08 23:32 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-08 23:32 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-08 23:32 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-08 23:32 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-08 23:32 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-08 23:32 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-08 23:32 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-08 23:32 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-08 23:32 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-08 23:28 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-08 23:28 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-08 23:27 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-08 23:27 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-08 23:27 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-08 23:27 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 23:27 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-08 23:27 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-08 23:27 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-08 23:27 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-08 23:27 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-08 23:26 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-08 23:26 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-08 23:26 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-08 23:26 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-08 23:26 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-08 23:26 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-08 23:26 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-08 23:26 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-08 23:26 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-08 23:26 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-08 23:26 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-08 23:26 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-08 23:26 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-08 23:26 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-08 23:26 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-08 23:20 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-08 23:20 - 2015-07-10 21:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-08 12:50 - 2015-09-08 12:50 - 02860258 _____ C:\Users\Fabian\Downloads\Foto.zip
2015-09-06 13:18 - 2015-09-13 11:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-06 12:54 - 2015-09-06 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-06 12:54 - 2015-09-06 12:54 - 00000000 ____D C:\Program Files\McAfee Security Scan
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-29 23:25 - 2014-03-18 12:03 - 00338484 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-29 23:25 - 2014-03-18 11:25 - 03481630 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-29 23:25 - 2014-03-18 11:25 - 00972592 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-29 23:24 - 2013-01-02 00:13 - 00000000 ____D C:\ProgramData\WinClon
2015-09-29 23:23 - 2014-09-19 11:05 - 01852830 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-29 23:19 - 2014-09-19 11:16 - 00000000 __RDO C:\Users\Fabian\OneDrive
2015-09-29 23:19 - 2014-05-27 20:51 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-29 23:19 - 2012-12-31 14:38 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-29 23:18 - 2014-03-18 03:50 - 00422806 _____ C:\WINDOWS\PFRO.log
2015-09-29 23:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-09-29 23:18 - 2013-08-22 16:46 - 00392425 _____ C:\WINDOWS\setupact.log
2015-09-29 23:18 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-29 23:18 - 2013-08-22 15:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-09-29 23:04 - 2012-12-31 14:38 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 23:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-29 22:40 - 2014-05-27 20:51 - 00001094 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-29 22:40 - 2014-05-27 20:51 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-09-29 22:28 - 2013-04-07 22:48 - 00000000 ____D C:\Users\Weltklasse\AppData\Roaming\CheckPoint
2015-09-29 22:28 - 2013-03-15 14:51 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\CheckPoint
2015-09-29 22:15 - 2014-09-19 16:14 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3F8CFDF7-E308-453A-87C7-259271A41379}
2015-09-29 21:09 - 2014-09-19 10:45 - 00000000 ____D C:\Users\Fabian
2015-09-29 20:26 - 2012-12-31 14:29 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001
2015-09-29 19:57 - 2014-09-19 10:53 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-29 19:57 - 2014-03-28 19:46 - 00001386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-09-29 19:57 - 2014-03-28 19:46 - 00001313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-09-29 19:57 - 2014-02-04 14:38 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-29 19:57 - 2013-07-18 21:06 - 00002551 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-29 19:57 - 2013-05-07 16:17 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
2015-09-29 19:57 - 2013-01-09 23:07 - 00002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allshare Play.lnk
2015-09-29 19:57 - 2013-01-08 14:29 - 00001584 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2015-09-29 19:57 - 2013-01-04 17:01 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-29 19:56 - 2015-01-18 16:03 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-29 19:56 - 2014-09-19 11:09 - 00001454 _____ C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-29 19:56 - 2014-09-19 10:45 - 00000469 _____ C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-29 19:56 - 2014-09-19 10:45 - 00000467 _____ C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-29 19:56 - 2014-06-14 21:33 - 00001946 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-29 19:56 - 2014-02-18 01:06 - 00001589 _____ C:\Users\Public\Desktop\Free Audio CD to MP3 Converter.lnk
2015-09-29 19:56 - 2013-08-19 16:06 - 00001906 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2015-09-29 19:56 - 2013-07-27 10:13 - 00001358 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2015-09-29 19:56 - 2013-05-07 15:31 - 00001049 _____ C:\Users\Fabian\Desktop\PhotoScape.lnk
2015-09-29 19:56 - 2013-04-14 16:19 - 00001206 _____ C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2015-09-29 19:56 - 2013-03-15 17:26 - 00001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Driver Updater.lnk
2015-09-29 19:56 - 2013-01-03 13:44 - 00002224 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
2015-09-29 19:56 - 2012-12-31 14:22 - 00000896 _____ C:\Users\Fabian\Desktop\Downloads.lnk
2015-09-29 18:40 - 2012-12-31 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-29 18:21 - 2013-09-26 21:16 - 00000944 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001UA.job
2015-09-29 17:36 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-28 21:21 - 2013-09-26 21:16 - 00000922 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001Core.job
2015-09-22 13:32 - 2014-03-28 20:16 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\vlc
2015-09-22 11:11 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-20 21:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-20 12:35 - 2014-06-15 20:57 - 00000000 ____D C:\Users\Fabian\AppData\Local\Microsoft Help
2015-09-15 15:15 - 2012-12-31 14:22 - 00000000 ____D C:\Users\Fabian\AppData\Local\Packages
2015-09-15 13:59 - 2012-12-31 14:38 - 00004102 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 13:59 - 2012-12-31 14:38 - 00003866 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 13:23 - 2015-04-29 14:20 - 616777006 _____ C:\WINDOWS\MEMORY.DMP
2015-09-15 13:23 - 2015-04-29 14:20 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-15 03:18 - 2015-07-28 14:10 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2015-07-28 14:10 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-13 11:31 - 2013-08-22 16:44 - 00508344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-13 11:30 - 2013-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-13 11:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 14:24 - 2013-01-11 16:19 - 00000000 ____D C:\Users\Fabian\Desktop\FH
2015-09-09 04:14 - 2014-03-18 11:40 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 04:06 - 2013-07-13 12:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-06 12:56 - 2015-07-16 16:25 - 00002996 _____ C:\WINDOWS\System32\Tasks\SUPatchForW10Up
2015-09-06 12:56 - 2012-12-31 14:52 - 00000000 ____D C:\ProgramData\Samsung
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d
2013-08-19 01:40 - 2013-08-19 01:40 - 0000055 _____ () C:\Users\Fabian\AppData\Roaming\WB.CFG
2013-08-19 01:40 - 2013-08-19 01:40 - 0000005 _____ () C:\Users\Fabian\AppData\Roaming\WBPU-TTL.DAT
2013-03-02 13:02 - 2013-02-21 17:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-03-02 13:02 - 2013-01-13 00:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
2013-03-15 17:26 - 2013-03-15 17:26 - 0004974 _____ () C:\ProgramData\mtbjfghn.xbe
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\MakeMarkerFile.exe
Einige Dateien in TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpirgqs0.dll
C:\Users\Fabian\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Fabian\AppData\Local\Temp\Sony dcr dvd106 driver wi__10924_i1683836682_il768469.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll
C:\Users\Fabian\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-29 18:16
==================== Ende von FRST.txt ============================
|
|
29.09.2015, 22:38
| #7 |
| | Addition.txtCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von Fabian (2015-09-29 23:35:03)
Gestartet von C:\Users\Fabian\Downloads
Windows 8.1 (X64) (2014-09-19 09:08:18)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2678595623-4148133582-4009595467-500 - Administrator - Disabled) => C:\Users\Administrator
Fabian (S-1-5-21-2678595623-4148133582-4009595467-1001 - Administrator - Enabled) => C:\Users\Fabian
Gast (S-1-5-21-2678595623-4148133582-4009595467-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2678595623-4148133582-4009595467-1005 - Limited - Enabled)
Weltklasse (S-1-5-21-2678595623-4148133582-4009595467-1003 - Administrator - Enabled) => C:\Users\Weltklasse
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AMD Catalyst Install Manager (HKLM\...\{D1FE6D8B-E5EE-5205-3E53-CDA000257D99}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Carambis Driver Updater (HKLM-x32\...\Driver Updater) (Version: 2.0.0.6003 - MEDIA FOG LTD)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.201.3 - Citrix Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
DV Studio3 (HKLM-x32\...\{5DF68560-292A-11D5-99D1-00010256D40E}) (Version: - )
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.2 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.2 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden
SD Viewer (HKLM-x32\...\{09CF19F8-4552-11D5-99D1-00010256D40E}) (Version: - )
Self-Service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SpeedAnalysis.com (HKLM-x32\...\SpeedAnalysis.com) (Version: 1.0.0.1 - SpeedAnalysis.com) <==== ACHTUNG
Support Center (HKLM\...\{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}) (Version: 2.1.100 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{1687FC01-135F-4ADE-B828-B461CC74BD8A}) (Version: 2.2.4 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.0.0 - Synaptics Incorporated)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.179 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
User Guide (HKLM-x32\...\{C7588111-1A12-4EFE-8CA0-DA4344480D92}) (Version: 1.4.00 - Samsung Electronics CO., LTD.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
ZoneAlarm Antivirus (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 12.0.118.000 - Check Point)
ZoneAlarm Security (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.28.13 - Check Point Software Technologies LTD)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Wiederherstellungspunkte =========================
09-09-2015 03:59:46 Windows Update
20-09-2015 21:34:06 Geplanter Prüfpunkt
29-09-2015 09:33:13 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2015-09-06 12:54 - 00000856 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04B6B6E1-A935-4981-869F-0B965A4C467B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {0554DCE7-9957-421D-B877-FC50D04AEF53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {0675AED6-6D32-4617-A286-712207A91E8B} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {26D9AD83-5FD7-4EF7-BEED-867743CEA15D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001Core => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-26] (Facebook Inc.)
Task: {382FC68B-082A-4354-BCD9-E72DCB941719} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {3AF07318-F42E-400E-B0C2-073B34BAB0BE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-30] (Microsoft Corporation)
Task: {4E579C2F-5DEC-4BD2-901A-5B354F360654} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {56C66FE2-F5CB-49C4-A7F1-7481FE48FC4D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {5E9A02CE-1C23-429F-8696-9DB79B87198C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {6D635B4B-D8F2-4218-AAFC-178FF18E5C99} - System32\Tasks\SUPatchForW10Up => %programdata%\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Task: {7765C541-1D1A-452D-A647-54DE5308D80B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {972B1E71-9351-439F-A484-C2D370408FB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-30] (Microsoft Corporation)
Task: {98031C1D-C9D1-4B59-A7A4-049CE31DC7BD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001UA => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-26] (Facebook Inc.)
Task: {9DCAE56A-934A-4476-8952-E3B213C0E1F2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.)
Task: {9F108CA9-D542-46ED-B3FE-774E6A110EDF} - System32\Tasks\MZhXnKSOZpeGB0VKC0d => C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe <==== ACHTUNG
Task: {A5CD3962-2EE4-471D-83F7-A9F92FBDD405} - System32\Tasks\5naU0BRS17ZiL => C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe <==== ACHTUNG
Task: {ADB850B7-CEF6-4B75-9869-796725C67467} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-30] (Microsoft Corporation)
Task: {BA8FC497-0083-4A59-BB62-427673047967} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-29] (Dropbox, Inc.)
Task: {BFB41CCF-9E0B-4A28-9741-CD62AF36DBD7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-29] (Dropbox, Inc.)
Task: {C8B32519-3B74-4EC6-913D-7B7350B87631} - System32\Tasks\{CC4E6D00-A58A-4177-A897-466DF1DB4AB2} => pcalua.exe -a "C:\Users\Fabian\AppData\Roaming\Open It! - Zip Extractor Packages\uninstaller.exe" -c /Uninstall /NM="Open It! - Zip Extractor Packages" /AN="" /MBN="Open It! - Zip Extractor Packages"
Task: {F886FD86-0C6C-4CA3-B71C-4F8A7E9B6E17} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-12-16] (SEC)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\5naU0BRS17ZiL.job => C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001Core.job => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2678595623-4148133582-4009595467-1001UA.job => C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MZhXnKSOZpeGB0VKC0d.job => C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-09-05 17:50 - 2012-09-05 17:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-03-30 22:35 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-30 22:35 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 17:50 - 2012-09-05 17:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-10-24 11:53 - 2014-10-24 11:53 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Fabian\OneDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "ISW"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CCEC2687-B896-4148-AB21-C44B43B3DFEC}] => (Allow) C:\Users\Fabian\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{53CBF2FC-5CD0-4322-BCC2-928D7E3E6E14}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{DCF7A183-488F-4DD4-8042-68E110CBC77A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{ABB16930-BD84-49D6-97A7-E35376951EF8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7DA4BE13-A71B-4375-ADB0-C9E3A4ECAC08}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C5FE278E-D9A9-4A66-87BD-F1411EACF024}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F0538CD0-A869-4CCD-9EE3-05CEADCAEF4E}] => (Allow) LPort=1900
FirewallRules: [{570194D2-4649-4F96-B6A0-27C403EE568E}] => (Allow) LPort=2869
FirewallRules: [{3209939F-6182-41C3-B2B0-30D075FA997E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{81F44DA5-CF3F-47E9-8133-51B5FBA0EB2B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{203F441B-153E-4B26-89A0-0CE580DB9C5A}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{C88907CC-D78B-4ACF-B86C-5EE1520E3286}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{587B288B-72CE-4813-8F3E-EAF0F91C34F6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{1483A208-B4DC-48FA-B467-B7FA478A9F16}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{80ABDF25-E148-4913-88F8-244BB75D0E69}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{82B12C4B-4534-4582-96A1-366904403825}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2CDE42C8-4A7D-4117-9AF7-4D67785E8075}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9795B058-5CAA-41D0-BC34-C6BDDDFA623A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8BAC6E8E-617E-4951-94F7-EBB57EE3F051}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D520EE0F-474E-4E14-92B8-D32FC71B538A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{80E2CB57-B033-4420-8553-11F29586898C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CB9AF74A-4808-4C75-902E-060E5D58068A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FA214E37-652E-4435-9C4F-5564E0C03625}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2D3FB84-D182-4A5B-AE7B-D68D97BF1BA3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9F68CE6A-908E-4600-AD82-11B1B6C9C5FF}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/29/2015 11:25:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (09/29/2015 11:20:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wfcrun32.exe, Version: 13.1.201.3, Zeitstempel: 0x4fbcdeaa
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018ad9
ID des fehlerhaften Prozesses: 0x50c
Startzeit der fehlerhaften Anwendung: 0xwfcrun32.exe0
Pfad der fehlerhaften Anwendung: wfcrun32.exe1
Pfad des fehlerhaften Moduls: wfcrun32.exe2
Berichtskennung: wfcrun32.exe3
Vollständiger Name des fehlerhaften Pakets: wfcrun32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wfcrun32.exe5
Error: (09/29/2015 11:18:54 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (09/29/2015 10:35:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (09/29/2015 10:29:45 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (09/29/2015 09:35:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (09/29/2015 09:07:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe, Version: 19.0.0.185, Zeitstempel: 0x55f117ef
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x741bca20
ID des fehlerhaften Prozesses: 0x1308
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_19_0_0_185.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_19_0_0_185.exe2
Berichtskennung: FlashPlayerPlugin_19_0_0_185.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_19_0_0_185.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_19_0_0_185.exe5
Error: (09/29/2015 09:07:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe, Version: 19.0.0.185, Zeitstempel: 0x55f117ef
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x02655ce0
ID des fehlerhaften Prozesses: 0x1308
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_19_0_0_185.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_19_0_0_185.exe2
Berichtskennung: FlashPlayerPlugin_19_0_0_185.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_19_0_0_185.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_19_0_0_185.exe5
Error: (09/29/2015 09:06:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe, Version: 19.0.0.185, Zeitstempel: 0x55f117ef
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x741bca20
ID des fehlerhaften Prozesses: 0x1098
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_19_0_0_185.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_19_0_0_185.exe2
Berichtskennung: FlashPlayerPlugin_19_0_0_185.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_19_0_0_185.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_19_0_0_185.exe5
Error: (09/29/2015 09:06:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe, Version: 19.0.0.185, Zeitstempel: 0x55f117ef
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x02845ce0
ID des fehlerhaften Prozesses: 0x1098
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_19_0_0_185.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_19_0_0_185.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_19_0_0_185.exe2
Berichtskennung: FlashPlayerPlugin_19_0_0_185.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_19_0_0_185.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_19_0_0_185.exe5
Systemfehler:
=============
Error: (09/29/2015 11:29:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/29/2015 11:29:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ZAtheros Bt and Wlan Coex Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 11:29:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 11:29:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 11:29:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Easy Launcher" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 11:29:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/29/2015 11:29:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AtherosSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 11:29:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 11:29:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) HD Graphics Control Panel Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 11:29:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2015-09-29 23:18:49.080
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-29 22:29:39.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-29 17:57:50.315
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-29 17:38:10.550
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-28 20:09:27.785
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-23 10:26:07.127
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-15 13:23:00.096
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-15 12:13:40.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-13 11:30:56.488
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-06 12:48:46.473
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 8083.44 MB
Verfügbarer physikalischer RAM: 6398.25 MB
Summe virtueller Speicher: 16787.45 MB
Verfügbarer virtueller Speicher: 15283.44 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:673.3 GB) (Free:568.12 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4F494D44)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
30.09.2015, 06:09
| #8 |
| /// TB-Ausbilder | Windows 7/8: Continue Live Installation (und mehr?) eingefangen Servus, bitte noch folgendes ausführen, damit wir später weitermachen können: Downloade dir ZHPCleaner auf deinen Desktop. Klicke dazu auf TELECHARGER.
|
|
30.09.2015, 09:14
| #9 |
| | Probleme bei Download ZHPCleaner Hi, habe es hinbekommen. Das ist jetzt der letzte Bericht. Ich weiß nicht ob der irgendwie zweimal durchlief, weil er im Laufe des Scans glaub schon mehr Sachen angezeigt hatte. Auf Reparatur bin ich nicht gegangen, einfach Report und beenden Code:
ATTFilter ~ ZHPCleaner v2015.9.30.359 by Nicolas Coolman (2015/09/30)
~ Run by Fabian (Administrator) (30/09/2015 10:12:32)
~ Site : hxxp://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Scanner
~ Report : C:\Users\Fabian\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Fabian\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit (Build 9600)
---\\ Dienst. (0)
~ Alle bösartigen oder unnötige Element gefunden.
---\\ Browser. (14)
GEFUNDEN: [6dxoysjt.default] - user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.moneti[...] =>PUP.Optional.Monetization
GEFUNDEN: [6dxoysjt.default] - user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.name", "CinePlus-[...] =>PUP.Optional.CrossRider
GEFUNDEN: [6dxoysjt.default] - user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.publisher", "Cine[...] =>PUP.Optional.CrossRider
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder.buttonremoved", "1"); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder.enable_sf", true); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder.installtime", "1396031044.19"); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder.show_button", true); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder@sitefinder.com.isFirstRun", "false"); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder@sitefinder.com.is_bundle", "true"); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder@sitefinder.com.last_version", ""); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder@sitefinder.com.piwikSuccessTime", "1396031048.981"); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder@sitefinder.com.server", "https://api30.webovernet.com"); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder@sitefinder.com.src", "7902"); =>PUP.Optional.ShoppingReport
GEFUNDEN: [6dxoysjt.default] - user_pref("sitefinder@sitefinder.com.user_id", "63781B41-2E1E-4DB8-A19C-A1A052B1AC3D"); =>PUP.Optional.ShoppingReport
---\\ Datei Host. (2)
GEFUNDEN: 0.0.0.1 mssplus.mcafee.com
~ Anzahl der Weiterleitungen gefunden1/25
---\\ Geplante Tasks (0)
~ Alle bösartigen oder unnötige Element gefunden.
---\\ Explorer (Ordner, Dateien). (0)
~ Alle bösartigen oder unnötige Element gefunden.
---\\ Registrierung (Schlüssel, Werte, Daten). (0)
~ Alle bösartigen oder unnötige Element gefunden.
---\\Reparieren Check
~ keine Reparaturen.
~ dieser Browser fehlt (Opera Software)
---\\Statistiken
~ Elemente gescannt : 861
~ Einträge gefunden : 21
~ Elemente abgesagt : 0
~ Elemente repariert : 0
~ End of search in 0 minutes
===================
ZHPCleaner-[S]-30092015-09_56_40.txt
ZHPCleaner-[S]-30092015-10_12_41.txt
|
|
30.09.2015, 13:15
| #10 |
| /// TB-Ausbilder | Windows 7/8: Continue Live Installation (und mehr?) eingefangen Servus, wir müssen noch ein wenig stöbern. Im Anschluss daran startet dann die 2. Bereinigungswelle...  Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
|
|
30.09.2015, 22:35
| #11 |
| | SystemlookCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 23:30 on 30/09/2015 by Fabian
Administrator - Elevation successful
========== regfind ==========
Searching for "CinePlus-"
No data found.
Searching for "globalUpdate"
No data found.
Searching for "WdsManPro"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\WdsManPro]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro]
Searching for "ZoneAlarm LTD Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\ISW]
"Brand"="ZoneAlarm LTD Toolbar"
Searching for "PerformerSoft"
No data found.
Searching for "pc speed up"
No data found.
Searching for "VideoPerformer"
No data found.
Searching for "RayDld"
No data found.
Searching for "DSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@="IE Shell Rebar BandSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}]
@="Shell Rebar BandSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4CF504B0-DE96-11D0-8B3F-00A0C911E8E5}]
@="IBandSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@="IE Shell Rebar BandSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}]
@="Shell Rebar BandSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4CF504B0-DE96-11D0-8B3F-00A0C911E8E5}]
@="IBandSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Assistance\Client\1.0\Namespaces\Windows\AllowedSites]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation]
"UnattendSites"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\AllowedSites]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\AllowedSites]
"AllowedSites"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\SuggestedSitesEnabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\TrustedSites]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\TrustedSites]
"TrustedSites"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend]
"TrustedSites"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Assistance\Client\1.0\Namespaces\Windows\AllowedSites]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\UnattendBackup\AllowedSites]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\UnattendBackup\AllowedSites]
"AllowedSites"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\UnattendBackup\SuggestedSitesEnabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\UnattendBackup\TrustedSites]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\UnattendBackup\TrustedSites]
"TrustedSites"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@="IE Shell Rebar BandSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}]
@="Shell Rebar BandSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{4CF504B0-DE96-11D0-8B3F-00A0C911E8E5}]
@="IBandSite"
Searching for "gpuminer"
No data found.
Searching for "delta-search"
[HKEY_CURRENT_USER\Software\Check Point Software Technologies LTD\zonealarm\SearchRestore]
"hpFFXOld"="hxxp://www.delta-search.com/?affID=119649&tt=190313_wo1&babsrc=HP_ss&mntrId=54CD50B7C3614C10"
[HKEY_CURRENT_USER\Software\Check Point Software Technologies LTD\zonealarm\SearchRestore]
"hpOld0"="hxxp://www.delta-search.com/?affID=119649&tt=190313_wo1&babsrc=HP_ss&mntrId=54CD50B7C3614C10"
[HKEY_USERS\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Check Point Software Technologies LTD\zonealarm\SearchRestore]
"hpFFXOld"="hxxp://www.delta-search.com/?affID=119649&tt=190313_wo1&babsrc=HP_ss&mntrId=54CD50B7C3614C10"
[HKEY_USERS\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Check Point Software Technologies LTD\zonealarm\SearchRestore]
"hpOld0"="hxxp://www.delta-search.com/?affID=119649&tt=190313_wo1&babsrc=HP_ss&mntrId=54CD50B7C3614C10"
Searching for "Crossrider"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_]
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_]
Searching for "lyrixeeker"
No data found.
Searching for "SpeedAnalysis"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\SpeedAnalysis.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com]
"DisplayName"="SpeedAnalysis.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com]
"UninstallString"="C:\Program Files (x86)\SpeedAnalysis.com\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com]
"Publisher"="SpeedAnalysis.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com]
"URLInfoAbout"="hxxp://www.speedanalysis.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com]
"DisplayIcon"="C:\Program Files (x86)\SpeedAnalysis.com\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com]
"InstDir"="C:\Program Files (x86)\SpeedAnalysis.com"
[HKEY_USERS\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\SpeedAnalysis.com]
-= EOF =-
|
|
01.10.2015, 12:25
| #12 |
| /// TB-Ausbilder | Windows 7/8: Continue Live Installation (und mehr?) eingefangen Wir entfernen noch die letzten Reste und kontrollieren anschließend nochmal alles, damit dein Rechner auch sauber ist. Hinweis: Die Suchläufe mit EEK und ESET können länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Policies\system: [DisableLockWorkstation] 0
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL =
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Toolbar: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> Kein Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Keine Datei
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1443541655&z=95f1fd592bc84a8cc7f9954g0z2z4c9wcz8g3zfq4g&from=cmi&uid=HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX
C:\WINDOWS\Tasks\MZhXnKSOZpeGB0VKC0d.job
C:\WINDOWS\Tasks\5naU0BRS17ZiL.job
C:\WINDOWS\System32\Tasks\MZhXnKSOZpeGB0VKC0d
C:\WINDOWS\System32\Tasks\5naU0BRS17ZiL
C:\Program Files (x86)\42db7398-4c6e-4869-8b96-ba76ddc26801
C:\task.vbs
C:\Users\Fabian\Desktop\Continue installation .lnk
C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL
C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d
Task: {9F108CA9-D542-46ED-B3FE-774E6A110EDF} - System32\Tasks\MZhXnKSOZpeGB0VKC0d => C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe <==== ACHTUNG
Task: {A5CD3962-2EE4-471D-83F7-A9F92FBDD405} - System32\Tasks\5naU0BRS17ZiL => C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe <==== ACHTUNG
C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe
C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe
Task: {C8B32519-3B74-4EC6-913D-7B7350B87631} - System32\Tasks\{CC4E6D00-A58A-4177-A897-466DF1DB4AB2} => pcalua.exe -a "C:\Users\Fabian\AppData\Roaming\Open It! - Zip Extractor Packages\uninstaller.exe" -c /Uninstall /NM="Open It! - Zip Extractor Packages" /AN="" /MBN="Open It! - Zip Extractor Packages"
C:\Users\Fabian\AppData\Roaming\Open It! - Zip Extractor Packages
C:\WINDOWS\system32\Drivers\etc\hosts
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro
DeleteKey: HKEY_CURRENT_USER\Software\Check Point Software Technologies LTD
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\SpeedAnalysis.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com
Hosts:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4 ESET Online Scanner
Bitte poste mit deiner nächsten Antwort
|
|
02.10.2015, 12:24
| #13 |
| | Schritt 1: Fixlog.txtCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von Fabian (2015-10-01 19:11:22) Run:1
Gestartet von C:\Users\Fabian\Desktop
Geladene Profile: Fabian (Verfügbare Profile: Fabian & Weltklasse & Administrator)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Policies\system: [DisableLockWorkstation] 0
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL =
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Toolbar: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> Kein Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Keine Datei
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1443541655&z=95f1fd592bc84a8cc7f9954g0z2z4c9wcz8g3zfq4g&from=cmi&uid=HitachiXHTS547575A9E384_J2190020DZXEKDDZXEKDX
C:\WINDOWS\Tasks\MZhXnKSOZpeGB0VKC0d.job
C:\WINDOWS\Tasks\5naU0BRS17ZiL.job
C:\WINDOWS\System32\Tasks\MZhXnKSOZpeGB0VKC0d
C:\WINDOWS\System32\Tasks\5naU0BRS17ZiL
C:\Program Files (x86)\42db7398-4c6e-4869-8b96-ba76ddc26801
C:\task.vbs
C:\Users\Fabian\Desktop\Continue installation .lnk
C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL
C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d
Task: {9F108CA9-D542-46ED-B3FE-774E6A110EDF} - System32\Tasks\MZhXnKSOZpeGB0VKC0d => C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe <==== ACHTUNG
Task: {A5CD3962-2EE4-471D-83F7-A9F92FBDD405} - System32\Tasks\5naU0BRS17ZiL => C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe <==== ACHTUNG
C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe
C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe
Task: {C8B32519-3B74-4EC6-913D-7B7350B87631} - System32\Tasks\{CC4E6D00-A58A-4177-A897-466DF1DB4AB2} => pcalua.exe -a "C:\Users\Fabian\AppData\Roaming\Open It! - Zip Extractor Packages\uninstaller.exe" -c /Uninstall /NM="Open It! - Zip Extractor Packages" /AN="" /MBN="Open It! - Zip Extractor Packages"
C:\Users\Fabian\AppData\Roaming\Open It! - Zip Extractor Packages
C:\WINDOWS\system32\Drivers\etc\hosts
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro
DeleteKey: HKEY_CURRENT_USER\Software\Check Point Software Technologies LTD
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\SpeedAnalysis.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com
Hosts:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => Wert erfolgreich entfernt
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
"HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel nicht gefunden.
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Wert erfolgreich entfernt
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Schlüssel nicht gefunden.
Firefox SearchEngineOrder.1 erfolgreich entfernt
Firefox "homepage" erfolgreich entfernt
C:\WINDOWS\Tasks\MZhXnKSOZpeGB0VKC0d.job => erfolgreich verschoben
C:\WINDOWS\Tasks\5naU0BRS17ZiL.job => erfolgreich verschoben
C:\WINDOWS\System32\Tasks\MZhXnKSOZpeGB0VKC0d => erfolgreich verschoben
C:\WINDOWS\System32\Tasks\5naU0BRS17ZiL => erfolgreich verschoben
C:\Program Files (x86)\42db7398-4c6e-4869-8b96-ba76ddc26801 => erfolgreich verschoben
C:\task.vbs => erfolgreich verschoben
C:\Users\Fabian\Desktop\Continue installation .lnk => erfolgreich verschoben
C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL => erfolgreich verschoben
C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F108CA9-D542-46ED-B3FE-774E6A110EDF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F108CA9-D542-46ED-B3FE-774E6A110EDF}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\MZhXnKSOZpeGB0VKC0d => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MZhXnKSOZpeGB0VKC0d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5CD3962-2EE4-471D-83F7-A9F92FBDD405}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5CD3962-2EE4-471D-83F7-A9F92FBDD405}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\5naU0BRS17ZiL => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5naU0BRS17ZiL" => Schlüssel erfolgreich entfernt
"C:\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.exe" => Datei/Ordner nicht gefunden.
"C:\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.exe" => Datei/Ordner nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8B32519-3B74-4EC6-913D-7B7350B87631}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8B32519-3B74-4EC6-913D-7B7350B87631}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{CC4E6D00-A58A-4177-A897-466DF1DB4AB2} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CC4E6D00-A58A-4177-A897-466DF1DB4AB2}" => Schlüssel erfolgreich entfernt
"C:\Users\Fabian\AppData\Roaming\Open It! - Zip Extractor Packages" => Datei/Ordner nicht gefunden.
C:\WINDOWS\system32\Drivers\etc\hosts => erfolgreich verschoben
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\Software\Check Point Software Technologies LTD => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_CURRENT_USER\Software\Check Point Software Technologies LTD => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\SpeedAnalysis.com => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com => Schlüssel erfolgreich entfernt
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= Ende von CMD: =========
EmptyTemp: => 1.4 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden..
==== Ende von Fixlog 19:12:28 ====
Code:
ATTFilter Emsisoft Emergency Kit - Version 10.0
Letztes Update: 01.10.2015 19:58:34
Benutzerkonto: FABUS\Fabian
Scan-Einstellungen:
Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien
PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 01.10.2015 19:58:44
Value: HKEY_USERS\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A)
Gescannt: 85827
Gefunden 2
Scan-Ende: 01.10.2015 20:06:22
Scan-Zeit: 0:07:38
Value: HKEY_USERS\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A)
Quarantäne 2
Code:
ATTFilter
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=deb9f24168b2fc4bb4328064047952a8
# end=init
# utc_time=2015-10-01 06:23:20
# local_time=2015-10-01 08:23:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 26036
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=deb9f24168b2fc4bb4328064047952a8
# end=updated
# utc_time=2015-10-01 06:33:48
# local_time=2015-10-01 08:33:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=deb9f24168b2fc4bb4328064047952a8
# engine=26036
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-01 07:53:44
# local_time=2015-10-01 09:53:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10994 7518794 0 0
# scanned=251773
# found=10
# cleaned=0
# scan_time=4795
sh=76F8B6DA213CC978ED725C6692C923DAC98F376A ft=1 fh=50739a65f3f6c9e3 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\uninstall.exe.vir"
sh=9102A32937AB48CBB7B5C231DFB137544E6A7292 ft=1 fh=c71c001111686caf vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmEng.dll.vir"
sh=45EFACCD20D1336144DEE1F28327C680BA7A5013 ft=1 fh=68f55a713b39f592 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmsrv.exe.vir"
sh=A5A132B5DD1E1C7B47228C9E0A013CDCC73B1CC4 ft=1 fh=c373ebba2dd6fb96 vn="Win32/Toolbar.Besttoolbars.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpeedAnalysis.com\AddonsFramework.dll.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=D5E67545EDB792B2E79B0874FAB835E22E0E2A7F ft=1 fh=026eec11b940e6eb vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\6dxoysjt.default\Extensions\ffxtlbr@zonealarm.com\uninstall.exe.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Fabian\AppData\Roaming\5naU0BRS17ZiL.xBAD"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Fabian\AppData\Roaming\MZhXnKSOZpeGB0VKC0d.xBAD"
sh=112AB0D0936650D23E1AE8D991A3C7483956AD7D ft=1 fh=7f0f8d80773945f9 vn="Variante von Win32/KoyoteLab.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free mp3 Wma Converter\Uninstall.exe"
sh=91383B640994B28642F80210309D5A1B633BB16A ft=1 fh=41c1ed006122fdcf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fabian\Downloads\zaSetupWeb_120_118_000.exe"
|
|
02.10.2015, 14:08
| #14 | ||||||||
| /// TB-Ausbilder | Windows 7/8: Continue Live Installation (und mehr?) eingefangen Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Classes\c
DeleteKey: HKLM\SOFTWARE\Classes\Crossbrowse
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\ForeceRemove
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\SiteFinder
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC}
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
C:\Users\Fabian\Downloads\zaSetupWeb_120_118_000.exe
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Schädliche Dateien zur Analyse hochladen
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
02.10.2015, 15:54
| #15 |
| | FixlogCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von Fabian (2015-10-02 15:52:18) Run:2
Gestartet von C:\Users\Fabian\Desktop
Geladene Profile: Fabian & Weltklasse & Administrator (Verfügbare Profile: Fabian & Weltklasse & Administrator)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Classes\c
DeleteKey: HKLM\SOFTWARE\Classes\Crossbrowse
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\ForeceRemove
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\SiteFinder
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC}
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}
DeleteKey: HKU\S-1-5-21-2678595623-4148133582-4009595467-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
C:\Users\Fabian\Downloads\zaSetupWeb_120_118_000.exe
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKLM\SOFTWARE\Classes\c => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\c => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Crossbrowse => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Crossbrowse => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\ForeceRemove => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Wow6432Node\SiteFinder => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} => Schlüssel nicht gefunden.
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} => Schlüssel nicht gefunden.
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow => Schlüssel nicht gefunden.
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome => Schlüssel nicht gefunden.
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse => Schlüssel nicht gefunden.
HKU\S-1-5-21-2678595623-4148133582-4009595467-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} => Schlüssel nicht gefunden.
HKU\S-1-5-21-2678595623-4148133582-4009595467-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKU\S-1-5-21-2678595623-4148133582-4009595467-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} => Schlüssel erfolgreich entfernt
C:\Users\Fabian\Downloads\zaSetupWeb_120_118_000.exe => erfolgreich verschoben
EmptyTemp: => 221.5 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden..
==== Ende von Fixlog 15:52:30 ====
Mein Laufwerk C und der Desktop sehen wieder schön bereinigt aus. Vielen vielen Dank für deine Hilfe! |
|
| Themen zu Windows 7/8: Continue Live Installation (und mehr?) eingefangen |
| anwendungen, bräuchte, computer, continue live installation, cpu, desktop, gen, google, hilfe für deinstallation gesucht, hochfahren, installation, installiert, klicke, laptop, live, microsoft, neue, nicht schließen, pop-ups, programme, schließen, software, systemsteuerung, trojaner, web, windows, windows 7 |
und 
und speichere die Logdatei auf Deinem Desktop.
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
