| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: rundll32.exe verursacht massiven TrafficWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.10.2015, 11:56
| #1 |
 |  rundll32.exe verursacht massiven Traffic Hallo allerseits, seit nunmehr 2 Wochen habe ich das Problem, dass mein Internet recht langsam zu sein scheint. Trotz DSL 16k. Das zeigt sich vor allem beim Spielen in einem relativ hohen Ping (CS:GO um die 800ms). Inzwischen denke ich, dass ich den Übeltäter gefunden habe. Auf einem meiner Rechner verursacht, der per Lan-Kabel an der Router angeschlossen ist, verursacht eine rundll32.exe dauernd ca. 1 - 4 Mbit/sec Traffic. Auch wenn kein Browser oder sonst etwas geöffnet ist. Wenn ich aber diese rundll32.exe mittels Task Manager beende (ja, ich weiß, dass es sich hierbei normalerweise um einen Systemprozess handelt) ist der Traffic weg, mein Rechner läuft aber weiterhin normal. Nach ca. 10 Minuten startet dieser Prozess jedoch wieder automatisch und der Traffic ist wieder erhöht. In der Windows Firewall habe ich unter "eingehende Verbindungen" 4x eine Regel zu rundll32.exe gefunden. Leider hilft ein Blockieren in der Windows Firewall nichts. Der Traffic bleibt weiterhin hoch. Was ich schon versucht habe: - Scan mit Malwarebytes Anti-Malware im normalen Modus und im abgesicherten Modus - Scan mit Avast AntiVirus im normalen und abgesicherten Modus (auch Scan nach PUP) - Adwcleaner Es wurden jeweils einige Dateien gefunden, die ich auch entfernt habe, aber diese rundll32.exe war niemals dabei. Nun kann ich diese .exe wohl eher nicht einfach löschen, wegen Systemrelevant usw. Daher bitte ich euch nun um Hilfe. Es handelt sich um einen Rechner mit Windows 8.1 (64-bit). Zur Veranschaulichung habe ich einen Screenshot von besagter rundll32.exe und deren Traffic angefertigt. Geändert von Gangster (19.10.2015 um 12:02 Uhr) |
|
19.10.2015, 12:00
| #2 |
| /// TB-Ausbilder   | rundll32.exe verursacht massiven Traffic Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Alle Logdateien von AdwCleaner und Malwarebytes' Anti-Malware mit Funden posten! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
19.10.2015, 12:51
| #3 |
| | rundll32.exe verursacht massiven Traffic So, danke für deine schnelle Antwort.
__________________1. Der Report von Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 18.10.2015 Suchlaufzeit: 11:13 Protokolldatei: Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.10.18.01 Rootkit-Datenbank: v2015.10.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Josef Suchlauftyp: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 882427 Abgelaufene Zeit: 4 Std., 24 Min., 37 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Tiefer Rootkit-Suchlauf: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Warnen Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 10 PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, Löschen bei Neustart, [1e4b8ace573465d1d8247ee1cc37f709], PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\ihpmserver, In Quarantäne, [a2c712469feca88e4f37decf1ee5a45c], PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\oursurfingSoftware, In Quarantäne, [ec7d66f2deadae8836973547b151a060], PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD, In Quarantäne, [8edb0157a5e659dd7fcaabcf669c6f91], PUP.Optional.InstallCore, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\InstallCore, In Quarantäne, [b3b61c3cd6b541f577cc403c57ac4cb4], PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [7bee79df206b89ad4c360b4956adb848], PUP.Optional.HomePageHelper, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E9D27F80-2FCF-11E5-82E5-448A5B7C7E4A}, In Quarantäne, [c0a9d4842f5c38fe94035920d2311ae6], PUP.Optional.DeskCut, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [e4852b2d018aa78fcdc985ea53b0946c], PUP.Optional.OutBrowse, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\OB, In Quarantäne, [51181b3d5b3096a09bca8cfd7f846799], PUP.Optional.ProductSetup, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\PRODUCTSETUP, In Quarantäne, [7eeb67f1018a2313b88d414c00037d83], Registrierungswerte: 11 PUP.Optional.DeskCut, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|deskCutv2@gmail.com, C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\extensions\deskCutv2@gmail.com, In Quarantäne, [ee7b1c3c0a8158de5c3bdf90fe052dd3] PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD|dir, C:\Program Files (x86)\RayDld, In Quarantäne, [8edb0157a5e659dd7fcaabcf669c6f91] PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, oursurfing, In Quarantäne, [7bee79df206b89ad4c360b4956adb848] PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.oursurfing.com/web/?type=ds&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343&q={searchTerms}, In Quarantäne, [a6c39eba2b602c0ac6bc66ee33d03cc4] PUP.Optional.HomePageHelper, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E9D27F80-2FCF-11E5-82E5-448A5B7C7E4A}|FaviconURL, hxxp://homepage-web.com/favicon.ico, In Quarantäne, [c0a9d4842f5c38fe94035920d2311ae6] PUP.Optional.HomePageHelper, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E9D27F80-2FCF-11E5-82E5-448A5B7C7E4A}|FaviconURLFallback, hxxp://homepage-web.com/favicon.ico, In Quarantäne, [0168a4b463284beb27707108e41f2dd3] PUP.Optional.HomePageHelper, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E9D27F80-2FCF-11E5-82E5-448A5B7C7E4A}|TopResultURL, hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}, In Quarantäne, [d396e67259322a0c3b5c5524dc278b75] PUP.Optional.HomePageHelper, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E9D27F80-2FCF-11E5-82E5-448A5B7C7E4A}|URL, hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}, In Quarantäne, [551475e34843b581455294e5dc273bc5] PUP.Optional.DeskCut, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MOZILLA\EXTENDS|appid, deskCutv2@gmail.com, In Quarantäne, [e4852b2d018aa78fcdc985ea53b0946c] PUP.Optional.OutBrowse, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\OB|monitype15, 10/8/15 17:7:0, In Quarantäne, [51181b3d5b3096a09bca8cfd7f846799] PUP.Optional.ProductSetup, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\PRODUCTSETUP|tb, 0Z1B1L2Z1S, In Quarantäne, [7eeb67f1018a2313b88d414c00037d83] Registrierungsdaten: 10 PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.oursurfing.com/web/?type=ds&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/web/?type=ds&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343&q={searchTerms}),Ersetzt,[7eeb9bbdafdc4de989d1034123e1fa06] PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343),Ersetzt,[ff6a77e10e7dc76f4f0be95b40c45ca4] PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343),Ersetzt,[115879dfe7a4989e4812301447bda35d] PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.oursurfing.com/web/?type=ds&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/web/?type=ds&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343&q={searchTerms}),Ersetzt,[096024345239be78e47673d1ba4aec14] PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343),Ersetzt,[d099b6a2f09b76c02931ba8a897b7b85] PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.oursurfing.com/web/?type=ds&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/web/?type=ds&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343&q={searchTerms}),Ersetzt,[0168e77196f5ae88134762e25ca8a858] PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343),Ersetzt,[f77237213a5158defd5def5560a47b85] PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.oursurfing.com/web/?type=ds&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/web/?type=ds&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343&q={searchTerms}),Ersetzt,[1950d187a2e9f83e0654a69ec3419070] PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343),Ersetzt,[25443e1a8dfe86b0a3b01c284cb85aa6] PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343),Ersetzt,[adbccc8cd8b32d09b49ff74dcb3913ed] Ordner: 3 PUP.Optional.PCSpeedMaximizer, C:\Users\Josef\Documents\PC Speed Maximizer, In Quarantäne, [f67398c0b4d7a096c780b9d157ac649c], PUP.Optional.Elex, C:\Program Files (x86)\RayDld, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], Dateien: 48 PUP.Optional.PCSpeedMaximizer, C:\Users\Josef\Documents\PC Speed Maximizer\CookieExclusions.txt, In Quarantäne, [f67398c0b4d7a096c780b9d157ac649c], PUP.Optional.WebSearch, C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\searchplugins\Web Search.xml, In Quarantäne, [2b3e34241f6c4ee8d0d83b65f40fa060], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\uninstall.exe, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\Raydld.exe, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\main.xml, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\About.xml, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\about_banner.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\animate_history.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\animate_portal.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\animate_recent.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\big_button_down.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\bk_shadow.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\bottom_toolbar_bk.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\brower_back.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\brower_refresh.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\btn.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\btn_browser_dir.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\ck_box.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\ck_check.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\close.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\create.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\delete.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\drag_flag.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\exclamation.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\list_header_bk.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\logo_16.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\logo_small.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\Menu.xml, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\MenuItem.xml, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\menu_bk.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\menu_bk_seperator.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\MessageBox.xml, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\min.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\open_position.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\pause.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\progress_bk.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\progress_fore.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\scrollbar.bmp, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\Start.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\sysmenu.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\TaskListItem.xml, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\TaskListItemHistory.xml, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\TaskNew.xml, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\task_completed.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\task_failed.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\task_pause.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\toolbar_separator.png, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\WebPortal.xml, In Quarantäne, [a6c3a4b4d5b6270f88fd8e1f986b1ce4], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.013 - Bericht erstellt am 18/10/2015 um 19:02:44
# Aktualisiert am 09/10/2015 von Xplode
# Datenbank : 2015-10-18.3 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Josef - LENOVOPC
# Gestartet von : C:\Users\Josef\Downloads\adwcleaner_5.013.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
[-] Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
[-] Ordner Gelöscht : C:\Users\Josef\AppData\Local\pokki
[-] Ordner Gelöscht : C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
[-] Task Gelöscht : Pokki
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKCU\Software\Classes\pokki
[-] Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
[-] Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\SweetLabs App Platform
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\SweetLabs App Platform
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{14FF1847-E390-11E4-82CC-448A5B7C7E4A}
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{14FF1847-E390-11E4-82CC-448A5B7C7E4A}
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\Software\Microsoft\Internet Explorer\SearchScopes\{14FF1847-E390-11E4-82CC-448A5B7C7E4A}
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
***** [ Internetbrowser ] *****
[-] [C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\prefs.js] [Preference] Gelöscht : user_pref("browser.search.selectedEngine", "piesearch");
[-] [C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : homepage-web.com
[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Gelöscht : hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343
[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Gelöscht : hxxp://f.piesearch.com/wefavicon.ico
[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Gelöscht : hxxp://f.piesearch.com/web?type=ds&ts=1444833397&pid=etc10&uid=90bd8782-7400-43f5-845f-4574a94b682c&q={searchTerms}
[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : ljnfelhdldlokjkohcmjpogkdjgbgjpj
[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Gelöscht : hxxp://www.oursurfing.com/?type=hp&ts=1444316773&z=55dcaad769de7cf9af1c38cg0z6z1z6cbgeq4m9m4c&from=2sq&uid=wdcxwd10ezex-08m2na0_wd-wcc3f293934339343
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5019 Bytes] ##########
Und weiter gehts 3. FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
durchgeführt von Josef (Administrator) auf LENOVOPC (19-10-2015 13:39:53)
Gestartet von C:\Users\Josef\Desktop
Geladene Profile: Josef (Verfügbare Profile: Josef)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
() C:\Windows\jmesoft\Service.exe
( ) C:\Windows\System32\lxeccoms.exe
(MustangService) C:\ProgramData\TempMoudleSet\MustangSer1437.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Kaiser edv-Konzept) C:\Program Files\raum level 7\rlTool.exe
(Sanford, L.P.) E:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Longshine\LCS USB Device Server\Control Center.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4468984 2015-09-14] (O&O Software GmbH)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-18] (AVAST Software)
HKLM-x32\...\Run: [Hawking UDS Control Center] => C:\Program Files (x86)\Longshine\LCS USB Device Server\Control Center.exe [5542400 2012-09-25] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [rlTool] => C:\Programme\raum level 7\rlTool
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [DymoQuickPrint] => E:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe [1885944 2010-01-27] (Sanford, L.P.)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-18] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2015-09-27]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{0733BC2F-BB0F-47DC-A86F-957B15EE11DD}\app_icon.ico ()
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-28]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C58D763-41C6-4041-B6D3-EBEE7B6362CD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E369D0A3-0931-4B51-B740-A0895A43BAA8}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2344473906-2606427249-3890557636-1002 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-18] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-18] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731
FF NewTab: about:blank
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1212152.dll [Keine Datei]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2344473906-2606427249-3890557636-1002: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Josef\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-16] (RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\searchplugins\piesearch.xml [2015-10-14]
FF Extension: MCGutschein.com - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\Extensions\mail@mcgutschein.com.xpi [2015-05-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-14] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [smartffsearch@gmail.com] - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\extensions\smartffsearch@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [ffsmartsearchbar@gmail.com] - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\extensions\ffsmartsearchbar@gmail.com => nicht gefunden
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-19]
CHR Extension: (Google Docs) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-19]
CHR Extension: (Google Drive) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-19]
CHR Extension: (YouTube) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-19]
CHR Extension: (Google-Suche) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-19]
CHR Extension: (Google Tabellen) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-14]
CHR Extension: (Avast Online Security) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-19]
CHR Extension: (Google Mail) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-18] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-10-18] (Avast Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [Datei ist nicht signiert]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S2 lxecCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\WINDOWS\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\WINDOWS\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer1437.exe [236816 2015-10-09] (MustangService)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1711352 2015-09-14] (O&O Software GmbH)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688784 2015-07-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-09-24] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-18] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2014-06-21] (AVM Berlin)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2015-02-28] (Alcohol Soft Development Team)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LongshineUDSMBus; C:\Windows\SysWow64\Drivers\LongshineUDSMBus.sys [102688 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
R3 LongshineUDSTcpBus; C:\Windows\SysWow64\Drivers\LongshineUDSTcpBus.sys [181024 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-18] (AVAST Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-02-28] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-10-18] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-19 13:39 - 2015-10-19 13:40 - 00023413 _____ C:\Users\Josef\Desktop\FRST.txt
2015-10-19 13:39 - 2015-10-19 13:39 - 02196992 _____ (Farbar) C:\Users\Josef\Desktop\FRST64.exe
2015-10-19 13:39 - 2015-10-19 13:39 - 00000000 ____D C:\FRST
2015-10-19 12:08 - 2015-10-19 12:09 - 04097654 _____ C:\Users\Josef\Desktop\rundll.bmp
2015-10-18 21:46 - 2015-10-18 21:46 - 01691648 _____ C:\Users\Josef\Downloads\adwcleaner_5.014.exe
2015-10-18 21:32 - 2015-10-18 21:32 - 842798427 _____ C:\WINDOWS\MEMORY.DMP
2015-10-18 21:32 - 2015-10-18 21:32 - 00280024 _____ C:\WINDOWS\Minidump\101815-20328-01.dmp
2015-10-18 19:13 - 2015-10-18 19:13 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-18 19:13 - 2015-10-18 19:13 - 00132656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-10-18 19:13 - 2015-10-18 19:13 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-18 19:01 - 2015-10-19 13:39 - 00000000 ____D C:\AdwCleaner
2015-10-18 18:56 - 2015-10-19 11:04 - 00001259 _____ C:\WINDOWS\setupact.log
2015-10-18 18:56 - 2015-10-18 18:56 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-18 16:41 - 2015-10-18 19:14 - 00003278 _____ C:\WINDOWS\PFRO.log
2015-10-18 16:30 - 2015-10-18 16:30 - 00001401 _____ C:\Users\Josef\Desktop\CCleaner64 - Verknüpfung.lnk
2015-10-18 16:29 - 2015-10-18 16:34 - 00000000 ____D C:\Program Files\CCleaner
2015-10-18 16:29 - 2015-10-18 16:29 - 00002790 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-10-18 16:29 - 2015-10-18 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-18 16:13 - 2015-10-18 16:13 - 00015714 _____ C:\Users\Josef\Desktop\Report.txt
2015-10-17 15:53 - 2015-09-23 12:42 - 44302336 _____ C:\Users\Josef\Desktop\RT-AC87U_3.0.0.4_378_9177-ge585a63.trx
2015-10-17 14:22 - 2015-10-17 14:22 - 00000913 _____ C:\Users\Josef\Documents\Bilder - Verknüpfung.lnk
2015-10-16 16:32 - 2015-10-16 16:32 - 06220854 _____ C:\Users\Josef\Desktop\Einstellung Rufnummernnutzung.bmp
2015-10-16 16:31 - 2015-10-16 16:31 - 06220854 _____ C:\Users\Josef\Desktop\Internet Telefonie.bmp
2015-10-16 16:29 - 2015-10-16 16:32 - 06220854 _____ C:\Users\Josef\Desktop\Rufnummernzuordnung.bmp
2015-10-16 16:28 - 2015-10-16 16:28 - 06220854 _____ C:\Users\Josef\Desktop\Zugangsdaten.bmp
2015-10-15 07:18 - 2015-09-19 05:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-15 07:18 - 2015-09-18 15:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 16:37 - 2015-10-14 16:37 - 00000000 ____D C:\ProgramData\TempMoudleSet
2015-10-14 07:13 - 2015-09-29 14:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 07:13 - 2015-09-29 14:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 07:13 - 2015-09-29 14:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 07:13 - 2015-09-29 14:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 07:13 - 2015-09-29 14:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 07:13 - 2015-09-24 18:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 07:13 - 2015-09-24 18:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 07:13 - 2015-09-10 20:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 07:13 - 2015-09-10 19:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 07:13 - 2015-08-27 04:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 07:13 - 2015-08-27 04:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 07:13 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 07:13 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 07:13 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 07:13 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 07:13 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 07:12 - 2015-09-29 14:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 07:12 - 2015-09-28 20:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 07:12 - 2015-09-28 20:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 07:12 - 2015-09-28 20:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 07:12 - 2015-09-28 20:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 07:12 - 2015-09-28 20:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 07:12 - 2015-09-28 20:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 07:12 - 2015-09-28 20:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 07:12 - 2015-09-28 20:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 07:12 - 2015-09-28 20:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 07:12 - 2015-09-28 20:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 07:12 - 2015-09-28 20:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 07:12 - 2015-09-10 19:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 07:12 - 2015-09-10 19:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 07:12 - 2015-09-10 19:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 07:12 - 2015-09-10 19:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 07:12 - 2015-09-10 19:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 07:12 - 2015-09-10 19:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 07:12 - 2015-09-10 18:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 07:12 - 2015-09-10 18:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 07:12 - 2015-09-10 18:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 07:12 - 2015-09-10 18:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 07:12 - 2015-09-10 18:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 07:12 - 2015-09-10 18:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 07:12 - 2015-09-10 18:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 07:12 - 2015-09-10 18:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 07:12 - 2015-09-10 18:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 07:12 - 2015-09-10 18:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 07:12 - 2015-09-10 18:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 07:12 - 2015-09-10 18:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 07:12 - 2015-09-10 18:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 07:12 - 2015-09-10 18:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 07:12 - 2015-09-10 18:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 07:12 - 2015-09-10 18:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 07:12 - 2015-09-10 18:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 07:12 - 2015-09-10 18:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 07:12 - 2015-09-10 18:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 07:12 - 2015-09-10 18:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 07:12 - 2015-09-10 18:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 07:12 - 2015-09-10 17:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 07:12 - 2015-09-10 17:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 07:12 - 2015-09-10 17:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 07:12 - 2015-09-10 17:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 07:12 - 2015-09-10 17:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 07:12 - 2015-09-10 17:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 07:12 - 2015-09-10 17:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 07:12 - 2015-09-10 17:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 07:12 - 2015-09-10 17:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 07:12 - 2015-09-10 17:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:12 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-09 14:45 - 2015-10-09 14:45 - 00000000 ____D C:\ProgramData\ATI
2015-10-09 14:43 - 2015-10-18 19:13 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-10-09 14:39 - 2015-10-09 14:39 - 00058877 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510091439006155.log
2015-10-09 14:38 - 2015-10-09 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-10-09 14:36 - 2015-10-09 14:38 - 00000000 ____D C:\Program Files\AMD
2015-10-09 14:36 - 2015-10-09 14:36 - 00000000 ____D C:\Program Files (x86)\AMD
2015-10-09 14:34 - 2015-10-09 14:34 - 00000382 _____ C:\SetupCD.txt
2015-10-08 17:07 - 2015-10-18 21:32 - 00000322 _____ C:\WINDOWS\Tasks\PUNWNRG.job
2015-10-08 17:07 - 2015-10-08 17:07 - 00229376 __RSH C:\WINDOWS\SysWOW64\tzutilp.dll
2015-10-08 17:07 - 2015-10-08 17:07 - 00002594 _____ C:\WINDOWS\System32\Tasks\PUNWNRG
2015-09-30 11:01 - 2015-09-30 11:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\Program Files\iTunes
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\Program Files\iPod
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-30 10:57 - 2015-09-30 10:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-30 10:57 - 2015-09-30 10:57 - 00000000 ____D C:\Program Files\Bonjour
2015-09-30 10:57 - 2015-09-30 10:57 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-30 10:57 - 2015-09-30 10:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-30 10:53 - 2015-09-30 10:53 - 00000000 ____D C:\ProgramData\Softorino
2015-09-30 10:50 - 2015-09-30 10:50 - 00000000 ____D C:\Program Files (x86)\ThinkSky
2015-09-27 12:42 - 2015-09-27 12:42 - 00000000 ____D C:\Users\Josef\AppData\Local\O&O
2015-09-27 12:41 - 2015-10-18 16:13 - 00002507 _____ C:\Users\Public\Desktop\O&O Defrag.lnk
2015-09-27 12:41 - 2015-09-28 21:58 - 00000000 ____D C:\WINDOWS\system32\oodag
2015-09-27 12:41 - 2015-09-27 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
2015-09-27 12:41 - 2015-09-27 12:41 - 00000000 ____D C:\Program Files\OO Software
2015-09-27 12:40 - 2015-09-27 12:40 - 00000000 ____D C:\ProgramData\OO Software
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-19 13:33 - 2015-03-21 00:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-19 13:33 - 2014-06-14 21:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-19 13:31 - 2015-05-09 13:23 - 00000000 ____D C:\Users\Josef\Documents\Outlook-Dateien
2015-10-19 13:25 - 2014-06-14 21:39 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F55D3A2-2388-4DD7-9565-979A5493EF05}
2015-10-19 13:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-19 12:57 - 2015-03-19 08:27 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-19 12:44 - 2015-07-20 17:27 - 00000420 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-10-19 12:26 - 2015-05-09 13:39 - 00000000 ____D C:\Users\Josef\AppData\Local\AC8A50B3-8E60-4D77-B3C3-906049DCE764.aplzod
2015-10-19 12:11 - 2014-05-03 17:58 - 01718716 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-19 12:10 - 2014-07-04 15:20 - 01265664 ___SH C:\Users\Josef\Desktop\Thumbs.db
2015-10-19 12:09 - 2014-06-15 13:14 - 00007604 _____ C:\Users\Josef\AppData\Local\Resmon.ResmonCfg
2015-10-19 09:23 - 2014-06-15 13:24 - 00000000 ____D C:\Program Files\raum level 7
2015-10-19 07:03 - 2015-03-19 08:27 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-19 07:03 - 2014-07-04 15:26 - 01056484 _____ C:\ProgramData\lxecscan.log
2015-10-19 07:02 - 2015-03-19 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-10-19 07:02 - 2015-03-19 08:24 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-10-19 07:02 - 2014-06-14 21:11 - 00000000 __RDO C:\Users\Josef\SkyDrive
2015-10-18 23:36 - 2014-06-14 20:41 - 00000000 ____D C:\Users\Josef
2015-10-18 23:23 - 2014-06-14 20:47 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2344473906-2606427249-3890557636-1002
2015-10-18 21:32 - 2015-01-10 21:51 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-18 21:32 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-18 19:13 - 2014-06-14 21:47 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00448968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-18 19:13 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-18 19:02 - 2014-05-03 18:20 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-10-18 18:58 - 2014-06-15 08:26 - 00002189 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2015-10-18 16:36 - 2013-08-31 18:36 - 00000000 ____D C:\WINDOWS\Panther
2015-10-18 16:13 - 2015-07-20 17:27 - 00002154 _____ C:\Users\Josef\Desktop\HP Photo Creations.lnk
2015-10-18 16:13 - 2015-06-27 11:26 - 00000651 _____ C:\Users\Josef\Desktop\P-Touch.lnk
2015-10-18 16:13 - 2015-05-25 20:23 - 00002122 _____ C:\Users\Josef\Desktop\Sigma Data Center 4.0.lnk
2015-10-18 16:13 - 2015-05-25 20:19 - 00001020 _____ C:\Users\Public\Desktop\Sigma Data Center 2.1.lnk
2015-10-18 16:13 - 2015-05-09 13:30 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-18 16:13 - 2015-05-09 12:23 - 00002862 _____ C:\Users\Josef\Desktop\Outlook 2013.lnk
2015-10-18 16:13 - 2015-05-01 00:33 - 00001103 _____ C:\Users\Public\Desktop\GPS Master 2.0.14.lnk
2015-10-18 16:13 - 2015-04-18 08:55 - 00001448 _____ C:\Users\Josef\Desktop\CopyTrans Control Center.lnk
2015-10-18 16:13 - 2015-04-11 11:25 - 00002183 _____ C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
2015-10-18 16:13 - 2015-04-11 11:25 - 00001177 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet Pro 8610.lnk
2015-10-18 16:13 - 2015-04-11 11:25 - 00000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-10-18 16:13 - 2015-03-21 00:18 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-18 16:13 - 2015-03-19 08:28 - 00002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-18 16:13 - 2015-03-15 19:23 - 00001923 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-10-18 16:13 - 2015-02-28 11:16 - 00003035 _____ C:\Users\Josef\Desktop\Excel 2013.lnk
2015-10-18 16:13 - 2015-02-28 11:16 - 00003013 _____ C:\Users\Josef\Desktop\Word 2013.lnk
2015-10-18 16:13 - 2015-02-28 11:16 - 00002935 _____ C:\Users\Josef\Desktop\PowerPoint 2013.lnk
2015-10-18 16:13 - 2015-02-28 11:08 - 00001198 _____ C:\Users\Public\Desktop\Alcohol 52%.lnk
2015-10-18 16:13 - 2015-02-01 15:57 - 00000623 _____ C:\Users\Josef\Desktop\PTLITE10 - Verknüpfung.lnk
2015-10-18 16:13 - 2015-01-24 12:06 - 00001177 _____ C:\Users\Public\Desktop\DYMO Label v.8.lnk
2015-10-18 16:13 - 2014-12-18 18:48 - 00001100 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-10-18 16:13 - 2014-12-18 18:48 - 00001080 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-10-18 16:13 - 2014-12-18 18:43 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-18 16:13 - 2014-12-18 18:43 - 00002044 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-10-18 16:13 - 2014-12-18 18:35 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-10-18 16:13 - 2014-12-10 19:09 - 00002012 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-10-18 16:13 - 2014-12-07 13:42 - 00001407 _____ C:\Users\Josef\Desktop\rlTool.lnk
2015-10-18 16:13 - 2014-10-16 18:29 - 00001145 _____ C:\Users\Josef\Desktop\Bewerbung Sabine - Verknüpfung.lnk
2015-10-18 16:13 - 2014-08-30 13:57 - 00001381 _____ C:\Users\Josef\Desktop\svnet - Verknüpfung.lnk
2015-10-18 16:13 - 2014-07-31 22:49 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00001595 _____ C:\Users\Josef\Desktop\raum level10.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00000801 _____ C:\Users\Public\Desktop\Fernwartung NetViewer.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00000776 _____ C:\Users\Public\Desktop\Fernwartung TeamViewer.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00000756 _____ C:\Users\Public\Desktop\Zuschnittoptimierung.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00000734 _____ C:\Users\Public\Desktop\rlDatev.lnk
2015-10-18 16:13 - 2014-06-14 21:42 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-18 16:13 - 2014-06-14 21:42 - 00001168 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-18 16:13 - 2014-06-14 21:13 - 00002519 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2015-10-18 16:13 - 2014-06-14 21:13 - 00002246 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-10-18 16:13 - 2014-06-14 20:41 - 00001465 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-18 16:13 - 2014-05-03 18:28 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2015-10-18 16:13 - 2014-01-04 03:31 - 00002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-10-18 16:13 - 2013-12-29 12:05 - 00002237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-10-17 23:55 - 2014-06-14 21:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 23:55 - 2014-06-14 21:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-17 23:55 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Web
2015-10-17 19:47 - 2014-06-30 19:57 - 00098816 ___SH C:\Users\Josef\Downloads\Thumbs.db
2015-10-17 19:29 - 2015-03-21 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-10-17 19:29 - 2015-03-21 00:18 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-10-17 13:33 - 2014-06-14 21:53 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-17 12:38 - 2014-06-21 13:55 - 00003759 _____ C:\Users\Josef\Desktop\Sepa.xml
2015-10-17 10:53 - 2015-03-21 01:32 - 00000000 ____D C:\Users\Josef\Desktop\Alte Firefox-Daten
2015-10-16 17:42 - 2014-05-04 03:48 - 00778714 _____ C:\WINDOWS\system32\perfh007.dat
2015-10-16 17:42 - 2014-05-04 03:48 - 00163510 _____ C:\WINDOWS\system32\perfc007.dat
2015-10-16 17:42 - 2013-08-31 17:40 - 01804290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-16 16:30 - 2015-01-05 09:57 - 00000000 __SHD C:\Users\Josef\AppData\LocalLow\EmieBrowserModeList
2015-10-16 16:30 - 2014-06-28 12:54 - 00000000 __SHD C:\Users\Josef\AppData\LocalLow\EmieUserList
2015-10-16 16:25 - 2015-01-05 09:57 - 00000000 __SHD C:\Users\Josef\AppData\Local\EmieBrowserModeList
2015-10-16 16:25 - 2014-06-21 19:08 - 00000000 __SHD C:\Users\Josef\AppData\Local\EmieUserList
2015-10-16 16:25 - 2014-06-21 19:08 - 00000000 __SHD C:\Users\Josef\AppData\Local\EmieSiteList
2015-10-16 16:23 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-16 16:14 - 2014-06-28 12:54 - 00000000 __SHD C:\Users\Josef\AppData\LocalLow\EmieSiteList
2015-10-16 08:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-15 13:04 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-15 07:45 - 2015-02-28 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-15 07:45 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-15 07:44 - 2015-02-28 11:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 07:42 - 2013-08-22 15:25 - 00000301 _____ C:\WINDOWS\win.ini
2015-10-15 07:38 - 2014-12-10 15:17 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 07:38 - 2014-07-11 08:09 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-14 16:59 - 2015-06-03 10:45 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2015-10-13 20:17 - 2014-06-14 20:41 - 00000000 ____D C:\Users\Josef\AppData\Local\Packages
2015-10-13 12:36 - 2014-12-26 08:33 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-12 17:02 - 2015-04-07 13:17 - 00000000 ____D C:\Users\Josef\Desktop\Bewerbung Severin
2015-10-09 14:38 - 2014-05-03 17:59 - 00000000 ____D C:\ProgramData\AMD
2015-10-09 14:36 - 2014-05-03 17:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-09 14:34 - 2014-05-03 17:58 - 00000000 ___HD C:\AMD
2015-10-08 18:06 - 2015-04-06 20:56 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-08 18:06 - 2015-04-06 20:56 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-08 07:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-05 09:50 - 2015-03-21 00:18 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-03-21 00:18 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-03-21 00:18 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-02 16:24 - 2015-03-11 16:32 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 16:24 - 2015-03-11 16:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-30 11:02 - 2015-05-09 13:32 - 00000000 ____D C:\Users\Josef\AppData\Roaming\Apple Computer
2015-09-30 10:59 - 2015-08-16 09:32 - 00000000 ____D C:\Users\Josef\AppData\Local\Apple Computer
2015-09-30 10:58 - 2015-05-09 13:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-30 10:57 - 2015-01-24 12:06 - 00000000 ____D C:\ProgramData\Apple
2015-09-22 15:15 - 2014-09-26 13:45 - 00000000 ____D C:\Users\Josef\AppData\Roaming\PlayFirst
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-01-24 12:04 - 2015-01-24 12:06 - 0044120 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2015-05-09 13:17 - 2015-05-09 14:56 - 0028048 _____ () C:\Users\Josef\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2014-12-21 13:47 - 2014-12-21 13:47 - 0004075 _____ () C:\Users\Josef\AppData\Local\recently-used.xbel
2014-06-15 13:14 - 2015-10-19 12:09 - 0007604 _____ () C:\Users\Josef\AppData\Local\Resmon.ResmonCfg
2015-04-11 11:25 - 2015-04-11 11:25 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-03-23 12:56 - 2015-03-23 12:56 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-05-03 17:59 - 2014-05-03 17:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-04 15:31 - 2014-07-04 15:31 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-07-04 15:32 - 2015-03-19 15:40 - 0356708 _____ () C:\ProgramData\lxecJSW.log
2014-07-04 15:26 - 2015-10-19 07:03 - 1056484 _____ () C:\ProgramData\lxecscan.log
2015-03-23 12:56 - 2015-03-23 12:56 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-12-11 16:59 - 2014-12-11 16:59 - 0859891 _____ () C:\ProgramData\SPLCACC.tmp
2014-07-04 15:30 - 2014-07-04 15:30 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
Einige Dateien in TEMP:
====================
C:\Users\Josef\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-10-12 07:15
==================== Ende von FRST.txt ============================
4. Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-10-2015
durchgeführt von Josef (2015-10-19 13:40:57)
Gestartet von C:\Users\Josef\Desktop
Windows 8.1 (X64) (2014-06-14 18:41:20)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2344473906-2606427249-3890557636-500 - Administrator - Disabled)
Gast (S-1-5-21-2344473906-2606427249-3890557636-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2344473906-2606427249-3890557636-1004 - Limited - Enabled)
Josef (S-1-5-21-2344473906-2606427249-3890557636-1002 - Administrator - Enabled) => C:\Users\Josef
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\CopyTrans Suite) (Version: 3.01 - WindSolutions)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPS Master 2.0.14 (HKLM-x32\...\GPS Master_is1) (Version: 1.0 - GPS Master)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{C1586445-E3CA-45F0-A754-E6C2784CDDB7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Hilfe (HKLM-x32\...\{2466D8D5-4856-4492-BDEF-48A640F58866}) (Version: 32.0.0 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\HP Photo Creations) (Version: 1.0.0.18922 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
LCS USB Device Server (HKLM-x32\...\{FC9F1D8E-D3C0-47D4-A2E0-9634E3D48BDA}) (Version: 2.41 - Ihr Firmenname)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
O&O Defrag Professional (HKLM\...\{0733BC2F-BB0F-47DC-A86F-957B15EE11DD}) (Version: 19.0.87 - O&O Software GmbH)
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
raum level10 (HKLM-x32\...\raum level10) (Version: raum level9.1 - Kaiser edv-Konzept)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.11.0 - Lenovo Group Limited)
Sigma Data Center 2.1 (HKLM-x32\...\SigmaDataCenter21.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.1.0 - Sigma Elektro GmbH)
Sigma Data Center 2.1 (x32 Version: 2.1.0 - Sigma Elektro GmbH) Hidden
Sigma Data Center 4.0 (HKLM-x32\...\Sigma Data Center4.0) (Version: 4.0 - Sigma Elektro GmbH)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{9ED2609F-7D30-4F44-B706-5EDAA730FE3E}) (Version: 10 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 15.1 - ITSG GmbH)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports (01/04/2013 5.1.2600.5512) (HKLM\...\08AE394D2BC5301A3A34A857B6DA63FB7C7B050A) (Version: 01/04/2013 5.1.2600.5512 - SIGMA Elektro GmbH)
Windows-Treiberpaket - Sunplus (SPCP825K) Ports (07/01/2010 1.0.9.0) (HKLM\...\20986CDBFBCA238AA12329A115B1CC9D88E9C06C) (Version: 07/01/2010 1.0.9.0 - Sunplus)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version: - Zylom Games)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {153E23A6-D147-4C5E-A0D9-5347E64F28FD} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Josef\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-07-25] ()
Task: {1BF1A238-FB61-4BB5-B309-5D3936A88870} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {416843E6-F848-422D-B8E1-02F71893136C} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {509850F1-C6B5-4A89-A1A2-B7640F5EB5AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-18] (AVAST Software)
Task: {57CDE412-2211-41BF-98B8-A7A3E7501299} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C8FD064-429B-469D-A92B-F46481443B5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {6598DC21-5AA5-45F1-8DED-2705A4A33A7C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {66B7119F-923E-4606-91B4-E5A7F4E138A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6C98F6D7-CC14-44EA-8FFC-92F841433837} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {73052BCE-260E-477E-955A-A1E968C4BC8C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {7350272A-8B71-4D47-8E52-FB90E2EAE17B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {81157E6A-3277-4FBB-AE87-BBD9D2C0ECA7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\CompatTelRunner.exe [2015-09-19] (Microsoft Corporation)
Task: {9050BF4D-E8A1-4B94-A9FE-3CAD6DBD1718} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {942035DE-33D8-420A-82C3-1E2AC69F6DE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A117A975-A939-4DF8-A3B5-EC7F54F6E36F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B113C27C-9CAB-4BB0-90B0-CE568F7FB81E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C6A80DFC-A4F7-4D68-9BE1-058E977C797D} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {C809464A-EF4A-4694-BAB7-0A2C45928E12} - System32\Tasks\PUNWNRG => Rundll32.exe "C:\WINDOWS\SysWOW64\tzutilp.dll",USHURS
Task: {E8F75B39-77D4-4D55-915E-8648C140A374} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {EC8690D4-3856-41CE-9388-E5E784BF6372} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {EFB8AD79-6D4F-4D38-AC66-76172A97868D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F0EAB462-0ACE-4818-A259-19E4199D2489} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\Josef\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\PUNWNRG.job => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SysWOW64\tzutilp.dll
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-07-04 15:27 - 2009-11-04 13:18 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-03 18:00 - 2011-08-16 20:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-05-03 18:24 - 2013-05-14 20:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-07-04 15:30 - 2013-01-23 13:35 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2014-07-04 15:30 - 2013-01-23 13:35 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
2014-05-03 18:00 - 2011-08-16 20:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2012-09-25 10:03 - 2012-09-25 10:03 - 05542400 _____ () C:\Program Files (x86)\Longshine\LCS USB Device Server\Control Center.exe
2015-08-04 00:25 - 2015-08-04 00:25 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-10-18 19:13 - 2015-10-18 19:13 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-18 19:13 - 2015-10-18 19:13 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-18 18:56 - 2015-10-18 18:56 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15101801\algo.dll
2015-10-19 13:16 - 2015-10-19 13:16 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15101900\algo.dll
2015-08-04 08:02 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2014-07-04 15:30 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
2014-07-04 15:30 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
2014-07-04 15:30 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2014-07-04 15:30 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2014-07-04 15:30 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2014-07-04 15:30 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
2014-07-04 15:30 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
2014-07-04 15:30 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2014-07-04 15:30 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2014-07-04 15:30 - 2009-06-23 06:09 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2014-07-04 15:30 - 2009-06-23 06:10 - 00045056 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
2014-07-04 15:30 - 2009-06-23 06:11 - 00102400 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2014-07-04 15:30 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
2014-07-04 15:30 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
2014-03-20 22:50 - 2014-03-20 22:50 - 00093696 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-05-03 18:00 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-10-18 19:13 - 2015-10-18 19:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Josef\SkyDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Josef\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{14FE2D70-D55E-4BB6-ABC1-7808B8CB6C22}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{03DA3C43-8124-4BCD-8137-F9DAA5A3FA84}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{BBFEC3BD-45CA-4566-BF8C-B8E3FEDF08DE}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7268A5A1-2124-4B40-A018-E84DDC6608C7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F2E7BFB3-28C6-4905-95E4-E6117C5704A7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{80DB8452-3709-4F3A-90E6-9B7662384B89}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{6D7E8ED9-7B12-450D-B47D-174674E514D5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{8160F066-E1FF-4A2B-9E21-02FD9CDFEC6F}] => (Allow) C:\Users\Josef\AppData\Local\Apps\2.0\H2JP4T58.8NZ\KG6PJACM.6YH\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{3AB47C36-75AF-4519-8D6E-D894D578F38E}] => (Allow) C:\Users\Josef\AppData\Local\Apps\2.0\H2JP4T58.8NZ\KG6PJACM.6YH\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{F69EDECC-1FC9-46AB-A20B-766C6CE0DBF9}] => (Allow) C:\WINDOWS\system32\lxeccoms.exe
FirewallRules: [{C68D86CF-0F21-4870-848B-72233EC9DD89}] => (Allow) C:\WINDOWS\system32\LXECcoms.exe
FirewallRules: [{4B5EE771-0AA3-4894-AD39-222885F1C82A}] => (Allow) C:\WINDOWS\system32\LXECcoms.exe
FirewallRules: [TCP Query User{89FA5209-6E69-47CE-9B2D-94B7DCF0B0CA}C:\program files (x86)\longshine\lcs usb device server\control center.exe] => (Allow) C:\program files (x86)\longshine\lcs usb device server\control center.exe
FirewallRules: [UDP Query User{2D46FAF1-A66F-428F-B6FE-73D5AC6F940C}C:\program files (x86)\longshine\lcs usb device server\control center.exe] => (Allow) C:\program files (x86)\longshine\lcs usb device server\control center.exe
FirewallRules: [TCP Query User{8BAF266E-3872-4F47-BCBA-EBE12DD33D1C}C:\users\josef\appdata\local\apps\2.0\h2jp4t58.8nz\kg6pjacm.6yh\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe] => (Allow) C:\users\josef\appdata\local\apps\2.0\h2jp4t58.8nz\kg6pjacm.6yh\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{3FE0C159-0D44-4D77-8531-67C8F1529C35}C:\users\josef\appdata\local\apps\2.0\h2jp4t58.8nz\kg6pjacm.6yh\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe] => (Allow) C:\users\josef\appdata\local\apps\2.0\h2jp4t58.8nz\kg6pjacm.6yh\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [TCP Query User{7F374F63-AEB2-4C67-A510-02A8CD1F62AC}C:\program files (x86)\longshine\lcs usb device server\control center.exe] => (Allow) C:\program files (x86)\longshine\lcs usb device server\control center.exe
FirewallRules: [UDP Query User{A526AC58-B9E8-46B2-B9B0-5210A35A5153}C:\program files (x86)\longshine\lcs usb device server\control center.exe] => (Allow) C:\program files (x86)\longshine\lcs usb device server\control center.exe
FirewallRules: [{8598F5C9-BA35-4290-8DD9-E44EBF23E419}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{5D652749-9E40-4A06-89EE-0805EBEAEB5C}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{28704746-0906-46B6-A310-CF4417FB9E23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68FCD1DC-8B06-42FD-BF1C-03583575CA25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7D29D210-D905-491E-BCC7-0D1AFB6F3C90}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{81A1CE36-075B-45B8-89E2-734790340B48}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E379C5B0-4193-47C6-BBFF-AAC7AE82CECB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{0D88B932-9E42-4658-8111-203ADD9FD834}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{C59E9EAF-521D-4C98-B732-6930C48F110B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{A089564E-3392-47BD-A427-42BBC5B3533A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{EAE1E539-E5E5-4812-A3D3-65D2D3445061}] => (Allow) LPort=5357
FirewallRules: [{4D5443C7-5677-412E-910A-9101A9F34D20}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A3A4EAD4-F6B3-42C8-8272-DA564BA28B5B}] => (Allow) C:\Program Files (x86)\GPS Master 2.0.14\GPS Master.exe
FirewallRules: [{98ABDE46-BAA0-44C1-86F6-9296B770434B}] => (Allow) C:\Program Files (x86)\GPS Master 2.0.14\GPS Master.exe
FirewallRules: [{B1AE9B5D-057A-4230-85AF-4E2181D8CB55}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{F3D00612-A962-4E65-B6C8-8A2DEB671E45}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{7AA39C28-B17F-48E3-93ED-037C730AB691}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{7CAC8C95-EA8D-4002-AE50-B325398A0175}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{4A3AA770-8DC8-4C46-AE68-2CC21F3E7268}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C85B6AA7-F6EA-4A8B-9F0C-B4650A153788}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{70310C3C-993F-487C-B7E3-316504F36DAF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{596E9EBB-0A5D-416F-8D3D-B6144B656AA8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7BB832B1-953A-41D3-AB91-D351F26958BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3812B759-CECB-49ED-9B4C-414BB355B8F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD741C1A-E041-487F-9BE5-6EA7F79B9B57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB10A816-F484-4928-A82A-607DEB539A0A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B97E5878-3E9D-459E-BC50-5F9705299CFD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F730DD7F-441A-4F02-A106-1C42F6792994}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0FCFC1E8-0BBD-419E-87D2-DD1A13820FF2}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{BB00BF90-1B6F-4ADE-8CD4-B0BD57B5A91F}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{5EE03D54-EF00-4B3B-9370-3F0F7D0C3244}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E6F46888-84D8-44C3-9CF1-A75248BE9AB6}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4A0FEE90-6B51-48E4-91DD-69405805D430}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9A909522-A7F4-4F67-8278-CAF9B7C96366}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/19/2015 07:06:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „soluteGmbH.billiger.deforLenovo_r04g846gqtkq0!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/19/2015 07:02:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance(CLSID_VSSCoordinator)" ist ein unerwarteter Fehler aufgetreten. hr = 0x800401f0, CoInitialize wurde nicht aufgerufen.
.
Error: (10/19/2015 07:02:34 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "Coordinator" kann nicht gestartet werden. [0x800401f0, CoInitialize wurde nicht aufgerufen.
]
Error: (10/19/2015 07:02:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance(CLSID_VSSCoordinator)" ist ein unerwarteter Fehler aufgetreten. hr = 0x800401f0, CoInitialize wurde nicht aufgerufen.
.
Error: (10/19/2015 07:02:34 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "Coordinator" kann nicht gestartet werden. [0x800401f0, CoInitialize wurde nicht aufgerufen.
]
Error: (10/18/2015 08:25:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/18/2015 08:25:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/18/2015 08:25:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „soluteGmbH.billiger.deforLenovo_r04g846gqtkq0!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/18/2015 08:01:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „soluteGmbH.billiger.deforLenovo_r04g846gqtkq0!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/18/2015 07:15:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance(CLSID_VSSCoordinator)" ist ein unerwarteter Fehler aufgetreten. hr = 0x800401f0, CoInitialize wurde nicht aufgerufen.
.
Systemfehler:
=============
Error: (10/19/2015 01:20:56 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.
Error: (10/18/2015 11:36:14 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOPC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/18/2015 09:33:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/18/2015 09:33:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.
Error: (10/18/2015 09:32:52 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000119 (0x0000000000000002, 0xffffffffc000000d, 0xffffd00024be66e0, 0xffffe001b0594300)C:\WINDOWS\MEMORY.DMP101815-20328-01
Error: (10/18/2015 09:32:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.10.2015 um 21:14:15 unerwartet heruntergefahren.
Error: (10/18/2015 08:29:52 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.
Error: (10/18/2015 07:14:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/18/2015 07:14:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.
Error: (10/18/2015 07:09:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
CodeIntegrity:
===================================
Date: 2015-06-25 10:16:11.587
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-19 07:39:21.125
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD A10-6700 APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 39%
Installierter physikalischer RAM: 7358.7 MB
Verfügbarer physikalischer RAM: 4439.79 MB
Summe virtueller Speicher: 14782.7 MB
Verfügbarer virtueller Speicher: 11477.45 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:834.51 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: () (Fixed) (Total:186.3 GB) (Free:17.84 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E4621F56)
Partition: GPT.
========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 3F8BD79B)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 1521 KB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Geändert von Gangster (19.10.2015 um 13:10 Uhr) |
|
19.10.2015, 12:53
| #4 |
| | rundll32.exe verursacht massiven Traffic Und noch ein Teil Und TDSSKiller Code:
ATTFilter 13:44:01.0974 0x14d8 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
13:44:01.0990 0x14d8 UEFI system
13:44:06.0396 0x14d8 ============================================================
13:44:06.0396 0x14d8 Current date / time: 2015/10/19 13:44:06.0396
13:44:06.0396 0x14d8 SystemInfo:
13:44:06.0396 0x14d8
13:44:06.0396 0x14d8 OS Version: 6.3.9600 ServicePack: 0.0
13:44:06.0396 0x14d8 Product type: Workstation
13:44:06.0396 0x14d8 ComputerName: LENOVOPC
13:44:06.0396 0x14d8 UserName: Josef
13:44:06.0396 0x14d8 Windows directory: C:\WINDOWS
13:44:06.0396 0x14d8 System windows directory: C:\WINDOWS
13:44:06.0396 0x14d8 Running under WOW64
13:44:06.0396 0x14d8 Processor architecture: Intel x64
13:44:06.0396 0x14d8 Number of processors: 4
13:44:06.0396 0x14d8 Page size: 0x1000
13:44:06.0397 0x14d8 Boot type: Normal boot
13:44:06.0397 0x14d8 ============================================================
13:44:07.0649 0x14d8 KLMD registered as C:\WINDOWS\system32\drivers\85651765.sys
13:44:08.0158 0x14d8 System UUID: {3AA337BB-AA60-53CC-D1D3-4257DB0C5426}
13:44:08.0862 0x14d8 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:44:08.0894 0x14d8 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 ( 186.31 Gb ), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:44:08.0906 0x14d8 Drive \Device\Harddisk2\DR3 - Size: 0x17C200 ( 0.00 Gb ), SectorSize: 0x200, Cylinders: 0xBE1, SectorsPerTrack: 0x1, TracksPerCylinder: 0x1, Type 'W'
13:44:08.0909 0x14d8 ============================================================
13:44:08.0909 0x14d8 \Device\Harddisk0\DR0:
13:44:08.0909 0x14d8 GPT partitions:
13:44:08.0937 0x14d8 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {70248DF4-AA27-4A09-8B92-B3A9E27552F6}, Name: , StartLBA 0x800, BlocksNum 0x1F4000
13:44:08.0937 0x14d8 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {867C6BE8-2AD8-4419-930A-1219219EB17A}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
13:44:08.0937 0x14d8 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {1853C072-DF79-4526-BE0C-D6F7BA238BD1}, Name: , StartLBA 0x276800, BlocksNum 0xFA000
13:44:08.0937 0x14d8 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4A47D653-8620-464A-883F-F703E26D63AD}, Name: Microsoft reserved partition, StartLBA 0x370800, BlocksNum 0x40000
13:44:08.0937 0x14d8 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {39D414D4-E6AE-405A-8A9C-42805DD20FCA}, Name: Basic data partition, StartLBA 0x3B0800, BlocksNum 0x71282000
13:44:08.0937 0x14d8 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {9D8628C4-E9F2-46B3-B6F0-D6E5E1BAFFE3}, Name: , StartLBA 0x71632800, BlocksNum 0x30D4000
13:44:08.0937 0x14d8 MBR partitions:
13:44:08.0937 0x14d8 \Device\Harddisk1\DR1:
13:44:08.0938 0x14d8 MBR partitions:
13:44:08.0938 0x14d8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
13:44:08.0938 0x14d8 \Device\Harddisk2\DR3:
13:44:08.0939 0x14d8 MBR partitions:
13:44:08.0939 0x14d8 \Device\Harddisk2\DR3\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0xBE0
13:44:08.0939 0x14d8 ============================================================
13:44:08.0960 0x14d8 C: <-> \Device\Harddisk0\DR0\Partition5
13:44:08.0975 0x14d8 E: <-> \Device\Harddisk1\DR1\Partition1
13:44:08.0975 0x14d8 ============================================================
13:44:08.0975 0x14d8 Initialize success
13:44:08.0975 0x14d8 ============================================================
13:44:32.0765 0x0770 ============================================================
13:44:32.0765 0x0770 Scan started
13:44:32.0765 0x0770 Mode: Manual; SigCheck; TDLFS;
13:44:32.0765 0x0770 ============================================================
13:44:32.0765 0x0770 KSN ping started
13:44:36.0415 0x0770 KSN ping finished: true
13:44:40.0374 0x0770 ================ Scan system memory ========================
13:44:40.0374 0x0770 System memory - ok
13:44:40.0375 0x0770 ================ Scan services =============================
13:44:40.0501 0x0770 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
13:44:40.0672 0x0770 1394ohci - ok
13:44:40.0722 0x0770 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
13:44:40.0866 0x0770 3ware - ok
13:44:40.0907 0x0770 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
13:44:40.0974 0x0770 ACPI - ok
13:44:40.0981 0x0770 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
13:44:41.0032 0x0770 acpiex - ok
13:44:41.0037 0x0770 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
13:44:41.0064 0x0770 acpipagr - ok
13:44:41.0069 0x0770 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
13:44:41.0100 0x0770 AcpiPmi - ok
13:44:41.0105 0x0770 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
13:44:41.0165 0x0770 acpitime - ok
13:44:41.0261 0x0770 [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:44:41.0283 0x0770 AdobeARMservice - ok
13:44:41.0410 0x0770 [ 8C194A201698B4B4F77D974549819D1F, 081A2496FE1CE519E48677D99A831FF1FEEB1B33C75224CF288FA52F3E0E5FF0 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:44:41.0435 0x0770 AdobeFlashPlayerUpdateSvc - ok
13:44:41.0478 0x0770 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
13:44:41.0525 0x0770 ADP80XX - ok
13:44:41.0555 0x0770 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
13:44:41.0573 0x0770 AeLookupSvc - ok
13:44:41.0607 0x0770 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
13:44:41.0712 0x0770 AFD - ok
13:44:41.0735 0x0770 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
13:44:41.0798 0x0770 agp440 - ok
13:44:41.0817 0x0770 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
13:44:41.0877 0x0770 ahcache - ok
13:44:41.0910 0x0770 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
13:44:41.0928 0x0770 ALG - ok
13:44:41.0952 0x0770 [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
13:44:41.0983 0x0770 AMD External Events Utility - ok
13:44:42.0034 0x0770 [ B12D8F8A42080B955D027EE56F5BD1C3, AA4763AF1D77F7F1FF3BFEC5B800E7E38F954C1488B19ED645B04FEC4D771A1C ] AMD FUEL Service C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
13:44:42.0046 0x0770 AMD FUEL Service - detected UnsignedFile.Multi.Generic ( 1 )
13:44:42.0448 0x0770 Detect skipped due to KSN trusted
13:44:42.0449 0x0770 AMD FUEL Service - ok
13:44:42.0455 0x0770 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
13:44:42.0513 0x0770 AmdK8 - ok
13:44:42.0538 0x0770 [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd C:\WINDOWS\system32\drivers\amdkmafd.sys
13:44:42.0589 0x0770 amdkmafd - ok
13:44:42.0593 0x0770 amdkmdag - ok
13:44:42.0644 0x0770 [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
13:44:42.0675 0x0770 amdkmdap - ok
13:44:42.0698 0x0770 [ C447E302174CD65D2CEFAB221BEA0E8D, 2DA7DAC35FD02D5F13B75E8D9BE994FBC17C26B8EA68E7880B4D553A148130BF ] amdkmpfd C:\WINDOWS\system32\drivers\amdkmpfd.sys
13:44:42.0745 0x0770 amdkmpfd - ok
13:44:42.0771 0x0770 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
13:44:42.0848 0x0770 AmdPPM - ok
13:44:42.0854 0x0770 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
13:44:42.0904 0x0770 amdsata - ok
13:44:42.0913 0x0770 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
13:44:42.0967 0x0770 amdsbs - ok
13:44:42.0973 0x0770 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
13:44:43.0015 0x0770 amdxata - ok
13:44:43.0032 0x0770 [ 9F10670B87E493CB7E91FC28A3CBFB39, 80AB4212AA655240E9B699467BB1A40C57E4016E3B898128B773782824E0A26E ] amd_sata C:\WINDOWS\system32\drivers\amd_sata.sys
13:44:43.0117 0x0770 amd_sata - ok
13:44:43.0126 0x0770 [ CB456201A3893830162F9894A5868952, 569510E46B188B24C16D7132B0ECCAA4CE60A5DAE733ECBB3D8A1595A5962AA3 ] amd_xata C:\WINDOWS\system32\drivers\amd_xata.sys
13:44:43.0188 0x0770 amd_xata - ok
13:44:43.0206 0x0770 [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3 C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:44:43.0228 0x0770 AODDriver4.3 - ok
13:44:43.0254 0x0770 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
13:44:43.0294 0x0770 AppID - ok
13:44:43.0307 0x0770 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
13:44:43.0322 0x0770 AppIDSvc - ok
13:44:43.0343 0x0770 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
13:44:43.0366 0x0770 Appinfo - ok
13:44:43.0434 0x0770 [ 3E7C6639E424FD28952C29D66B7E5277, B10AD3FA5CB36328C5DF33AF58F76770E2B54CFBCB70BD84934F925B8E19FA1F ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:44:43.0450 0x0770 Apple Mobile Device Service - ok
13:44:43.0484 0x0770 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
13:44:43.0520 0x0770 AppReadiness - ok
13:44:43.0570 0x0770 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
13:44:43.0642 0x0770 AppXSvc - ok
13:44:43.0651 0x0770 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
13:44:43.0723 0x0770 arcsas - ok
13:44:43.0747 0x0770 [ 30E7D7B63BE378C6DCD31434E1C5EBEB, 6F38FBD6B45506E57D4EC6C84C83F0829F280167E14B65643F583B41AA23C18B ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
13:44:43.0766 0x0770 aswHwid - ok
13:44:43.0782 0x0770 [ 6C3B7781075271AD9DFBD77BC7FBB9F7, AC53FD0EE1D7695219225440D3922EEF0B953F45F0ED3034CF5F1630A6B40607 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
13:44:43.0809 0x0770 aswMonFlt - ok
13:44:43.0830 0x0770 [ 3C04B80B49697EB7DFE5FA43620F8728, 4BC11901898348318BA807938BEA888BC54FE80ADA17C209C728F14EA4E91F21 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr2.sys
13:44:43.0912 0x0770 aswRdr - ok
13:44:43.0934 0x0770 [ AA8CB23B3B4A4B16F49CB54CA04FE0D9, A94D214B43EDAEC52656EA36C2A830E76C40B90E8F4BABEF4F16BA679A429586 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
13:44:43.0998 0x0770 aswRvrt - ok
13:44:44.0049 0x0770 [ E40965585B901AA60AF26279E09959E0, F3EACB4F1E78903D648DE75CC01642BFACA76C0605A6831EC24201292891B5DE ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
13:44:44.0119 0x0770 aswSnx - ok
13:44:44.0138 0x0770 [ B54E400C1B044D6D7D9EF95BA865741E, C929B53F53EFD15D3EE64FED23686A01F77E8F7BC74623D02D10D4CFEC3D6BF2 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
13:44:44.0155 0x0770 aswSP - ok
13:44:44.0170 0x0770 [ 0652346DF90731A87E4C7C9A9C45A8E0, 38B8A760B532254A8CB2FD6B922269A1B96BB5E5F243D130B4BBD09ED50DEDB8 ] aswStm C:\WINDOWS\system32\drivers\aswStm.sys
13:44:44.0182 0x0770 aswStm - ok
13:44:44.0206 0x0770 [ 54230972D23E6E4D034D7CB577DC784C, 7F51E81CBAFB143982AF2C68675CF0D46DD17A9A17A8805EBF628FAE84DFF8A9 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
13:44:44.0255 0x0770 aswVmm - ok
13:44:44.0283 0x0770 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
13:44:44.0332 0x0770 atapi - ok
13:44:44.0361 0x0770 [ AF6DD5993D46AF2492C19E1FF6D9A04C, 720F27791FF5D486AD07A447A4BC44D137AA245B91CE1D624E40B1DA78B6CACF ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWB6.sys
13:44:44.0408 0x0770 AtiHDAudioService - ok
13:44:44.0436 0x0770 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
13:44:44.0468 0x0770 AudioEndpointBuilder - ok
13:44:44.0507 0x0770 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
13:44:44.0541 0x0770 Audiosrv - ok
13:44:44.0578 0x0770 [ 11120878E5276B367E1A10FF8C9B595B, 7C02EEF3733307C31BAC4DA9975EC017AC40D0893D88228C30FFAA536DAA73FB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:44:44.0590 0x0770 avast! Antivirus - ok
13:44:44.0715 0x0770 [ CF5F47B708C539A40EBBDD7E4675FADA, F324726EB8E5B5A3DB74DC7E78B7141999E2677F1B607D6DEF809C1DA92D4A68 ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
13:44:44.0835 0x0770 AvastVBoxSvc - ok
13:44:44.0864 0x0770 [ 6A300AD0E23A155B2C3A7FAB0D4AABD1, AD283CC530482C0C155727C3234BFA4773C8C80B4C9912448196F83407C3CFD4 ] avmaura C:\WINDOWS\System32\drivers\avmaura.sys
13:44:44.0939 0x0770 avmaura - ok
13:44:45.0005 0x0770 [ 7692F4B242E45870873CAF4CB85CF769, 9D28627FD73F62134792528A9D2F2FCCBB0FDD7E45D8D7D816B9FC3C07AE4CA2 ] AxAutoMntSrv C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
13:44:45.0015 0x0770 AxAutoMntSrv - ok
13:44:45.0034 0x0770 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
13:44:45.0059 0x0770 AxInstSV - ok
13:44:45.0084 0x0770 [ CF3424DE4891AC43AD372ECD457B8E50, F15843F9BBC42CD59072DE652C193CDE1951FBC1B364FE8C3B65D0A45F461237 ] axscsidrv C:\WINDOWS\system32\drivers\axscsidrv.sys
13:44:45.0178 0x0770 axscsidrv - ok
13:44:45.0205 0x0770 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
13:44:45.0282 0x0770 b06bdrv - ok
13:44:45.0303 0x0770 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
13:44:45.0397 0x0770 BasicDisplay - ok
13:44:45.0429 0x0770 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
13:44:45.0504 0x0770 BasicRender - ok
13:44:45.0519 0x0770 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
13:44:45.0581 0x0770 bcmfn2 - ok
13:44:45.0621 0x0770 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
13:44:45.0654 0x0770 BDESVC - ok
13:44:45.0659 0x0770 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:44:45.0790 0x0770 Beep - ok
13:44:45.0834 0x0770 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\WINDOWS\System32\bfe.dll
13:44:45.0888 0x0770 BFE - ok
13:44:45.0922 0x0770 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
13:44:45.0965 0x0770 BITS - ok
13:44:45.0998 0x0770 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:44:46.0015 0x0770 Bonjour Service - ok
13:44:46.0031 0x0770 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
13:44:46.0106 0x0770 bowser - ok
13:44:46.0137 0x0770 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
13:44:46.0167 0x0770 BrokerInfrastructure - ok
13:44:46.0190 0x0770 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
13:44:46.0218 0x0770 Browser - ok
13:44:46.0232 0x0770 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
13:44:46.0259 0x0770 BthAvrcpTg - ok
13:44:46.0275 0x0770 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
13:44:46.0336 0x0770 BthHFEnum - ok
13:44:46.0340 0x0770 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
13:44:46.0399 0x0770 bthhfhid - ok
13:44:46.0429 0x0770 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
13:44:46.0452 0x0770 BthHFSrv - ok
13:44:46.0470 0x0770 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
13:44:46.0547 0x0770 BTHMODEM - ok
13:44:46.0582 0x0770 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
13:44:46.0600 0x0770 bthserv - ok
13:44:46.0612 0x0770 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
13:44:46.0666 0x0770 cdfs - ok
13:44:46.0684 0x0770 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
13:44:46.0779 0x0770 cdrom - ok
13:44:46.0805 0x0770 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
13:44:46.0832 0x0770 CertPropSvc - ok
13:44:46.0849 0x0770 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
13:44:46.0906 0x0770 circlass - ok
13:44:46.0939 0x0770 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
13:44:46.0972 0x0770 CLFS - ok
13:44:46.0986 0x0770 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
13:44:47.0044 0x0770 CmBatt - ok
13:44:47.0058 0x0770 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
13:44:47.0172 0x0770 CNG - ok
13:44:47.0187 0x0770 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
13:44:47.0257 0x0770 CompositeBus - ok
13:44:47.0262 0x0770 COMSysApp - ok
13:44:47.0282 0x0770 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
13:44:47.0337 0x0770 condrv - ok
13:44:47.0366 0x0770 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
13:44:47.0389 0x0770 CryptSvc - ok
13:44:47.0407 0x0770 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
13:44:47.0457 0x0770 dam - ok
13:44:47.0477 0x0770 [ 881D881EA7B54BA294F01FD028F034BD, F79569D463C98374DEE491D0C6FD1D916E27CFB8B0529113B8229C9751DDBDD8 ] dc3d C:\WINDOWS\System32\drivers\dc3d.sys
13:44:47.0490 0x0770 dc3d - ok
13:44:47.0534 0x0770 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:44:47.0587 0x0770 DcomLaunch - ok
13:44:47.0625 0x0770 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
13:44:47.0670 0x0770 defragsvc - ok
13:44:47.0698 0x0770 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
13:44:47.0736 0x0770 DeviceAssociationService - ok
13:44:47.0768 0x0770 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
13:44:47.0804 0x0770 DeviceInstall - ok
13:44:47.0825 0x0770 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
13:44:47.0950 0x0770 Dfsc - ok
13:44:47.0982 0x0770 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
13:44:48.0003 0x0770 Dhcp - ok
13:44:48.0073 0x0770 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
13:44:48.0155 0x0770 DiagTrack - ok
13:44:48.0174 0x0770 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
13:44:48.0254 0x0770 disk - ok
13:44:48.0269 0x0770 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
13:44:48.0310 0x0770 dmvsc - ok
13:44:48.0336 0x0770 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:44:48.0354 0x0770 Dnscache - ok
13:44:48.0380 0x0770 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
13:44:48.0408 0x0770 dot3svc - ok
13:44:48.0435 0x0770 [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
13:44:48.0478 0x0770 dot4 - ok
13:44:48.0493 0x0770 [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print C:\WINDOWS\System32\drivers\Dot4Prt.sys
13:44:48.0555 0x0770 Dot4Print - ok
13:44:48.0560 0x0770 [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
13:44:48.0575 0x0770 dot4usb - ok
13:44:48.0611 0x0770 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
13:44:48.0628 0x0770 DPS - ok
13:44:48.0654 0x0770 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:44:48.0699 0x0770 drmkaud - ok
13:44:48.0722 0x0770 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
13:44:48.0740 0x0770 DsmSvc - ok
13:44:48.0794 0x0770 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
13:44:48.0970 0x0770 DXGKrnl - ok
13:44:49.0013 0x0770 [ F2397C6E0212802C6DAB9D338F920B84, 30542EF4E8DB7EA0310BDC861FAC7091836B682D0FC864E512FB5A8FC3725A03 ] DymoPnpService C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
13:44:49.0021 0x0770 DymoPnpService - ok
13:44:49.0033 0x0770 [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
13:44:49.0102 0x0770 e1iexpress - ok
13:44:49.0132 0x0770 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
13:44:49.0156 0x0770 Eaphost - ok
13:44:49.0245 0x0770 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
13:44:49.0357 0x0770 ebdrv - ok
13:44:49.0375 0x0770 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
13:44:49.0388 0x0770 EFS - ok
13:44:49.0408 0x0770 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
13:44:49.0446 0x0770 EhStorClass - ok
13:44:49.0459 0x0770 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
13:44:49.0522 0x0770 EhStorTcgDrv - ok
13:44:49.0542 0x0770 [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc C:\WINDOWS\system32\EscSvc64.exe
13:44:49.0553 0x0770 EpsonScanSvc - ok
13:44:49.0557 0x0770 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
13:44:49.0600 0x0770 ErrDev - ok
13:44:49.0647 0x0770 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
13:44:49.0680 0x0770 EventSystem - ok
13:44:49.0697 0x0770 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
13:44:49.0761 0x0770 exfat - ok
13:44:49.0770 0x0770 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
13:44:49.0849 0x0770 fastfat - ok
13:44:49.0889 0x0770 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
13:44:49.0929 0x0770 Fax - ok
13:44:49.0941 0x0770 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
13:44:49.0973 0x0770 fdc - ok
13:44:49.0998 0x0770 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
13:44:50.0025 0x0770 fdPHost - ok
13:44:50.0045 0x0770 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
13:44:50.0068 0x0770 FDResPub - ok
13:44:50.0091 0x0770 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
13:44:50.0118 0x0770 fhsvc - ok
13:44:50.0131 0x0770 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
13:44:50.0168 0x0770 FileInfo - ok
13:44:50.0182 0x0770 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
13:44:50.0220 0x0770 Filetrace - ok
13:44:50.0230 0x0770 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
13:44:50.0344 0x0770 flpydisk - ok
13:44:50.0384 0x0770 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:44:50.0471 0x0770 FltMgr - ok
13:44:50.0522 0x0770 [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache C:\WINDOWS\system32\FntCache.dll
13:44:50.0608 0x0770 FontCache - ok
13:44:50.0671 0x0770 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:44:50.0684 0x0770 FontCache3.0.0.0 - ok
13:44:50.0709 0x0770 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
13:44:50.0740 0x0770 FsDepends - ok
13:44:50.0752 0x0770 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:44:50.0803 0x0770 Fs_Rec - ok
13:44:50.0840 0x0770 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
13:44:50.0973 0x0770 fvevol - ok
13:44:50.0986 0x0770 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
13:44:51.0054 0x0770 FxPPM - ok
13:44:51.0060 0x0770 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
13:44:51.0138 0x0770 gagp30kx - ok
13:44:51.0159 0x0770 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
13:44:51.0185 0x0770 gencounter - ok
13:44:51.0211 0x0770 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
13:44:51.0235 0x0770 GPIOClx0101 - ok
13:44:51.0286 0x0770 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
13:44:51.0353 0x0770 gpsvc - ok
13:44:51.0396 0x0770 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:44:51.0407 0x0770 gupdate - ok
13:44:51.0413 0x0770 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:44:51.0423 0x0770 gupdatem - ok
13:44:51.0448 0x0770 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
13:44:51.0501 0x0770 HdAudAddService - ok
13:44:51.0532 0x0770 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
13:44:51.0596 0x0770 HDAudBus - ok
13:44:51.0608 0x0770 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
13:44:51.0643 0x0770 HidBatt - ok
13:44:51.0668 0x0770 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
13:44:51.0733 0x0770 HidBth - ok
13:44:51.0751 0x0770 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
13:44:51.0770 0x0770 hidi2c - ok
13:44:51.0775 0x0770 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
13:44:51.0819 0x0770 HidIr - ok
13:44:51.0840 0x0770 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
13:44:51.0868 0x0770 hidserv - ok
13:44:51.0888 0x0770 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
13:44:51.0968 0x0770 HidUsb - ok
13:44:51.0991 0x0770 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
13:44:52.0017 0x0770 hkmsvc - ok
13:44:52.0046 0x0770 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
13:44:52.0088 0x0770 HomeGroupListener - ok
13:44:52.0115 0x0770 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
13:44:52.0138 0x0770 HomeGroupProvider - ok
13:44:52.0145 0x0770 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
13:44:52.0177 0x0770 HpSAMD - ok
13:44:52.0224 0x0770 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
13:44:52.0321 0x0770 HTTP - ok
13:44:52.0335 0x0770 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
13:44:52.0398 0x0770 hwpolicy - ok
13:44:52.0422 0x0770 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
13:44:52.0451 0x0770 hyperkbd - ok
13:44:52.0456 0x0770 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
13:44:52.0486 0x0770 HyperVideo - ok
13:44:52.0508 0x0770 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
13:44:52.0538 0x0770 i8042prt - ok
13:44:52.0544 0x0770 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
13:44:52.0587 0x0770 iaLPSSi_GPIO - ok
13:44:52.0592 0x0770 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
13:44:52.0643 0x0770 iaLPSSi_I2C - ok
13:44:52.0672 0x0770 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
13:44:52.0759 0x0770 iaStorAV - ok
13:44:52.0772 0x0770 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
13:44:52.0825 0x0770 iaStorV - ok
13:44:52.0859 0x0770 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:44:52.0865 0x0770 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:44:53.0104 0x0770 Detect skipped due to KSN trusted
13:44:53.0104 0x0770 IDriverT - ok
13:44:53.0109 0x0770 IEEtwCollectorService - ok
13:44:53.0168 0x0770 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
13:44:53.0228 0x0770 IKEEXT - ok
13:44:53.0331 0x0770 [ 7696A7DD814ECEDE5DF5A2243C6B2457, DB9173F3A8FF627D81FE923A3F6DD0FC7F944552C2DFC0D51B8FF8EDAC47076A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
13:44:53.0505 0x0770 IntcAzAudAddService - ok
13:44:53.0515 0x0770 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
13:44:53.0552 0x0770 intelide - ok
13:44:53.0581 0x0770 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
13:44:53.0603 0x0770 intelpep - ok
13:44:53.0609 0x0770 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
13:44:53.0634 0x0770 intelppm - ok
13:44:53.0640 0x0770 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:44:53.0697 0x0770 IpFilterDriver - ok
13:44:53.0737 0x0770 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
13:44:53.0775 0x0770 iphlpsvc - ok
13:44:53.0800 0x0770 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
13:44:53.0833 0x0770 IPMIDRV - ok
13:44:53.0857 0x0770 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
13:44:53.0904 0x0770 IPNAT - ok
13:44:53.0955 0x0770 [ 57A85230DA22ABCFD9AF2E5A3D946F41, 9E9217FF5AB64D06D79632B9F9CEDABA10F744C40896D7622D0FD397FD0E99BF ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:44:53.0979 0x0770 iPod Service - ok
13:44:53.0985 0x0770 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
13:44:54.0041 0x0770 IRENUM - ok
13:44:54.0059 0x0770 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
13:44:54.0093 0x0770 isapnp - ok
13:44:54.0128 0x0770 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
13:44:54.0170 0x0770 iScsiPrt - ok
13:44:54.0192 0x0770 [ E2CFDA7E9606FD5ECAB93E4817414661, F60A1EFFD7EB9D69620E971AB30D3FF4138D233A6EDE51CFD1BE8CCB5776E321 ] JME Keyboard C:\Windows\jmesoft\Service.exe
13:44:54.0198 0x0770 JME Keyboard - detected UnsignedFile.Multi.Generic ( 1 )
13:44:54.0455 0x0770 Detect skipped due to KSN trusted
13:44:54.0455 0x0770 JME Keyboard - ok
13:44:54.0467 0x0770 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
13:44:54.0517 0x0770 kbdclass - ok
13:44:54.0539 0x0770 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
13:44:54.0568 0x0770 kbdhid - ok
13:44:54.0579 0x0770 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
13:44:54.0621 0x0770 kdnic - ok
13:44:54.0647 0x0770 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
13:44:54.0660 0x0770 KeyIso - ok
13:44:54.0689 0x0770 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
13:44:54.0723 0x0770 KSecDD - ok
13:44:54.0740 0x0770 [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
13:44:54.0772 0x0770 KSecPkg - ok
13:44:54.0787 0x0770 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
13:44:54.0811 0x0770 ksthunk - ok
13:44:54.0833 0x0770 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
13:44:54.0863 0x0770 KtmRm - ok
13:44:54.0888 0x0770 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
13:44:54.0919 0x0770 LanmanServer - ok
13:44:54.0945 0x0770 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:44:54.0973 0x0770 LanmanWorkstation - ok
13:44:55.0017 0x0770 [ 5631095B320DF338CD9DB302826D7CCE, 21DAF562371850ABB085E53C0498F2C5BA35EB515FA49CB6903F23F261084B13 ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
13:44:55.0038 0x0770 Lenovo EasyPlus Hotspot - ok
13:44:55.0073 0x0770 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
13:44:55.0104 0x0770 lfsvc - ok
13:44:55.0119 0x0770 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
13:44:55.0165 0x0770 lltdio - ok
13:44:55.0188 0x0770 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
13:44:55.0207 0x0770 lltdsvc - ok
13:44:55.0234 0x0770 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
13:44:55.0253 0x0770 lmhosts - ok
13:44:55.0332 0x0770 [ B3509057024874A853FBB4497E4B5F5A, 038D39E6FE78D71A1D46609E295D2E8A52ED5055D90B9C2888A67D9EE3633E04 ] LongshineUDSMBus C:\WINDOWS\syswow64\Drivers\LongshineUDSMBus.sys
13:44:55.0348 0x0770 LongshineUDSMBus - ok
13:44:55.0363 0x0770 [ 85827E785F5BD6BB56953811503F6EE7, F7B563A1BAC9B335E8A6010CC787B47A30F2985B0A089BF0B2AB98BBFA0104E2 ] LongshineUDSTcpBus C:\WINDOWS\syswow64\Drivers\LongshineUDSTcpBus.sys
13:44:55.0390 0x0770 LongshineUDSTcpBus - ok
13:44:55.0472 0x0770 [ 25F003B378E831514587DC6155781227, 7E68BED3721B9B917DDF215E572EEC4D1B30805CB8C274222450F65AA6B9D945 ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
13:44:55.0486 0x0770 LSCWinService - ok
13:44:55.0508 0x0770 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
13:44:55.0553 0x0770 LSI_SAS - ok
13:44:55.0559 0x0770 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
13:44:55.0594 0x0770 LSI_SAS2 - ok
13:44:55.0619 0x0770 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
13:44:55.0661 0x0770 LSI_SAS3 - ok
13:44:55.0668 0x0770 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
13:44:55.0688 0x0770 LSI_SSS - ok
13:44:55.0723 0x0770 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
13:44:55.0768 0x0770 LSM - ok
13:44:55.0790 0x0770 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
13:44:55.0845 0x0770 luafv - ok
13:44:55.0880 0x0770 [ 1F02B554DDC4086D786537A3BF6488F1, 419B8FC4AD9542DEC61F5F689F715ECBB2A49B0D591292FDF31AFCDAB9AF4FD1 ] lxecCATSCustConnectService C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxecserv.exe
13:44:56.0009 0x0770 lxecCATSCustConnectService - ok
13:44:56.0015 0x0770 lxec_device - ok
13:44:56.0043 0x0770 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
13:44:56.0065 0x0770 MBAMProtector - ok
13:44:56.0143 0x0770 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
13:44:56.0183 0x0770 MBAMService - ok
13:44:56.0211 0x0770 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
13:44:56.0264 0x0770 MBAMWebAccessControl - ok
13:44:56.0270 0x0770 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
13:44:56.0295 0x0770 megasas - ok
13:44:56.0324 0x0770 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
13:44:56.0381 0x0770 megasr - ok
13:44:56.0401 0x0770 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
13:44:56.0427 0x0770 MMCSS - ok
13:44:56.0443 0x0770 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
13:44:56.0531 0x0770 Modem - ok
13:44:56.0542 0x0770 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
13:44:56.0581 0x0770 monitor - ok
13:44:56.0607 0x0770 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
13:44:56.0664 0x0770 mouclass - ok
13:44:56.0693 0x0770 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
13:44:56.0740 0x0770 mouhid - ok
13:44:56.0765 0x0770 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
13:44:56.0803 0x0770 mountmgr - ok
13:44:56.0832 0x0770 [ C34AB4280614658903BE848CE79ACDB5, 9A943D9B3CF941DAE4EA4E2771B5EC5DA37AB16AD43095EF092B4259D62FF810 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:44:56.0844 0x0770 MozillaMaintenance - ok
13:44:56.0875 0x0770 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
13:44:56.0939 0x0770 mpsdrv - ok
13:44:56.0980 0x0770 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
13:44:57.0013 0x0770 MpsSvc - ok
13:44:57.0034 0x0770 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
13:44:57.0098 0x0770 MRxDAV - ok
13:44:57.0118 0x0770 [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:44:57.0171 0x0770 mrxsmb - ok
13:44:57.0206 0x0770 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
13:44:57.0251 0x0770 mrxsmb10 - ok
13:44:57.0260 0x0770 [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
13:44:57.0334 0x0770 mrxsmb20 - ok
13:44:57.0366 0x0770 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
13:44:57.0404 0x0770 MsBridge - ok
13:44:57.0421 0x0770 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:44:57.0438 0x0770 MSDTC - ok
13:44:57.0459 0x0770 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:44:57.0550 0x0770 Msfs - ok
13:44:57.0582 0x0770 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
13:44:57.0613 0x0770 msgpiowin32 - ok
13:44:57.0624 0x0770 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
13:44:57.0674 0x0770 mshidkmdf - ok
13:44:57.0685 0x0770 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
13:44:57.0735 0x0770 mshidumdf - ok
13:44:57.0756 0x0770 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
13:44:57.0773 0x0770 msisadrv - ok
13:44:57.0815 0x0770 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
13:44:57.0835 0x0770 MSiSCSI - ok
13:44:57.0840 0x0770 msiserver - ok
13:44:57.0857 0x0770 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:44:57.0886 0x0770 MSKSSRV - ok
13:44:57.0909 0x0770 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
13:44:57.0949 0x0770 MsLldp - ok
13:44:57.0969 0x0770 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:44:58.0017 0x0770 MSPCLOCK - ok
13:44:58.0034 0x0770 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:44:58.0081 0x0770 MSPQM - ok
13:44:58.0113 0x0770 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
13:44:58.0164 0x0770 MsRPC - ok
13:44:58.0175 0x0770 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
13:44:58.0213 0x0770 mssmbios - ok
13:44:58.0218 0x0770 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:44:58.0251 0x0770 MSTEE - ok
13:44:58.0256 0x0770 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
13:44:58.0295 0x0770 MTConfig - ok
13:44:58.0313 0x0770 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
13:44:58.0350 0x0770 Mup - ok
13:44:58.0424 0x0770 [ ACB10729DD399134FCA86F227E9F231C, 4BA8C582A311F959CD845945643A8F516D663E4CCC6C1F8FE243A5DECA075F88 ] MustangService_2015_10_10 C:\ProgramData\TempMoudleSet\MustangSer1437.exe
13:44:58.0436 0x0770 MustangService_2015_10_10 - ok
13:44:58.0453 0x0770 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
13:44:58.0487 0x0770 mvumis - ok
13:44:58.0516 0x0770 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
13:44:58.0550 0x0770 napagent - ok
13:44:58.0581 0x0770 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
13:44:58.0670 0x0770 NativeWifiP - ok
13:44:58.0688 0x0770 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
13:44:58.0716 0x0770 NcaSvc - ok
13:44:58.0740 0x0770 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
13:44:58.0766 0x0770 NcbService - ok
13:44:58.0798 0x0770 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
13:44:58.0834 0x0770 NcdAutoSetup - ok
13:44:58.0884 0x0770 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
13:44:58.0975 0x0770 NDIS - ok
13:44:59.0001 0x0770 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
13:44:59.0033 0x0770 NdisCap - ok
13:44:59.0055 0x0770 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
13:44:59.0139 0x0770 NdisImPlatform - ok
13:44:59.0164 0x0770 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:44:59.0214 0x0770 NdisTapi - ok
13:44:59.0225 0x0770 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:44:59.0281 0x0770 Ndisuio - ok
13:44:59.0308 0x0770 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
13:44:59.0393 0x0770 NdisVirtualBus - ok
13:44:59.0411 0x0770 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:44:59.0459 0x0770 NdisWan - ok
13:44:59.0468 0x0770 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:44:59.0501 0x0770 NdisWanLegacy - ok
13:44:59.0525 0x0770 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:44:59.0582 0x0770 NDProxy - ok
13:44:59.0594 0x0770 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
13:44:59.0665 0x0770 Ndu - ok
13:44:59.0685 0x0770 [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl64.sys
13:44:59.0720 0x0770 Netaapl - ok
13:44:59.0725 0x0770 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:44:59.0753 0x0770 NetBIOS - ok
13:44:59.0784 0x0770 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:44:59.0832 0x0770 NetBT - ok
13:44:59.0863 0x0770 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
13:44:59.0877 0x0770 Netlogon - ok
13:44:59.0905 0x0770 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
13:44:59.0934 0x0770 Netman - ok
13:44:59.0969 0x0770 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
13:44:59.0998 0x0770 netprofm - ok
13:45:00.0159 0x0770 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:45:00.0203 0x0770 NetTcpPortSharing - ok
13:45:00.0229 0x0770 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
13:45:00.0254 0x0770 netvsc - ok
13:45:00.0347 0x0770 [ 3483D44E1B24F17E622870801403AD13, EF9C5290777A4E277D47C87A174FF9441BE23CAD2F456D35B808463041F4675C ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwew00.sys
13:45:00.0504 0x0770 NETwNe64 - ok
13:45:00.0553 0x0770 [ 8AED7DEF1F9659C911E1B1C9DD3CE8CD, 3ECFF30C8D8E7CF4514055F4E63B36C900EF104ECC75F804B11AF6307874153B ] ngvss C:\WINDOWS\system32\drivers\ngvss.sys
13:45:00.0596 0x0770 ngvss - ok
13:45:00.0640 0x0770 [ 02E736F9861F1A6134736CF7473C513F, 7C574A50980885B213EFC0C394AFE613879B669246A4EA5EA6B5F791F7F6F32E ] NitroDriverReadSpool9 C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
13:45:00.0653 0x0770 NitroDriverReadSpool9 - ok
13:45:00.0694 0x0770 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
13:45:00.0728 0x0770 NlaSvc - ok
13:45:00.0788 0x0770 [ CD2C0C25ECFCF816306126D3C208614B, C0C8B59BDDB349A593DFF5107841EB76618631C867D7C8F234C9ECBD76713CB0 ] nlsX86cc C:\WINDOWS\SysWOW64\NLSSRV32.EXE
13:45:00.0798 0x0770 nlsX86cc - ok
13:45:00.0813 0x0770 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:45:00.0844 0x0770 Npfs - ok
13:45:00.0855 0x0770 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
13:45:00.0905 0x0770 npsvctrig - ok
13:45:00.0940 0x0770 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
13:45:00.0970 0x0770 nsi - ok
13:45:00.0987 0x0770 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
13:45:01.0016 0x0770 nsiproxy - ok
13:45:01.0090 0x0770 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:45:01.0207 0x0770 Ntfs - ok
13:45:01.0232 0x0770 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
13:45:01.0282 0x0770 Null - ok
13:45:01.0294 0x0770 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
13:45:01.0372 0x0770 nvraid - ok
13:45:01.0391 0x0770 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
13:45:01.0424 0x0770 nvstor - ok
13:45:01.0431 0x0770 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
13:45:01.0461 0x0770 nv_agp - ok
13:45:01.0543 0x0770 [ FC6F34109BEBB4F6074224FBB71864EF, AD663BE7D49D965419EBFE8D590914C2D199A0632C7FAF5201B09B6114F87422 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
13:45:01.0609 0x0770 OODefragAgent - ok
13:45:01.0649 0x0770 [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:45:01.0663 0x0770 ose64 - ok
13:45:01.0714 0x0770 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
13:45:01.0754 0x0770 p2pimsvc - ok
13:45:01.0785 0x0770 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
13:45:01.0821 0x0770 p2psvc - ok
13:45:01.0839 0x0770 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
13:45:01.0903 0x0770 Parport - ok
13:45:01.0925 0x0770 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
13:45:01.0956 0x0770 partmgr - ok
13:45:01.0983 0x0770 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
13:45:02.0017 0x0770 PcaSvc - ok
13:45:02.0039 0x0770 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
13:45:02.0068 0x0770 pci - ok
13:45:02.0085 0x0770 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
13:45:02.0119 0x0770 pciide - ok
13:45:02.0134 0x0770 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
13:45:02.0169 0x0770 pcmcia - ok
13:45:02.0176 0x0770 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
13:45:02.0218 0x0770 pcw - ok
13:45:02.0243 0x0770 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
13:45:02.0282 0x0770 pdc - ok
13:45:02.0330 0x0770 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
13:45:02.0370 0x0770 PEAUTH - ok
13:45:02.0405 0x0770 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
13:45:02.0428 0x0770 PerfHost - ok
13:45:02.0498 0x0770 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
13:45:02.0552 0x0770 pla - ok
13:45:02.0576 0x0770 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
13:45:02.0601 0x0770 PlugPlay - ok
13:45:02.0635 0x0770 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
13:45:02.0654 0x0770 PNRPAutoReg - ok
13:45:02.0681 0x0770 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
13:45:02.0702 0x0770 PNRPsvc - ok
13:45:02.0735 0x0770 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
13:45:02.0764 0x0770 PolicyAgent - ok
13:45:02.0799 0x0770 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
13:45:02.0828 0x0770 Power - ok
13:45:03.0155 0x0770 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
13:45:03.0246 0x0770 PrintNotify - ok
13:45:03.0283 0x0770 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
13:45:03.0322 0x0770 Processor - ok
13:45:03.0346 0x0770 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
13:45:03.0377 0x0770 ProfSvc - ok
13:45:03.0400 0x0770 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
13:45:03.0471 0x0770 Psched - ok
13:45:03.0498 0x0770 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
13:45:03.0530 0x0770 QWAVE - ok
13:45:03.0551 0x0770 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
13:45:03.0588 0x0770 QWAVEdrv - ok
13:45:03.0608 0x0770 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:45:03.0640 0x0770 RasAcd - ok
13:45:03.0664 0x0770 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:45:03.0679 0x0770 RasAuto - ok
13:45:03.0710 0x0770 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:45:03.0747 0x0770 RasMan - ok
13:45:03.0753 0x0770 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:45:03.0798 0x0770 RasPppoe - ok
13:45:03.0823 0x0770 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:45:03.0900 0x0770 rdbss - ok
13:45:03.0916 0x0770 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
13:45:03.0950 0x0770 rdpbus - ok
13:45:03.0963 0x0770 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
13:45:03.0993 0x0770 RDPDR - ok
13:45:04.0017 0x0770 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
13:45:04.0073 0x0770 RdpVideoMiniport - ok
13:45:04.0096 0x0770 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
13:45:04.0127 0x0770 rdyboost - ok
13:45:04.0164 0x0770 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
13:45:04.0216 0x0770 ReFS - ok
13:45:04.0243 0x0770 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:45:04.0260 0x0770 RemoteAccess - ok
13:45:04.0278 0x0770 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:45:04.0299 0x0770 RemoteRegistry - ok
13:45:04.0373 0x0770 [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
13:45:04.0389 0x0770 RichVideo64 - ok
13:45:04.0408 0x0770 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
13:45:04.0437 0x0770 RpcEptMapper - ok
13:45:04.0467 0x0770 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
13:45:04.0485 0x0770 RpcLocator - ok
13:45:04.0525 0x0770 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:45:04.0568 0x0770 RpcSs - ok
13:45:04.0589 0x0770 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
13:45:04.0662 0x0770 rspndr - ok
13:45:04.0687 0x0770 [ 99E927EA78E4B20F02B4B900F6FAB569, C4F6EC9B3BA4FA39926673F39BA3A183CDB7FFC04404F115779C7397C482A795 ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys
13:45:04.0731 0x0770 RSUSBVSTOR - ok
13:45:04.0769 0x0770 [ 948D5E71CF9DB59961353A355EA45139, A23D012B07A92CC217C67C904CDFBA2BCCDCC2BD49B24FB694BD230D000F2B7B ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
13:45:04.0836 0x0770 RTL8168 - ok
13:45:04.0859 0x0770 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
13:45:04.0873 0x1738 Object required for P2P: [ 11120878E5276B367E1A10FF8C9B595B ] avast! Antivirus
13:45:04.0912 0x0770 s3cap - ok
13:45:04.0925 0x0770 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
13:45:04.0938 0x0770 SamSs - ok
13:45:04.0957 0x0770 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
13:45:04.0978 0x0770 sbp2port - ok
13:45:05.0000 0x0770 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
13:45:05.0028 0x0770 SCardSvr - ok
13:45:05.0030 0x1738 Object send P2P result: true
13:45:05.0061 0x0770 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
13:45:05.0065 0x1738 Object required for P2P: [ ACB10729DD399134FCA86F227E9F231C ] MustangService_2015_10_10
13:45:05.0083 0x0770 ScDeviceEnum - ok
13:45:05.0096 0x0770 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
13:45:05.0142 0x0770 scfilter - ok
13:45:05.0201 0x0770 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:45:05.0206 0x1738 Object send P2P result: true
13:45:05.0277 0x0770 Schedule - ok
13:45:05.0297 0x0770 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
13:45:05.0313 0x0770 SCPolicySvc - ok
13:45:05.0339 0x0770 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
13:45:05.0398 0x0770 sdbus - ok
13:45:05.0447 0x0770 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
13:45:05.0490 0x0770 sdstor - ok
13:45:05.0513 0x0770 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
13:45:05.0575 0x0770 secdrv - ok
13:45:05.0595 0x0770 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
13:45:05.0610 0x0770 seclogon - ok
13:45:05.0626 0x0770 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
13:45:05.0643 0x0770 SENS - ok
13:45:05.0666 0x0770 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
13:45:05.0688 0x0770 SensrSvc - ok
13:45:05.0698 0x0770 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
13:45:05.0746 0x0770 SerCx - ok
13:45:05.0786 0x0770 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
13:45:05.0828 0x0770 SerCx2 - ok
13:45:05.0844 0x0770 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
13:45:05.0940 0x0770 Serenum - ok
13:45:05.0947 0x0770 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
13:45:05.0979 0x0770 Serial - ok
13:45:06.0006 0x0770 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
13:45:06.0058 0x0770 sermouse - ok
13:45:06.0083 0x0770 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
13:45:06.0116 0x0770 SessionEnv - ok
13:45:06.0130 0x0770 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
13:45:06.0174 0x0770 sfloppy - ok
13:45:06.0222 0x0770 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:45:06.0249 0x0770 SharedAccess - ok
13:45:06.0283 0x0770 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:45:06.0331 0x0770 ShellHWDetection - ok
13:45:06.0351 0x0770 [ 8C61B219882C9C9ECA09BEDB82B0DDB1, 711681040D9CD93D603F55AB8D62371F5D51917C14818F27859E23E2D60EB18F ] silabenm C:\WINDOWS\system32\DRIVERS\silabenm.sys
13:45:06.0391 0x0770 silabenm - ok
13:45:06.0416 0x0770 [ 2641655FAD6C1EA0F3677978E2BF28C1, E703CE74D09E901BF531589E181DCF95B9C63E09FE1B99E38DEA9EE47EE458BA ] silabser C:\WINDOWS\system32\DRIVERS\silabser.sys
13:45:06.0428 0x0770 silabser - ok
13:45:06.0443 0x0770 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
13:45:06.0501 0x0770 SiSRaid2 - ok
13:45:06.0506 0x0770 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
13:45:06.0531 0x0770 SiSRaid4 - ok
13:45:06.0606 0x0770 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
13:45:06.0658 0x0770 smphost - ok
13:45:06.0709 0x0770 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
13:45:06.0735 0x0770 SNMPTRAP - ok
13:45:06.0779 0x0770 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
13:45:06.0835 0x0770 spaceport - ok
13:45:06.0846 0x0770 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
13:45:06.0890 0x0770 SpbCx - ok
13:45:06.0932 0x0770 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
13:45:07.0011 0x0770 Spooler - ok
13:45:07.0175 0x0770 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
13:45:07.0397 0x0770 sppsvc - ok
13:45:07.0426 0x0770 [ 74D30C2EF66C2EB19F17ED5423AA8038, F79AB2B2B60620565FB2169255F95F4B37F6113F0AF776D1BAD02681EBE0DB54 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
13:45:07.0467 0x0770 sptd - ok
13:45:07.0492 0x0770 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:45:07.0542 0x0770 srv - ok
13:45:07.0577 0x0770 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
13:45:07.0667 0x0770 srv2 - ok
13:45:07.0696 0x0770 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
13:45:07.0742 0x0770 srvnet - ok
13:45:07.0760 0x0770 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:45:07.0782 0x0770 SSDPSRV - ok
13:45:07.0801 0x0770 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
13:45:07.0821 0x0770 SstpSvc - ok
13:45:07.0980 0x0770 [ 0A21F4F24F41EE0F8B56C58A2DE1C03C, E10509296D217040C610397884D1552B73CF134EB7BABCADD85A065710D27AC8 ] StarMoney 10 OnlineUpdate C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
13:45:08.0010 0x0770 StarMoney 10 OnlineUpdate - ok
13:45:08.0085 0x0770 [ E5C796B621F6FBA8616511063D7F0FFE, 447FA64F552D4B04AD029E01485B4438A70D9B9B98EB49A883D5B17ED4C1D52F ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
13:45:08.0098 0x0770 StarWindServiceAE - detected UnsignedFile.Multi.Generic ( 1 )
13:45:09.0035 0x0770 Detect skipped due to KSN trusted
13:45:09.0035 0x0770 StarWindServiceAE - ok
13:45:09.0043 0x0770 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
13:45:09.0060 0x0770 stexstor - ok
13:45:09.0079 0x0770 [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
13:45:09.0134 0x0770 StillCam - ok
13:45:09.0157 0x0770 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
13:45:09.0214 0x0770 stisvc - ok
13:45:09.0222 0x0770 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
13:45:09.0261 0x0770 storahci - ok
13:45:09.0277 0x0770 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
13:45:09.0317 0x0770 storflt - ok
13:45:09.0338 0x0770 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
13:45:09.0366 0x0770 stornvme - ok
13:45:09.0393 0x0770 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
13:45:09.0440 0x0770 StorSvc - ok
13:45:09.0445 0x0770 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
13:45:09.0476 0x0770 storvsc - ok
13:45:09.0490 0x0770 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
13:45:09.0513 0x0770 svsvc - ok
13:45:09.0527 0x0770 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
13:45:09.0556 0x0770 swenum - ok
13:45:09.0583 0x0770 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
13:45:09.0614 0x0770 swprv - ok
13:45:09.0691 0x0770 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
13:45:09.0741 0x0770 SysMain - ok
13:45:09.0769 0x0770 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
13:45:09.0802 0x0770 SystemEventsBroker - ok
13:45:09.0822 0x0770 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
13:45:09.0861 0x0770 TabletInputService - ok
13:45:09.0896 0x0770 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:45:09.0929 0x0770 TapiSrv - ok
13:45:10.0004 0x0770 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
13:45:10.0154 0x0770 Tcpip - ok
13:45:10.0210 0x0770 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:45:10.0315 0x0770 TCPIP6 - ok
13:45:10.0346 0x0770 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
13:45:10.0415 0x0770 tcpipreg - ok
13:45:10.0440 0x0770 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
13:45:10.0508 0x0770 tdx - ok
13:45:10.0521 0x0770 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
13:45:10.0552 0x0770 terminpt - ok
13:45:10.0598 0x0770 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
13:45:10.0656 0x0770 TermService - ok
13:45:10.0687 0x0770 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
13:45:10.0703 0x0770 Themes - ok
13:45:10.0727 0x0770 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
13:45:10.0768 0x0770 THREADORDER - ok
13:45:10.0810 0x0770 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
13:45:10.0858 0x0770 TimeBroker - ok
13:45:10.0868 0x0770 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
13:45:10.0909 0x0770 TPM - ok
13:45:10.0929 0x0770 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
13:45:10.0947 0x0770 TrkWks - ok
13:45:10.0989 0x0770 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
13:45:11.0005 0x0770 TrustedInstaller - ok
13:45:11.0021 0x0770 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
13:45:11.0084 0x0770 TsUsbFlt - ok
13:45:11.0110 0x0770 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
13:45:11.0159 0x0770 TsUsbGD - ok
13:45:11.0175 0x0770 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
13:45:11.0232 0x0770 tunnel - ok
13:45:11.0238 0x0770 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
13:45:11.0276 0x0770 uagp35 - ok
13:45:11.0284 0x0770 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
13:45:11.0306 0x0770 UASPStor - ok
13:45:11.0360 0x0770 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
13:45:11.0420 0x0770 UCX01000 - ok
13:45:11.0444 0x0770 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
13:45:11.0481 0x0770 udfs - ok
13:45:11.0495 0x0770 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
13:45:11.0518 0x0770 UEFI - ok
13:45:11.0542 0x0770 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
13:45:11.0565 0x0770 UI0Detect - ok
13:45:11.0571 0x0770 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
13:45:11.0601 0x0770 uliagpkx - ok
13:45:11.0609 0x0770 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
13:45:11.0641 0x0770 umbus - ok
13:45:11.0660 0x0770 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
13:45:11.0697 0x0770 UmPass - ok
13:45:11.0732 0x0770 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
13:45:11.0755 0x0770 UmRdpService - ok
13:45:11.0785 0x0770 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:45:11.0810 0x0770 upnphost - ok
13:45:11.0841 0x0770 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
13:45:11.0905 0x0770 USBAAPL64 - ok
13:45:11.0943 0x0770 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
13:45:11.0966 0x0770 usbccgp - ok
13:45:11.0981 0x0770 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
13:45:12.0018 0x0770 usbcir - ok
13:45:12.0042 0x0770 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
13:45:12.0088 0x0770 usbehci - ok
13:45:12.0125 0x0770 [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter C:\WINDOWS\system32\DRIVERS\usbfilter.sys
13:45:12.0149 0x0770 usbfilter - ok
13:45:12.0188 0x0770 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
13:45:12.0231 0x0770 usbhub - ok
13:45:12.0268 0x0770 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
13:45:12.0311 0x0770 USBHUB3 - ok
13:45:12.0334 0x0770 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
13:45:12.0379 0x0770 usbohci - ok
13:45:12.0385 0x0770 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
13:45:12.0413 0x0770 usbprint - ok
13:45:12.0432 0x0770 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\System32\drivers\usbscan.sys
13:45:12.0457 0x0770 usbscan - ok
13:45:12.0475 0x0770 [ 029DFB6E5B38ADD45561A8CE0F60B331, 09F616C1F17CB8D51D19017D6AD02479B709A713349AC69CFFED695ABFD753D2 ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
13:45:12.0511 0x0770 usbser - ok
13:45:12.0537 0x0770 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
13:45:12.0572 0x0770 USBSTOR - ok
13:45:12.0588 0x0770 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
13:45:12.0635 0x0770 usbuhci - ok
13:45:12.0666 0x0770 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
13:45:12.0740 0x0770 usbvideo - ok
13:45:12.0776 0x0770 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
13:45:12.0808 0x0770 USBXHCI - ok
13:45:12.0821 0x0770 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
13:45:12.0835 0x0770 VaultSvc - ok
13:45:12.0927 0x0770 [ 3470D2C83CA7A056B91216EA1D571304, 3189ABF6E8C08B1B0F406DB5E78F9ABD9A0AE3FF52615B681A8DEB1A38E26B83 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
13:45:12.0982 0x0770 VBoxAswDrv - ok
13:45:13.0004 0x0770 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
13:45:13.0028 0x0770 vdrvroot - ok
13:45:13.0093 0x0770 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
13:45:13.0143 0x0770 vds - ok
13:45:13.0174 0x0770 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
13:45:13.0221 0x0770 VerifierExt - ok
13:45:13.0261 0x0770 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
13:45:13.0303 0x0770 vhdmp - ok
13:45:13.0315 0x0770 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
13:45:13.0350 0x0770 viaide - ok
13:45:13.0369 0x0770 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
13:45:13.0403 0x0770 vmbus - ok
13:45:13.0408 0x0770 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
13:45:13.0426 0x0770 VMBusHID - ok
13:45:13.0451 0x0770 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
13:45:13.0476 0x0770 vmicguestinterface - ok
13:45:13.0490 0x0770 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
13:45:13.0513 0x0770 vmicheartbeat - ok
13:45:13.0526 0x0770 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
13:45:13.0550 0x0770 vmickvpexchange - ok
13:45:13.0564 0x0770 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
13:45:13.0589 0x0770 vmicrdv - ok
13:45:13.0603 0x0770 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
13:45:13.0626 0x0770 vmicshutdown - ok
13:45:13.0638 0x0770 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
13:45:13.0661 0x0770 vmictimesync - ok
13:45:13.0675 0x0770 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
13:45:13.0697 0x0770 vmicvss - ok
13:45:13.0704 0x0770 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
13:45:13.0723 0x0770 volmgr - ok
13:45:13.0734 0x0770 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
13:45:13.0765 0x0770 volmgrx - ok
13:45:13.0790 0x0770 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
13:45:13.0823 0x0770 volsnap - ok
13:45:13.0831 0x0770 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
13:45:13.0854 0x0770 vpci - ok
13:45:13.0864 0x0770 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
13:45:13.0919 0x0770 vsmraid - ok
13:45:13.0980 0x0770 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
13:45:14.0034 0x0770 VSS - ok
13:45:14.0047 0x0770 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
13:45:14.0104 0x0770 VSTXRAID - ok
13:45:14.0131 0x0770 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
13:45:14.0188 0x0770 vwifibus - ok
13:45:14.0208 0x0770 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
13:45:14.0250 0x0770 vwififlt - ok
13:45:14.0267 0x0770 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
13:45:14.0295 0x0770 vwifimp - ok
13:45:14.0320 0x0770 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
13:45:14.0346 0x0770 W32Time - ok
13:45:14.0362 0x0770 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
13:45:14.0406 0x0770 WacomPen - ok
13:45:14.0457 0x0770 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
13:45:14.0538 0x0770 wbengine - ok
13:45:14.0566 0x0770 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
13:45:14.0602 0x0770 WbioSrvc - ok
13:45:14.0628 0x0770 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
13:45:14.0652 0x0770 Wcmsvc - ok
13:45:14.0676 0x0770 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
13:45:14.0701 0x0770 wcncsvc - ok
13:45:14.0718 0x0770 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
13:45:14.0736 0x0770 WcsPlugInService - ok
13:45:14.0763 0x0770 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
13:45:14.0810 0x0770 WdBoot - ok
13:45:14.0855 0x0770 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
13:45:14.0913 0x0770 Wdf01000 - ok
13:45:14.0938 0x0770 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
13:45:15.0022 0x0770 WdFilter - ok
13:45:15.0052 0x0770 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
13:45:15.0068 0x0770 WdiServiceHost - ok
13:45:15.0074 0x0770 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
13:45:15.0092 0x0770 WdiSystemHost - ok
13:45:15.0113 0x0770 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
13:45:15.0138 0x0770 WdNisDrv - ok
13:45:15.0159 0x0770 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
13:45:15.0189 0x0770 WebClient - ok
13:45:15.0220 0x0770 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
13:45:15.0248 0x0770 Wecsvc - ok
13:45:15.0269 0x0770 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
13:45:15.0282 0x0770 WEPHOSTSVC - ok
13:45:15.0307 0x0770 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
13:45:15.0332 0x0770 wercplsupport - ok
13:45:15.0345 0x0770 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
13:45:15.0363 0x0770 WerSvc - ok
13:45:15.0375 0x0770 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
13:45:15.0399 0x0770 WFPLWFS - ok
13:45:15.0411 0x0770 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
13:45:15.0425 0x0770 WiaRpc - ok
13:45:15.0439 0x0770 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
13:45:15.0479 0x0770 WIMMount - ok
13:45:15.0533 0x0770 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
13:45:15.0579 0x0770 WinHttpAutoProxySvc - ok
13:45:15.0630 0x0770 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:45:15.0654 0x0770 Winmgmt - ok
13:45:15.0737 0x0770 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:45:15.0829 0x0770 WinRM - ok
13:45:15.0864 0x0770 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
13:45:15.0893 0x0770 WinUsb - ok
13:45:15.0942 0x0770 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
13:45:16.0009 0x0770 WlanSvc - ok
13:45:16.0045 0x0770 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
13:45:16.0109 0x0770 wlidsvc - ok
13:45:16.0137 0x0770 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
13:45:16.0183 0x0770 WmiAcpi - ok
13:45:16.0227 0x0770 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
13:45:16.0241 0x0770 wmiApSrv - ok
13:45:16.0258 0x0770 WMPNetworkSvc - ok
13:45:16.0273 0x0770 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
13:45:16.0356 0x0770 Wof - ok
13:45:16.0409 0x0770 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
13:45:16.0486 0x0770 workfolderssvc - ok
13:45:16.0506 0x0770 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
13:45:16.0536 0x0770 wpcfltr - ok
13:45:16.0557 0x0770 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
13:45:16.0582 0x0770 WPCSvc - ok
13:45:16.0606 0x0770 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
13:45:16.0638 0x0770 WPDBusEnum - ok
13:45:16.0652 0x0770 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
13:45:16.0694 0x0770 WpdUpFltr - ok
13:45:16.0707 0x0770 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:45:16.0753 0x0770 ws2ifsl - ok
13:45:16.0784 0x0770 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
13:45:16.0812 0x0770 wscsvc - ok
13:45:16.0839 0x0770 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
13:45:16.0873 0x0770 WSDPrintDevice - ok
13:45:16.0908 0x0770 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\System32\drivers\WSDScan.sys
13:45:16.0926 0x0770 WSDScan - ok
13:45:16.0930 0x0770 WSearch - ok
13:45:17.0080 0x0770 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
13:45:17.0185 0x0770 WSService - ok
13:45:17.0230 0x0770 [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\WINDOWS\system32\DRIVERS\wsvd.sys
13:45:17.0289 0x0770 wsvd - ok
13:45:17.0390 0x0770 [ FA2F8EA0DFACE3B3E935B106EDEF4150, 7BFFFAE521BF579CD33463DEB7E19CE83C69A5AB40BB71AF96C3FE141C7B16FD ] wuauserv C:\WINDOWS\system32\wuaueng.dll
13:45:17.0517 0x0770 wuauserv - ok
13:45:17.0562 0x0770 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
13:45:17.0623 0x0770 WudfPf - ok
13:45:17.0656 0x0770 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
13:45:17.0703 0x0770 WUDFRd - ok
13:45:17.0722 0x0770 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\System32\drivers\WUDFRd.sys
13:45:17.0746 0x0770 WUDFSensorLP - ok
13:45:17.0773 0x0770 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
13:45:17.0797 0x0770 wudfsvc - ok
13:45:17.0816 0x0770 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
13:45:17.0842 0x0770 WUDFWpdFs - ok
13:45:17.0851 0x0770 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
13:45:17.0875 0x0770 WUDFWpdMtp - ok
13:45:17.0933 0x0770 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
13:45:17.0984 0x0770 WwanSvc - ok
13:45:17.0995 0x0770 ================ Scan global ===============================
13:45:18.0043 0x0770 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
13:45:18.0072 0x0770 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
13:45:18.0102 0x0770 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
13:45:18.0136 0x0770 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
13:45:18.0147 0x0770 [ Global ] - ok
13:45:18.0148 0x0770 ================ Scan MBR ==================================
13:45:18.0437 0x0770 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:45:18.0676 0x0770 \Device\Harddisk0\DR0 - ok
13:45:18.0687 0x0770 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
13:45:18.0919 0x0770 \Device\Harddisk1\DR1 - ok
13:45:18.0986 0x0770 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR3
13:45:19.0490 0x0770 \Device\Harddisk2\DR3 - ok
13:45:19.0490 0x0770 ================ Scan VBR ==================================
13:45:19.0508 0x0770 [ 6108982552493CDE6C97CEC2A25774FB ] \Device\Harddisk0\DR0\Partition1
13:45:19.0613 0x0770 \Device\Harddisk0\DR0\Partition1 - ok
13:45:19.0634 0x0770 [ 3A3DF24FFC4DB2D04FD1929645A5F481 ] \Device\Harddisk0\DR0\Partition2
13:45:19.0695 0x0770 \Device\Harddisk0\DR0\Partition2 - ok
13:45:19.0722 0x0770 [ 1D97796679F1443BB8AA86AF3727BDE3 ] \Device\Harddisk0\DR0\Partition3
13:45:19.0784 0x0770 \Device\Harddisk0\DR0\Partition3 - ok
13:45:19.0821 0x0770 [ 739CFAB13C8A1DD71B45B41611ACC85A ] \Device\Harddisk0\DR0\Partition4
13:45:19.0821 0x0770 \Device\Harddisk0\DR0\Partition4 - ok
13:45:19.0827 0x0770 [ 7885FF0B6C561B81EE10DE3E1D8674AE ] \Device\Harddisk0\DR0\Partition5
13:45:19.0942 0x0770 \Device\Harddisk0\DR0\Partition5 - ok
13:45:19.0977 0x0770 [ ED12856BD4F9E990B319C0375E74AAD3 ] \Device\Harddisk0\DR0\Partition6
13:45:20.0052 0x0770 \Device\Harddisk0\DR0\Partition6 - ok
13:45:20.0055 0x0770 [ 3B35C4B5B30865289344E09E8A25044A ] \Device\Harddisk1\DR1\Partition1
13:45:20.0056 0x0770 \Device\Harddisk1\DR1\Partition1 - ok
13:45:20.0076 0x0770 [ F4B80717E76856556F2FA55A5D80F565 ] \Device\Harddisk2\DR3\Partition1
13:45:20.0078 0x0770 \Device\Harddisk2\DR3\Partition1 - ok
13:45:20.0079 0x0770 ================ Scan generic autorun ======================
13:45:20.0596 0x0770 [ 324B8DDDF70D28B7A767E0608256DF36, 2FA4AA3F5E6D9C16A50F986027708AF657ADE9AE2A286E4F7686A1DF510FC2C1 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:45:20.0896 0x0770 RTHDVCPL - ok
13:45:21.0033 0x0770 [ 6A605E37012935C6FA09AFF94319ED86, 038844F6DDC32BD63A12B2D2D30A2719C1BC0CCDC21AAD7BCDE60A39C7349655 ] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
13:45:21.0058 0x0770 lxecmon.exe - ok
13:45:21.0087 0x0770 [ AE7586349CE69C6A0D5C8B11FAE04A6D, FA3147F90A05C502EE59BE6D5B437713C1DB498D2D55CB33104AC7AB9237680E ] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
13:45:21.0110 0x0770 EzPrint - ok
13:45:21.0299 0x0770 [ 1EB48ED59A2B4D4225444E60DEF44361, 5A5318723E74DC5D01355045B359BE738F31CBC6CBEA47E89B51910D377A70EE ] C:\Program Files\OO Software\Defrag\oodtray.exe
13:45:21.0463 0x0770 OODefragTray - ok
13:45:21.0557 0x0770 [ 6D44DE61A0BC7EE359D65992665C6432, 5A3C2D57A293B9BDD7CB1A4AA0ACF19374866F8A88EF132E350E5973CB4F7662 ] C:\Program Files\iTunes\iTunesHelper.exe
13:45:21.0585 0x0770 iTunesHelper - ok
13:45:21.0618 0x0770 [ 17716C3DD52BF815291D80FAAF329AC7, 3E42FBED89BF8CE6C0EE8C97C050358ED98577BB1DDFA93CDE25F431FC55138E ] C:\WINDOWS\jmesoft\hotkey.exe
13:45:21.0636 0x0770 jmekey - detected UnsignedFile.Multi.Generic ( 1 )
13:45:21.0877 0x0770 Detect skipped due to KSN trusted
13:45:21.0877 0x0770 jmekey - ok
13:45:22.0183 0x0770 [ A7464F6ED03611109F435218E424AAB8, 2C582D2E97F5AE97D1FBEC0493DF45A8EAF2D2CA93048556FD11B4AAA09956E6 ] C:\Windows\jmesoft\ServiceLoader.exe
13:45:22.0222 0x0770 jmesoft - detected UnsignedFile.Multi.Generic ( 1 )
13:45:22.0457 0x0770 Detect skipped due to KSN trusted
13:45:22.0457 0x0770 jmesoft - ok
13:45:22.0629 0x0770 [ 50299DBA20F8A1735830914777B55932, 7A8864A9FA81BF6C53797B7B8FCC2199B812A7E913D35387A0C5C63C170BAC02 ] C:\Program Files\Lenovo\LVT\LJYZ.exe
13:45:22.0659 0x0770 LVT - ok
13:45:22.0752 0x0770 [ C049C40CAEE8900130BD5F80B594CC7B, F54FC31662A9B8032B380793D534F34A0C63FED9C84DE313D17A61612EB31DC4 ] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
13:45:22.0886 0x0770 RemoteControl10 - ok
13:45:23.0114 0x0770 [ 0B427D9943C838620AFA30CBB24A6D77, 5A98B1405126F79846C810E739E964B11A4397F3DE597991308DB3C6AABB8F81 ] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
13:45:23.0137 0x0770 CLMLServer - ok
13:45:23.0199 0x0770 [ 8F83160C43C61FC6775391B46B7C16BF, 648588126B2CD0B9F50F478BF4F7474137D1285061A3B22B56C1CB5B4FD3C3BF ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
13:45:23.0215 0x0770 UpdateP2GoShortCut - ok
13:45:23.0597 0x0770 [ 123CE08362EE48BBA7F9F1D7EB50F24F, B78A49B186475805D7022E22AE163C535F3594F62CEA2759547EC514FA6CBFCC ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:45:23.0753 0x0770 AvastUI.exe - ok
13:45:23.0949 0x0770 [ D240FD88F5AACF2E6E7B7ECC67341D0C, D6B9AD47B30A65892C2C87BC54E3EBA6609BE1C087B70983EE83F9EBE92EE64E ] C:\Program Files (x86)\Longshine\LCS USB Device Server\Control Center.exe
13:45:24.0102 0x0770 Hawking UDS Control Center - detected UnsignedFile.Multi.Generic ( 1 )
13:45:24.0753 0x0770 Hawking UDS Control Center ( UnsignedFile.Multi.Generic ) - warning
13:45:24.0912 0x0770 [ 2199723879C9F75A709680E2935C052F, DDD5B5CC86463284D9137372CB8541D1258AC020EA811F1AD3735809F314B086 ] C:\Program Files (x86)\PDF24\pdf24.exe
13:45:24.0936 0x0770 PDFPrint - ok
13:45:25.0048 0x0770 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
13:45:25.0069 0x0770 HP Software Update - ok
13:45:25.0088 0x0770 rlTool - ok
13:45:25.0225 0x0770 [ F72E762D38A862539AFBCC3B3CCD26BD, 260A8694CAAA8FB3BC33F4CFF2AC0FA5B13A18E1742E210864DAAC6ED863B875 ] E:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe
13:45:25.0305 0x0770 DymoQuickPrint - ok
13:45:25.0389 0x0770 [ 7692F4B242E45870873CAF4CB85CF769, 9D28627FD73F62134792528A9D2F2FCCBB0FDD7E45D8D7D816B9FC3C07AE4CA2 ] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
13:45:25.0408 0x0770 AlcoholAutomount - ok
13:45:25.0522 0x0770 [ 501E808B5832505C51F539874E586353, 2F0C36BBB52052DD86E31BD7E0D3B7DD3BB7CF84E212900518E9CBE0C935DC43 ] C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
13:45:25.0625 0x0770 HP Officejet Pro 8610 (NET) - ok
13:45:25.0789 0x0770 [ F341DD6145F779CE5B732BC6BC6A3370, 67CE7E6DD5969C8DE34473E01D60D52FABC740B056287C2E261A36F97993ED0D ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
13:45:25.0812 0x0770 iCloudServices - ok
13:45:25.0813 0x0770 Waiting for KSN requests completion. In queue: 15
13:45:26.0814 0x0770 Waiting for KSN requests completion. In queue: 15
13:45:27.0814 0x0770 Waiting for KSN requests completion. In queue: 15
13:45:28.0851 0x0770 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
13:45:28.0868 0x0770 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.4.2233.1299 ), 0x41000 ( enabled : updated )
13:45:28.0894 0x0770 Win FW state via NFP2: enabled ( trusted )
13:45:29.0995 0x0770
|
|
19.10.2015, 12:54
| #5 |
| | rundll32.exe verursacht massiven Traffic Entschuldige bitte die unübersichtliche Darstellung. Aber wegen 265 Zeichen musste ich den TDSSkiller Report aufteilen. Hier noch der Rest Code:
ATTFilter ============================================================
13:45:29.0995 0x0770 Scan finished
13:45:29.0995 0x0770 ============================================================
13:45:30.0008 0x1d24 Detected object count: 1
13:45:30.0008 0x1d24 Actual detected object count: 1
13:46:13.0229 0x1d24 Hawking UDS Control Center ( UnsignedFile.Multi.Generic ) - skipped by user
13:46:13.0229 0x1d24 Hawking UDS Control Center ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.10.2015, 14:12
| #6 |
| /// TB-Ausbilder | rundll32.exe verursacht massiven Traffic Servus, ich habe einen Trojaner entdeckt, der wohl für deine Probleme verantwortlich ist.  Auf ins Gefecht...  Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
FF NewTab: about:blank
FF SearchPlugin: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\searchplugins\piesearch.xml [2015-10-14]
FF HKLM-x32\...\Firefox\Extensions: [smartffsearch@gmail.com] - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\extensions\smartffsearch@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [ffsmartsearchbar@gmail.com] - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\extensions\ffsmartsearchbar@gmail.com => nicht gefunden
Task: {C809464A-EF4A-4694-BAB7-0A2C45928E12} - System32\Tasks\PUNWNRG => Rundll32.exe "C:\WINDOWS\SysWOW64\tzutilp.dll",USHURS
Task: C:\WINDOWS\Tasks\PUNWNRG.job => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SysWOW64\tzutilp.dll
C:\WINDOWS\SysWOW64\tzutilp.dll
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
19.10.2015, 14:32
| #7 |
| | rundll32.exe verursacht massiven Traffic Ok, anbei nun nochmals die gewünschten Logs. Fixlog Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-10-2015
durchgeführt von Josef (2015-10-19 15:17:32) Run:1
Gestartet von C:\Users\Josef\Desktop
Geladene Profile: Josef (Verfügbare Profile: Josef)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
FF NewTab: about:blank
FF SearchPlugin: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\searchplugins\piesearch.xml [2015-10-14]
FF HKLM-x32\...\Firefox\Extensions: [smartffsearch@gmail.com] - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\extensions\smartffsearch@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [ffsmartsearchbar@gmail.com] - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\extensions\ffsmartsearchbar@gmail.com => nicht gefunden
Task: {C809464A-EF4A-4694-BAB7-0A2C45928E12} - System32\Tasks\PUNWNRG => Rundll32.exe "C:\WINDOWS\SysWOW64\tzutilp.dll",USHURS
Task: C:\WINDOWS\Tasks\PUNWNRG.job => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SysWOW64\tzutilp.dll
C:\WINDOWS\SysWOW64\tzutilp.dll
RemoveProxy:
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
"HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
Firefox "newtab" erfolgreich entfernt
C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\searchplugins\piesearch.xml => erfolgreich verschoben
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\smartffsearch@gmail.com => Wert erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ffsmartsearchbar@gmail.com => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C809464A-EF4A-4694-BAB7-0A2C45928E12}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C809464A-EF4A-4694-BAB7-0A2C45928E12}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\PUNWNRG => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PUNWNRG" => Schlüssel erfolgreich entfernt
C:\WINDOWS\Tasks\PUNWNRG.job => erfolgreich verschoben
C:\WINDOWS\SysWOW64\tzutilp.dll => erfolgreich verschoben
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
EmptyTemp: => 289.6 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 15:18:02 ====
Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version:18-10-2015
durchgeführt von Josef (2015-10-19 15:23:51)
Gestartet von C:\Users\Josef\Desktop
Start-Modus: Normal
================== Search Files: "tzutilp.dll" =============
====== Ende von Suche ======
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
durchgeführt von Josef (Administrator) auf LENOVOPC (19-10-2015 15:26:52)
Gestartet von C:\Users\Josef\Desktop
Geladene Profile: Josef (Verfügbare Profile: Josef)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
() C:\Windows\jmesoft\Service.exe
( ) C:\Windows\System32\lxeccoms.exe
(MustangService) C:\ProgramData\TempMoudleSet\MustangSer1437.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Kaiser edv-Konzept) C:\Program Files\raum level 7\rlTool.exe
(Sanford, L.P.) E:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Longshine\LCS USB Device Server\Control Center.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4468984 2015-09-14] (O&O Software GmbH)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-18] (AVAST Software)
HKLM-x32\...\Run: [Hawking UDS Control Center] => C:\Program Files (x86)\Longshine\LCS USB Device Server\Control Center.exe [5542400 2012-09-25] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [rlTool] => C:\Programme\raum level 7\rlTool
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [DymoQuickPrint] => E:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe [1885944 2010-01-27] (Sanford, L.P.)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-18] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2015-09-27]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{0733BC2F-BB0F-47DC-A86F-957B15EE11DD}\app_icon.ico ()
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-28]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C58D763-41C6-4041-B6D3-EBEE7B6362CD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E369D0A3-0931-4B51-B740-A0895A43BAA8}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2344473906-2606427249-3890557636-1002 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-18] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-18] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1212152.dll [Keine Datei]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2344473906-2606427249-3890557636-1002: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Josef\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-16] (RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Extension: MCGutschein.com - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\9yxcwa8k.default-1426894332731\Extensions\mail@mcgutschein.com.xpi [2015-05-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-14] [ist nicht signiert]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-19]
CHR Extension: (Google Docs) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-19]
CHR Extension: (Google Drive) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-19]
CHR Extension: (YouTube) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-19]
CHR Extension: (Google-Suche) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-19]
CHR Extension: (Google Tabellen) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-14]
CHR Extension: (Avast Online Security) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-19]
CHR Extension: (Google Mail) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-18] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-10-18] (Avast Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [Datei ist nicht signiert]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S2 lxecCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\WINDOWS\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\WINDOWS\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer1437.exe [236816 2015-10-09] (MustangService)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1711352 2015-09-14] (O&O Software GmbH)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688784 2015-07-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-09-24] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-18] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2014-06-21] (AVM Berlin)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2015-02-28] (Alcohol Soft Development Team)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LongshineUDSMBus; C:\Windows\SysWow64\Drivers\LongshineUDSMBus.sys [102688 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
R3 LongshineUDSTcpBus; C:\Windows\SysWow64\Drivers\LongshineUDSTcpBus.sys [181024 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-18] (AVAST Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-02-28] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-10-18] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-19 15:23 - 2015-10-19 15:26 - 00000255 _____ C:\Users\Josef\Desktop\Search.txt
2015-10-19 13:43 - 2015-10-19 13:43 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Josef\Desktop\tdsskiller.exe
2015-10-19 13:40 - 2015-10-19 13:41 - 00040014 _____ C:\Users\Josef\Desktop\Addition.txt
2015-10-19 13:39 - 2015-10-19 15:27 - 00022739 _____ C:\Users\Josef\Desktop\FRST.txt
2015-10-19 13:39 - 2015-10-19 15:26 - 00000000 ____D C:\FRST
2015-10-19 13:39 - 2015-10-19 13:39 - 02196992 _____ (Farbar) C:\Users\Josef\Desktop\FRST64.exe
2015-10-19 12:08 - 2015-10-19 12:09 - 04097654 _____ C:\Users\Josef\Desktop\rundll.bmp
2015-10-18 21:46 - 2015-10-18 21:46 - 01691648 _____ C:\Users\Josef\Downloads\adwcleaner_5.014.exe
2015-10-18 21:32 - 2015-10-18 21:32 - 842798427 _____ C:\WINDOWS\MEMORY.DMP
2015-10-18 21:32 - 2015-10-18 21:32 - 00280024 _____ C:\WINDOWS\Minidump\101815-20328-01.dmp
2015-10-18 19:13 - 2015-10-18 19:13 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-18 19:13 - 2015-10-18 19:13 - 00132656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-10-18 19:13 - 2015-10-18 19:13 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-18 19:01 - 2015-10-19 13:39 - 00000000 ____D C:\AdwCleaner
2015-10-18 18:56 - 2015-10-19 15:19 - 00001491 _____ C:\WINDOWS\setupact.log
2015-10-18 18:56 - 2015-10-18 18:56 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-18 16:41 - 2015-10-18 19:14 - 00003278 _____ C:\WINDOWS\PFRO.log
2015-10-18 16:30 - 2015-10-18 16:30 - 00001401 _____ C:\Users\Josef\Desktop\CCleaner64 - Verknüpfung.lnk
2015-10-18 16:29 - 2015-10-18 16:34 - 00000000 ____D C:\Program Files\CCleaner
2015-10-18 16:29 - 2015-10-18 16:29 - 00002790 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-10-18 16:29 - 2015-10-18 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-18 16:13 - 2015-10-18 16:13 - 00015714 _____ C:\Users\Josef\Desktop\Report.txt
2015-10-17 15:53 - 2015-09-23 12:42 - 44302336 _____ C:\Users\Josef\Desktop\RT-AC87U_3.0.0.4_378_9177-ge585a63.trx
2015-10-17 14:22 - 2015-10-17 14:22 - 00000913 _____ C:\Users\Josef\Documents\Bilder - Verknüpfung.lnk
2015-10-16 16:32 - 2015-10-16 16:32 - 06220854 _____ C:\Users\Josef\Desktop\Einstellung Rufnummernnutzung.bmp
2015-10-16 16:31 - 2015-10-16 16:31 - 06220854 _____ C:\Users\Josef\Desktop\Internet Telefonie.bmp
2015-10-16 16:29 - 2015-10-16 16:32 - 06220854 _____ C:\Users\Josef\Desktop\Rufnummernzuordnung.bmp
2015-10-16 16:28 - 2015-10-16 16:28 - 06220854 _____ C:\Users\Josef\Desktop\Zugangsdaten.bmp
2015-10-15 07:18 - 2015-09-19 05:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-15 07:18 - 2015-09-18 15:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-15 07:18 - 2015-09-18 15:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 16:37 - 2015-10-14 16:37 - 00000000 ____D C:\ProgramData\TempMoudleSet
2015-10-14 07:13 - 2015-09-29 14:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 07:13 - 2015-09-29 14:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 07:13 - 2015-09-29 14:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 07:13 - 2015-09-29 14:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 07:13 - 2015-09-29 14:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 07:13 - 2015-09-24 18:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 07:13 - 2015-09-24 18:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 07:13 - 2015-09-10 20:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 07:13 - 2015-09-10 19:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 07:13 - 2015-08-27 04:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 07:13 - 2015-08-27 04:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 07:13 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 07:13 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 07:13 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 07:13 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 07:13 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 07:13 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 07:12 - 2015-09-29 14:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 07:12 - 2015-09-28 20:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 07:12 - 2015-09-28 20:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 07:12 - 2015-09-28 20:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 07:12 - 2015-09-28 20:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 07:12 - 2015-09-28 20:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 07:12 - 2015-09-28 20:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 07:12 - 2015-09-28 20:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 07:12 - 2015-09-28 20:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 07:12 - 2015-09-28 20:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 07:12 - 2015-09-28 20:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 07:12 - 2015-09-28 20:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 07:12 - 2015-09-10 19:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 07:12 - 2015-09-10 19:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 07:12 - 2015-09-10 19:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 07:12 - 2015-09-10 19:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 07:12 - 2015-09-10 19:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 07:12 - 2015-09-10 19:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 07:12 - 2015-09-10 18:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 07:12 - 2015-09-10 18:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 07:12 - 2015-09-10 18:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 07:12 - 2015-09-10 18:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 07:12 - 2015-09-10 18:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 07:12 - 2015-09-10 18:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 07:12 - 2015-09-10 18:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 07:12 - 2015-09-10 18:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 07:12 - 2015-09-10 18:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 07:12 - 2015-09-10 18:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 07:12 - 2015-09-10 18:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 07:12 - 2015-09-10 18:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 07:12 - 2015-09-10 18:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 07:12 - 2015-09-10 18:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 07:12 - 2015-09-10 18:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 07:12 - 2015-09-10 18:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 07:12 - 2015-09-10 18:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 07:12 - 2015-09-10 18:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 07:12 - 2015-09-10 18:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 07:12 - 2015-09-10 18:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 07:12 - 2015-09-10 18:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 07:12 - 2015-09-10 17:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 07:12 - 2015-09-10 17:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 07:12 - 2015-09-10 17:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 07:12 - 2015-09-10 17:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 07:12 - 2015-09-10 17:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 07:12 - 2015-09-10 17:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 07:12 - 2015-09-10 17:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 07:12 - 2015-09-10 17:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 07:12 - 2015-09-10 17:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 07:12 - 2015-09-10 17:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:12 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:12 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-09 14:45 - 2015-10-09 14:45 - 00000000 ____D C:\ProgramData\ATI
2015-10-09 14:43 - 2015-10-19 15:18 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-10-09 14:39 - 2015-10-09 14:39 - 00058877 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510091439006155.log
2015-10-09 14:38 - 2015-10-09 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-10-09 14:36 - 2015-10-09 14:38 - 00000000 ____D C:\Program Files\AMD
2015-10-09 14:36 - 2015-10-09 14:36 - 00000000 ____D C:\Program Files (x86)\AMD
2015-10-09 14:34 - 2015-10-09 14:34 - 00000382 _____ C:\SetupCD.txt
2015-09-30 11:01 - 2015-09-30 11:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\Program Files\iTunes
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\Program Files\iPod
2015-09-30 10:58 - 2015-09-30 10:58 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-30 10:57 - 2015-09-30 10:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-30 10:57 - 2015-09-30 10:57 - 00000000 ____D C:\Program Files\Bonjour
2015-09-30 10:57 - 2015-09-30 10:57 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-30 10:57 - 2015-09-30 10:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-30 10:53 - 2015-09-30 10:53 - 00000000 ____D C:\ProgramData\Softorino
2015-09-30 10:50 - 2015-09-30 10:50 - 00000000 ____D C:\Program Files (x86)\ThinkSky
2015-09-27 12:42 - 2015-09-27 12:42 - 00000000 ____D C:\Users\Josef\AppData\Local\O&O
2015-09-27 12:41 - 2015-10-18 16:13 - 00002507 _____ C:\Users\Public\Desktop\O&O Defrag.lnk
2015-09-27 12:41 - 2015-09-28 21:58 - 00000000 ____D C:\WINDOWS\system32\oodag
2015-09-27 12:41 - 2015-09-27 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
2015-09-27 12:41 - 2015-09-27 12:41 - 00000000 ____D C:\Program Files\OO Software
2015-09-27 12:40 - 2015-09-27 12:40 - 00000000 ____D C:\ProgramData\OO Software
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-19 15:26 - 2014-05-03 17:58 - 01754315 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-19 15:21 - 2015-03-19 08:27 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-19 15:21 - 2014-07-04 15:26 - 01057230 _____ C:\ProgramData\lxecscan.log
2015-10-19 15:21 - 2014-07-04 15:20 - 01265664 ___SH C:\Users\Josef\Desktop\Thumbs.db
2015-10-19 15:20 - 2014-06-14 21:11 - 00000000 __RDO C:\Users\Josef\SkyDrive
2015-10-19 15:19 - 2015-03-17 19:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-19 15:19 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-19 15:18 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-19 15:17 - 2014-06-28 12:59 - 00000000 ____D C:\Users\Josef\AppData\LocalLow\Temp
2015-10-19 15:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-10-19 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-19 14:57 - 2015-03-19 08:27 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-19 14:43 - 2015-07-20 17:27 - 00000420 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-10-19 14:41 - 2015-05-09 13:23 - 00000000 ____D C:\Users\Josef\Documents\Outlook-Dateien
2015-10-19 14:40 - 2015-05-09 13:39 - 00000000 ____D C:\Users\Josef\AppData\Local\AC8A50B3-8E60-4D77-B3C3-906049DCE764.aplzod
2015-10-19 14:33 - 2014-06-14 21:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-19 14:25 - 2014-06-15 13:24 - 00000000 ____D C:\Program Files\raum level 7
2015-10-19 14:12 - 2014-06-15 13:14 - 00007604 _____ C:\Users\Josef\AppData\Local\Resmon.ResmonCfg
2015-10-19 13:33 - 2015-03-21 00:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-19 13:25 - 2014-06-14 21:39 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F55D3A2-2388-4DD7-9565-979A5493EF05}
2015-10-19 07:02 - 2015-03-19 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-10-19 07:02 - 2015-03-19 08:24 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-10-18 23:36 - 2014-06-14 20:41 - 00000000 ____D C:\Users\Josef
2015-10-18 23:23 - 2014-06-14 20:47 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2344473906-2606427249-3890557636-1002
2015-10-18 21:32 - 2015-01-10 21:51 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-18 19:13 - 2014-06-14 21:47 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00448968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-18 19:13 - 2014-06-14 21:47 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-18 19:02 - 2014-05-03 18:20 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-10-18 18:58 - 2014-06-15 08:26 - 00002189 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2015-10-18 16:36 - 2013-08-31 18:36 - 00000000 ____D C:\WINDOWS\Panther
2015-10-18 16:13 - 2015-07-20 17:27 - 00002154 _____ C:\Users\Josef\Desktop\HP Photo Creations.lnk
2015-10-18 16:13 - 2015-06-27 11:26 - 00000651 _____ C:\Users\Josef\Desktop\P-Touch.lnk
2015-10-18 16:13 - 2015-05-25 20:23 - 00002122 _____ C:\Users\Josef\Desktop\Sigma Data Center 4.0.lnk
2015-10-18 16:13 - 2015-05-25 20:19 - 00001020 _____ C:\Users\Public\Desktop\Sigma Data Center 2.1.lnk
2015-10-18 16:13 - 2015-05-09 13:30 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-18 16:13 - 2015-05-09 12:23 - 00002862 _____ C:\Users\Josef\Desktop\Outlook 2013.lnk
2015-10-18 16:13 - 2015-05-01 00:33 - 00001103 _____ C:\Users\Public\Desktop\GPS Master 2.0.14.lnk
2015-10-18 16:13 - 2015-04-18 08:55 - 00001448 _____ C:\Users\Josef\Desktop\CopyTrans Control Center.lnk
2015-10-18 16:13 - 2015-04-11 11:25 - 00002183 _____ C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
2015-10-18 16:13 - 2015-04-11 11:25 - 00001177 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet Pro 8610.lnk
2015-10-18 16:13 - 2015-04-11 11:25 - 00000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-10-18 16:13 - 2015-03-21 00:18 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-18 16:13 - 2015-03-19 08:28 - 00002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-18 16:13 - 2015-03-15 19:23 - 00001923 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-10-18 16:13 - 2015-02-28 11:16 - 00003035 _____ C:\Users\Josef\Desktop\Excel 2013.lnk
2015-10-18 16:13 - 2015-02-28 11:16 - 00003013 _____ C:\Users\Josef\Desktop\Word 2013.lnk
2015-10-18 16:13 - 2015-02-28 11:16 - 00002935 _____ C:\Users\Josef\Desktop\PowerPoint 2013.lnk
2015-10-18 16:13 - 2015-02-28 11:08 - 00001198 _____ C:\Users\Public\Desktop\Alcohol 52%.lnk
2015-10-18 16:13 - 2015-02-01 15:57 - 00000623 _____ C:\Users\Josef\Desktop\PTLITE10 - Verknüpfung.lnk
2015-10-18 16:13 - 2015-01-24 12:06 - 00001177 _____ C:\Users\Public\Desktop\DYMO Label v.8.lnk
2015-10-18 16:13 - 2014-12-18 18:48 - 00001100 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-10-18 16:13 - 2014-12-18 18:48 - 00001080 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-10-18 16:13 - 2014-12-18 18:43 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-18 16:13 - 2014-12-18 18:43 - 00002044 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-10-18 16:13 - 2014-12-18 18:35 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-10-18 16:13 - 2014-12-10 19:09 - 00002012 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-10-18 16:13 - 2014-12-07 13:42 - 00001407 _____ C:\Users\Josef\Desktop\rlTool.lnk
2015-10-18 16:13 - 2014-10-16 18:29 - 00001145 _____ C:\Users\Josef\Desktop\Bewerbung Sabine - Verknüpfung.lnk
2015-10-18 16:13 - 2014-08-30 13:57 - 00001381 _____ C:\Users\Josef\Desktop\svnet - Verknüpfung.lnk
2015-10-18 16:13 - 2014-07-31 22:49 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00001595 _____ C:\Users\Josef\Desktop\raum level10.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00000801 _____ C:\Users\Public\Desktop\Fernwartung NetViewer.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00000776 _____ C:\Users\Public\Desktop\Fernwartung TeamViewer.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00000756 _____ C:\Users\Public\Desktop\Zuschnittoptimierung.lnk
2015-10-18 16:13 - 2014-06-15 13:24 - 00000734 _____ C:\Users\Public\Desktop\rlDatev.lnk
2015-10-18 16:13 - 2014-06-14 21:42 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-18 16:13 - 2014-06-14 21:42 - 00001168 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-18 16:13 - 2014-06-14 21:13 - 00002519 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2015-10-18 16:13 - 2014-06-14 21:13 - 00002246 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-10-18 16:13 - 2014-06-14 20:41 - 00001465 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-18 16:13 - 2014-05-03 18:28 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2015-10-18 16:13 - 2014-01-04 03:31 - 00002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-10-18 16:13 - 2013-12-29 12:05 - 00002237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-10-17 23:55 - 2014-06-14 21:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 23:55 - 2014-06-14 21:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-17 23:55 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Web
2015-10-17 19:47 - 2014-06-30 19:57 - 00098816 ___SH C:\Users\Josef\Downloads\Thumbs.db
2015-10-17 19:29 - 2015-03-21 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-10-17 19:29 - 2015-03-21 00:18 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-10-17 13:33 - 2014-06-14 21:53 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-17 12:38 - 2014-06-21 13:55 - 00003759 _____ C:\Users\Josef\Desktop\Sepa.xml
2015-10-17 10:53 - 2015-03-21 01:32 - 00000000 ____D C:\Users\Josef\Desktop\Alte Firefox-Daten
2015-10-16 17:42 - 2014-05-04 03:48 - 00778714 _____ C:\WINDOWS\system32\perfh007.dat
2015-10-16 17:42 - 2014-05-04 03:48 - 00163510 _____ C:\WINDOWS\system32\perfc007.dat
2015-10-16 17:42 - 2013-08-31 17:40 - 01804290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-16 16:30 - 2015-01-05 09:57 - 00000000 __SHD C:\Users\Josef\AppData\LocalLow\EmieBrowserModeList
2015-10-16 16:30 - 2014-06-28 12:54 - 00000000 __SHD C:\Users\Josef\AppData\LocalLow\EmieUserList
2015-10-16 16:25 - 2015-01-05 09:57 - 00000000 __SHD C:\Users\Josef\AppData\Local\EmieBrowserModeList
2015-10-16 16:25 - 2014-06-21 19:08 - 00000000 __SHD C:\Users\Josef\AppData\Local\EmieUserList
2015-10-16 16:25 - 2014-06-21 19:08 - 00000000 __SHD C:\Users\Josef\AppData\Local\EmieSiteList
2015-10-16 16:23 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-16 16:14 - 2014-06-28 12:54 - 00000000 __SHD C:\Users\Josef\AppData\LocalLow\EmieSiteList
2015-10-16 08:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-15 13:04 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-15 07:45 - 2015-02-28 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-15 07:45 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-15 07:44 - 2015-02-28 11:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 07:42 - 2013-08-22 15:25 - 00000301 _____ C:\WINDOWS\win.ini
2015-10-15 07:38 - 2014-12-10 15:17 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 07:38 - 2014-07-11 08:09 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-14 16:59 - 2015-06-03 10:45 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2015-10-13 20:17 - 2014-06-14 20:41 - 00000000 ____D C:\Users\Josef\AppData\Local\Packages
2015-10-13 12:36 - 2014-12-26 08:33 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-12 17:02 - 2015-04-07 13:17 - 00000000 ____D C:\Users\Josef\Desktop\Bewerbung Severin
2015-10-09 14:38 - 2014-05-03 17:59 - 00000000 ____D C:\ProgramData\AMD
2015-10-09 14:36 - 2014-05-03 17:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-09 14:34 - 2014-05-03 17:58 - 00000000 ___HD C:\AMD
2015-10-08 18:06 - 2015-04-06 20:56 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-08 18:06 - 2015-04-06 20:56 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-08 07:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-05 09:50 - 2015-03-21 00:18 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-03-21 00:18 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-03-21 00:18 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-02 16:24 - 2015-03-11 16:32 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 16:24 - 2015-03-11 16:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-30 11:02 - 2015-05-09 13:32 - 00000000 ____D C:\Users\Josef\AppData\Roaming\Apple Computer
2015-09-30 10:59 - 2015-08-16 09:32 - 00000000 ____D C:\Users\Josef\AppData\Local\Apple Computer
2015-09-30 10:58 - 2015-05-09 13:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-30 10:57 - 2015-01-24 12:06 - 00000000 ____D C:\ProgramData\Apple
2015-09-22 15:15 - 2014-09-26 13:45 - 00000000 ____D C:\Users\Josef\AppData\Roaming\PlayFirst
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-01-24 12:04 - 2015-01-24 12:06 - 0044120 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2015-05-09 13:17 - 2015-05-09 14:56 - 0028048 _____ () C:\Users\Josef\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2014-12-21 13:47 - 2014-12-21 13:47 - 0004075 _____ () C:\Users\Josef\AppData\Local\recently-used.xbel
2014-06-15 13:14 - 2015-10-19 14:12 - 0007604 _____ () C:\Users\Josef\AppData\Local\Resmon.ResmonCfg
2015-04-11 11:25 - 2015-04-11 11:25 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-03-23 12:56 - 2015-03-23 12:56 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-05-03 17:59 - 2014-05-03 17:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-04 15:31 - 2014-07-04 15:31 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-07-04 15:32 - 2015-03-19 15:40 - 0356708 _____ () C:\ProgramData\lxecJSW.log
2014-07-04 15:26 - 2015-10-19 15:21 - 1057230 _____ () C:\ProgramData\lxecscan.log
2015-03-23 12:56 - 2015-03-23 12:56 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-12-11 16:59 - 2014-12-11 16:59 - 0859891 _____ () C:\ProgramData\SPLCACC.tmp
2014-07-04 15:30 - 2014-07-04 15:30 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-10-12 07:15
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-10-2015
durchgeführt von Josef (2015-10-19 15:27:40)
Gestartet von C:\Users\Josef\Desktop
Windows 8.1 (X64) (2014-06-14 18:41:20)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2344473906-2606427249-3890557636-500 - Administrator - Disabled)
Gast (S-1-5-21-2344473906-2606427249-3890557636-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2344473906-2606427249-3890557636-1004 - Limited - Enabled)
Josef (S-1-5-21-2344473906-2606427249-3890557636-1002 - Administrator - Enabled) => C:\Users\Josef
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\CopyTrans Suite) (Version: 3.01 - WindSolutions)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPS Master 2.0.14 (HKLM-x32\...\GPS Master_is1) (Version: 1.0 - GPS Master)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{C1586445-E3CA-45F0-A754-E6C2784CDDB7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Hilfe (HKLM-x32\...\{2466D8D5-4856-4492-BDEF-48A640F58866}) (Version: 32.0.0 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\HP Photo Creations) (Version: 1.0.0.18922 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
LCS USB Device Server (HKLM-x32\...\{FC9F1D8E-D3C0-47D4-A2E0-9634E3D48BDA}) (Version: 2.41 - Ihr Firmenname)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
O&O Defrag Professional (HKLM\...\{0733BC2F-BB0F-47DC-A86F-957B15EE11DD}) (Version: 19.0.87 - O&O Software GmbH)
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
raum level10 (HKLM-x32\...\raum level10) (Version: raum level9.1 - Kaiser edv-Konzept)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.11.0 - Lenovo Group Limited)
Sigma Data Center 2.1 (HKLM-x32\...\SigmaDataCenter21.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.1.0 - Sigma Elektro GmbH)
Sigma Data Center 2.1 (x32 Version: 2.1.0 - Sigma Elektro GmbH) Hidden
Sigma Data Center 4.0 (HKLM-x32\...\Sigma Data Center4.0) (Version: 4.0 - Sigma Elektro GmbH)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{9ED2609F-7D30-4F44-B706-5EDAA730FE3E}) (Version: 10 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 15.1 - ITSG GmbH)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports (01/04/2013 5.1.2600.5512) (HKLM\...\08AE394D2BC5301A3A34A857B6DA63FB7C7B050A) (Version: 01/04/2013 5.1.2600.5512 - SIGMA Elektro GmbH)
Windows-Treiberpaket - Sunplus (SPCP825K) Ports (07/01/2010 1.0.9.0) (HKLM\...\20986CDBFBCA238AA12329A115B1CC9D88E9C06C) (Version: 07/01/2010 1.0.9.0 - Sunplus)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version: - Zylom Games)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {153E23A6-D147-4C5E-A0D9-5347E64F28FD} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Josef\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-07-25] ()
Task: {1BF1A238-FB61-4BB5-B309-5D3936A88870} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {416843E6-F848-422D-B8E1-02F71893136C} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {509850F1-C6B5-4A89-A1A2-B7640F5EB5AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-18] (AVAST Software)
Task: {57CDE412-2211-41BF-98B8-A7A3E7501299} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C8FD064-429B-469D-A92B-F46481443B5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {6598DC21-5AA5-45F1-8DED-2705A4A33A7C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {66B7119F-923E-4606-91B4-E5A7F4E138A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6C98F6D7-CC14-44EA-8FFC-92F841433837} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {73052BCE-260E-477E-955A-A1E968C4BC8C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {7350272A-8B71-4D47-8E52-FB90E2EAE17B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {81157E6A-3277-4FBB-AE87-BBD9D2C0ECA7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\CompatTelRunner.exe [2015-09-19] (Microsoft Corporation)
Task: {9050BF4D-E8A1-4B94-A9FE-3CAD6DBD1718} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {942035DE-33D8-420A-82C3-1E2AC69F6DE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A117A975-A939-4DF8-A3B5-EC7F54F6E36F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B113C27C-9CAB-4BB0-90B0-CE568F7FB81E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C6A80DFC-A4F7-4D68-9BE1-058E977C797D} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {E8F75B39-77D4-4D55-915E-8648C140A374} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {EC8690D4-3856-41CE-9388-E5E784BF6372} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {EFB8AD79-6D4F-4D38-AC66-76172A97868D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F0EAB462-0ACE-4818-A259-19E4199D2489} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\Josef\AppData\Roaming\HP Photo Creations\Communicator.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-07-04 15:27 - 2009-11-04 13:18 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-03 18:00 - 2011-08-16 20:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-05-03 18:24 - 2013-05-14 20:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-07-04 15:30 - 2013-01-23 13:35 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2014-07-04 15:30 - 2013-01-23 13:35 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
2014-05-03 18:00 - 2011-08-16 20:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2012-09-25 10:03 - 2012-09-25 10:03 - 05542400 _____ () C:\Program Files (x86)\Longshine\LCS USB Device Server\Control Center.exe
2015-08-04 00:25 - 2015-08-04 00:25 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-10-18 19:13 - 2015-10-18 19:13 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-18 19:13 - 2015-10-18 19:13 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-19 13:16 - 2015-10-19 13:16 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15101900\algo.dll
2015-08-04 08:02 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2014-07-04 15:30 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
2014-07-04 15:30 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
2014-07-04 15:30 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2014-07-04 15:30 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2014-07-04 15:30 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2014-07-04 15:30 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
2014-07-04 15:30 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
2014-07-04 15:30 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2014-07-04 15:30 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2014-07-04 15:30 - 2009-06-23 06:09 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2014-07-04 15:30 - 2009-06-23 06:10 - 00045056 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
2014-07-04 15:30 - 2009-06-23 06:11 - 00102400 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2014-07-04 15:30 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
2014-07-04 15:30 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
2014-03-20 22:50 - 2014-03-20 22:50 - 00093696 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-05-03 18:00 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-10-18 19:13 - 2015-10-18 19:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Josef\SkyDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Josef\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2344473906-2606427249-3890557636-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{14FE2D70-D55E-4BB6-ABC1-7808B8CB6C22}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{03DA3C43-8124-4BCD-8137-F9DAA5A3FA84}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{BBFEC3BD-45CA-4566-BF8C-B8E3FEDF08DE}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7268A5A1-2124-4B40-A018-E84DDC6608C7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F2E7BFB3-28C6-4905-95E4-E6117C5704A7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{80DB8452-3709-4F3A-90E6-9B7662384B89}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{6D7E8ED9-7B12-450D-B47D-174674E514D5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{8160F066-E1FF-4A2B-9E21-02FD9CDFEC6F}] => (Allow) C:\Users\Josef\AppData\Local\Apps\2.0\H2JP4T58.8NZ\KG6PJACM.6YH\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{3AB47C36-75AF-4519-8D6E-D894D578F38E}] => (Allow) C:\Users\Josef\AppData\Local\Apps\2.0\H2JP4T58.8NZ\KG6PJACM.6YH\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{F69EDECC-1FC9-46AB-A20B-766C6CE0DBF9}] => (Allow) C:\WINDOWS\system32\lxeccoms.exe
FirewallRules: [{C68D86CF-0F21-4870-848B-72233EC9DD89}] => (Allow) C:\WINDOWS\system32\LXECcoms.exe
FirewallRules: [{4B5EE771-0AA3-4894-AD39-222885F1C82A}] => (Allow) C:\WINDOWS\system32\LXECcoms.exe
FirewallRules: [TCP Query User{89FA5209-6E69-47CE-9B2D-94B7DCF0B0CA}C:\program files (x86)\longshine\lcs usb device server\control center.exe] => (Allow) C:\program files (x86)\longshine\lcs usb device server\control center.exe
FirewallRules: [UDP Query User{2D46FAF1-A66F-428F-B6FE-73D5AC6F940C}C:\program files (x86)\longshine\lcs usb device server\control center.exe] => (Allow) C:\program files (x86)\longshine\lcs usb device server\control center.exe
FirewallRules: [TCP Query User{8BAF266E-3872-4F47-BCBA-EBE12DD33D1C}C:\users\josef\appdata\local\apps\2.0\h2jp4t58.8nz\kg6pjacm.6yh\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe] => (Allow) C:\users\josef\appdata\local\apps\2.0\h2jp4t58.8nz\kg6pjacm.6yh\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{3FE0C159-0D44-4D77-8531-67C8F1529C35}C:\users\josef\appdata\local\apps\2.0\h2jp4t58.8nz\kg6pjacm.6yh\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe] => (Allow) C:\users\josef\appdata\local\apps\2.0\h2jp4t58.8nz\kg6pjacm.6yh\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [TCP Query User{7F374F63-AEB2-4C67-A510-02A8CD1F62AC}C:\program files (x86)\longshine\lcs usb device server\control center.exe] => (Allow) C:\program files (x86)\longshine\lcs usb device server\control center.exe
FirewallRules: [UDP Query User{A526AC58-B9E8-46B2-B9B0-5210A35A5153}C:\program files (x86)\longshine\lcs usb device server\control center.exe] => (Allow) C:\program files (x86)\longshine\lcs usb device server\control center.exe
FirewallRules: [{8598F5C9-BA35-4290-8DD9-E44EBF23E419}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{5D652749-9E40-4A06-89EE-0805EBEAEB5C}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{28704746-0906-46B6-A310-CF4417FB9E23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68FCD1DC-8B06-42FD-BF1C-03583575CA25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7D29D210-D905-491E-BCC7-0D1AFB6F3C90}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{81A1CE36-075B-45B8-89E2-734790340B48}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E379C5B0-4193-47C6-BBFF-AAC7AE82CECB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{0D88B932-9E42-4658-8111-203ADD9FD834}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{C59E9EAF-521D-4C98-B732-6930C48F110B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{A089564E-3392-47BD-A427-42BBC5B3533A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{EAE1E539-E5E5-4812-A3D3-65D2D3445061}] => (Allow) LPort=5357
FirewallRules: [{4D5443C7-5677-412E-910A-9101A9F34D20}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A3A4EAD4-F6B3-42C8-8272-DA564BA28B5B}] => (Allow) C:\Program Files (x86)\GPS Master 2.0.14\GPS Master.exe
FirewallRules: [{98ABDE46-BAA0-44C1-86F6-9296B770434B}] => (Allow) C:\Program Files (x86)\GPS Master 2.0.14\GPS Master.exe
FirewallRules: [{B1AE9B5D-057A-4230-85AF-4E2181D8CB55}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{F3D00612-A962-4E65-B6C8-8A2DEB671E45}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{7AA39C28-B17F-48E3-93ED-037C730AB691}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{7CAC8C95-EA8D-4002-AE50-B325398A0175}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{4A3AA770-8DC8-4C46-AE68-2CC21F3E7268}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C85B6AA7-F6EA-4A8B-9F0C-B4650A153788}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{70310C3C-993F-487C-B7E3-316504F36DAF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{596E9EBB-0A5D-416F-8D3D-B6144B656AA8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7BB832B1-953A-41D3-AB91-D351F26958BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3812B759-CECB-49ED-9B4C-414BB355B8F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD741C1A-E041-487F-9BE5-6EA7F79B9B57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB10A816-F484-4928-A82A-607DEB539A0A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B97E5878-3E9D-459E-BC50-5F9705299CFD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F730DD7F-441A-4F02-A106-1C42F6792994}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0FCFC1E8-0BBD-419E-87D2-DD1A13820FF2}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{BB00BF90-1B6F-4ADE-8CD4-B0BD57B5A91F}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{5EE03D54-EF00-4B3B-9370-3F0F7D0C3244}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E6F46888-84D8-44C3-9CF1-A75248BE9AB6}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4A0FEE90-6B51-48E4-91DD-69405805D430}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9A909522-A7F4-4F67-8278-CAF9B7C96366}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/19/2015 03:22:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 41.0.2.5765, Zeitstempel: 0x561ef9f1
Name des fehlerhaften Moduls: mozglue.dll, Version: 41.0.2.5765, Zeitstempel: 0x561ee53f
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ec91
ID des fehlerhaften Prozesses: 0x14ac
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (10/19/2015 07:06:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „soluteGmbH.billiger.deforLenovo_r04g846gqtkq0!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/19/2015 07:02:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance(CLSID_VSSCoordinator)" ist ein unerwarteter Fehler aufgetreten. hr = 0x800401f0, CoInitialize wurde nicht aufgerufen.
.
Error: (10/19/2015 07:02:34 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "Coordinator" kann nicht gestartet werden. [0x800401f0, CoInitialize wurde nicht aufgerufen.
]
Error: (10/19/2015 07:02:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance(CLSID_VSSCoordinator)" ist ein unerwarteter Fehler aufgetreten. hr = 0x800401f0, CoInitialize wurde nicht aufgerufen.
.
Error: (10/19/2015 07:02:34 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "Coordinator" kann nicht gestartet werden. [0x800401f0, CoInitialize wurde nicht aufgerufen.
]
Error: (10/18/2015 08:25:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/18/2015 08:25:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/18/2015 08:25:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „soluteGmbH.billiger.deforLenovo_r04g846gqtkq0!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/18/2015 08:01:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOPC)
Description: Bei der Aktivierung der App „soluteGmbH.billiger.deforLenovo_r04g846gqtkq0!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (10/19/2015 03:19:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/19/2015 03:19:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.
Error: (10/19/2015 03:18:23 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error: (10/19/2015 03:18:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (10/19/2015 03:17:33 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOPC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/19/2015 03:17:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/19/2015 03:17:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/19/2015 03:17:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/19/2015 03:17:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "lxec_device" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/19/2015 03:17:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NitroPDFDriverCreatorReadSpool9" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2015-06-25 10:16:11.587
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-19 07:39:21.125
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD A10-6700 APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 7358.7 MB
Verfügbarer physikalischer RAM: 4890.65 MB
Summe virtueller Speicher: 14782.7 MB
Verfügbarer virtueller Speicher: 12250.05 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:835.48 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: () (Fixed) (Total:186.3 GB) (Free:17.84 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E4621F56)
Partition: GPT.
========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 3F8BD79B)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 1521 KB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Matthias, ich danke dir herzlichst für deine schnelle und kompetente Hilfe. Kannst du mir evtl. noch sagen, was der Trojaner ausspioniert hat? Ich habe in meiner Router/Modem log einige Angriffe gefunden: 19.10.2015 13:13:54DoS(Denial of Service) Angriff SYN Flood to Host wurde entdeckt. (FW101) 19.10.2015 13:08:50DoS(Denial of Service) Angriff SYN Flood to Host wurde entdeckt. (FW101) 19.10.2015 12:44:12DoS(Denial of Service) Angriff SYN Flood to Host wurde entdeckt. (FW101) 19.10.2015 12:19:11DoS(Denial of Service) Angriff TCP-SYN with data wurde entdeckt. (FW101) Kann es ein, dass diese mit dem Trojaner zu tun hatten? |
|
19.10.2015, 14:43
| #8 | ||
| /// TB-Ausbilder | rundll32.exe verursacht massiven TrafficZitat:
Zitat:
Zur Kontrolle bitte noch HitmanPro ausführen: Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
|
|
19.10.2015, 18:08
| #9 |
| | rundll32.exe verursacht massiven Traffic Nachfolgend das Log von HitmanPro Code:
ATTFilter HitmanPro 3.7.10.250
www.hitmanpro.com
Computer name . . . . : LENOVOPC
Windows . . . . . . . : 6.3.0.9600.X64/4
User name . . . . . . : LENOVOPC\Josef
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2015-10-19 19:03:02
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 20s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 1
Objects scanned . . . : 2.085.144
Files scanned . . . . : 52.418
Remnants scanned . . : 625.359 files / 1.407.367 keys
Miniport ____________________________________________________________________
Primary
DriverObject . . . : FFFFE0012DDE22E0
DriverName . . . . : \Driver\amd_sata
DriverPath . . . . : \SystemRoot\System32\drivers\amd_sata.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFE0012EE132C0 +0
Solution
DriverObject . . . : FFFFE0012DDE22E0
DriverName . . . . : \Driver\amd_sata
DriverPath . . . . : \SystemRoot\System32\drivers\amd_sata.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFF800054023C0 \SystemRoot\System32\drivers\storport.sys+9152
Suspicious files ____________________________________________________________
C:\Users\Josef\Desktop\FRST64.exe
Size . . . . . . . : 2.196.992 bytes
Age . . . . . . . : 0.2 days (2015-10-19 13:39:08)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 5A08C26FE732502F3812AE5F297D676EED72307534EEB08544C5A5D825616080
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
"Datei nicht gefunden oder keine Leseberechtigung" wenn ich diese zu einem .zip Archiv komprimieren will. |
|
20.10.2015, 15:09
| #10 | |
| /// TB-Ausbilder | rundll32.exe verursacht massiven TrafficZitat:
Entpacke die .zip Datei und starte die Datei GrantPerms64.exe Gib in das kleine Textfeld folgendes ein: Code:
ATTFilter C:\FRST\Quarantine
Schließe GrantPerms. Versuche nun erneut nach der Anleitung, eine .zip Datei zu erstellen und mir diese hochzuladen. |
|
20.10.2015, 20:02
| #11 |
| | rundll32.exe verursacht massiven Traffic Guten Abend M-K-D-B, ich möchte mich nochmals bei dir für deine schnelle und kompetente Hilfe bedanken. Mit GrantPerms hat es nun funktioniert. Ich habe die Datei hochgeladen. |
|
21.10.2015, 13:18
| #12 | ||||||||
| /// TB-Ausbilder | rundll32.exe verursacht massiven Traffic Bei der Malware handelt es sich um einen Trojaner, der in der Lage ist, andere Schadsoftware nachzuladen. Prinzipiell ist es auch möglich, dass Daten von deinem Rechner an den Angreifer gesendet wurden. Daher empfehle ich dir, alle Passwörter zu ändern. Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
21.10.2015, 20:42
| #13 |
| | rundll32.exe verursacht massiven Traffic Nochmals Danke. Jetzt rennt alles wieder perfekt ;-). Kannst das Thema löschen :-) |
|
22.10.2015, 12:23
| #14 |
| /// TB-Ausbilder | rundll32.exe verursacht massiven Traffic Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
und 
und speichere die Logdatei auf Deinem Desktop.
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
