| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop mit Windows 10 hängtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.11.2015, 20:52
| #1 |
 |  Laptop mit Windows 10 hängt Hallo zusammen, mein Acer Laptop mit 64 bit Betriebssystem hat Windows 10 Home drauf und läuft mit Panda Free Anti Virus. Beim Versuch mein neues Tablet zu rooten habe ich mir leider wohl eine ganze Menge Mist auf den Rechner gezogen: Jetzt läuft er recht langsam, die Maus läuft manchmal wie in Zeitlupe und auch Chrome ist recht lahm. Habe schonmal MBAM und FRST laufen lassen. Viel anzufangen weiß ich mit den Logfiles allerdings nicht. Deswegen schonmal danke vorab an denjenigen, der sich meinem Problem annimmt! Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 30.11.2015 Suchlaufzeit: 20:09 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.11.30.04 Rootkit-Datenbank: v2015.11.26.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Sebastian Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 377074 Abgelaufene Zeit: 34 Min., 5 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 1 PUP.Optional.WinYahoo, C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi, , [d953434109822610e30a00b0f40f7f81], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
durchgeführt von Sebastian (Administrator) auf CHEMICALWORLD (30-11-2015 20:28:14)
Gestartet von C:\Users\Sebastian\Downloads
Geladene Profile: Sebastian & (Verfügbare Profile: Sebastian)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
() C:\Flashtool\FlashTool64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{821D7D0C-7B9E-914C-9BAD-BE2CAD7C255F}\YSearchSetTool.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-07-29] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-24] (BillP Studios)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [Google Update] => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc.)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-24] (BillP Studios)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc.)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-08-17]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1724859f-46f9-4f12-a3e2-cf0bb1297a22}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.skygo.sky.de/sport/live-planer/alle/liveplanner/sportsection/123.html
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.skygo.sky.de/sport/live-planer/alle/liveplanner/sportsection/123.html
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001 -> DefaultScope {A63E47FD-E6C3-49DE-BFAB-C9F5B99EFED5} URL =
SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001 -> {A63E47FD-E6C3-49DE-BFAB-C9F5B99EFED5} URL =
SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001 -> {B06F9FF8-F6EF-42B8-B6CC-85BB1240B0B1} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {A63E47FD-E6C3-49DE-BFAB-C9F5B99EFED5} URL =
SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A63E47FD-E6C3-49DE-BFAB-C9F5B99EFED5} URL =
SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B06F9FF8-F6EF-42B8-B6CC-85BB1240B0B1} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-29] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-29] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904
FF Homepage: hxxps://de.yahoo.com/?type=orcl_hpset
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904\searchplugins\yahoo-ysp.xml [2015-11-29]
FF Extension: New Tab by Yahoo - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [ist nicht signiert]
Chrome:
=======
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Cast) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-21]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25]
CHR Extension: (Cloud Internet Explorer by IE-On-Chrome) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\enbepfpjlejecgbmaijolhgjmpkiimcd [2015-11-10]
CHR Extension: (Google Play Musik) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Store) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07]
CHR HKU\S-1-5-21-1137542381-2127988082-735095979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sebastian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-25]
CHR HKU\S-1-5-21-1137542381-2127988082-735095979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sebastian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-25]
CHR HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-06] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-12] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2013-02-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-18] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-29] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-15] (Sony Mobile Communications)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-30] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-29] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-30 20:28 - 2015-11-30 20:30 - 00033081 _____ C:\Users\Sebastian\Downloads\FRST.txt
2015-11-30 20:28 - 2015-11-30 20:28 - 00000000 ____D C:\FRST
2015-11-30 20:14 - 2015-11-30 20:24 - 02350080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2015-11-30 20:08 - 2015-11-30 20:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 20:08 - 2015-11-30 20:08 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-11-30 20:08 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 20:08 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-30 20:07 - 2015-11-30 20:08 - 00001175 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-11-30 20:07 - 2015-11-30 20:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-11-30 20:07 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-30 19:53 - 2015-11-30 19:53 - 00016148 _____ C:\WINDOWS\system32\CHEMICALWORLD_Sebastian_HistoryPrediction.bin
2015-11-29 14:54 - 2015-11-29 14:54 - 00000000 ____D C:\Users\Sebastian\AppData\Local\YSearchUtil
2015-11-29 14:54 - 2015-11-29 14:54 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-11-29 14:15 - 2015-11-29 14:15 - 02880770 _____ C:\Users\Sebastian\Downloads\EasyRootTool v12.4 (1).zip
2015-11-29 14:06 - 2015-11-29 14:06 - 00000000 ___HD C:\OneDriveTemp
2015-11-29 13:18 - 2015-11-29 13:19 - 1107094019 _____ C:\Users\Sebastian\Downloads\SGP521_17.1.A.2.69_1281-5556.ftf
2015-11-25 22:41 - 2015-11-25 22:41 - 15106048 _____ C:\Users\Sebastian\Downloads\Z2Tab_DooMLoRD_AdvStkKernel_LTE-v03_17.1.1.A.0.402.img
2015-11-25 22:28 - 2015-11-25 22:28 - 14783449 _____ C:\Users\Sebastian\Downloads\z2_tab_files (1).zip
2015-11-25 21:15 - 2015-11-25 21:09 - 19128121 _____ C:\Users\Sebastian\Desktop\SGP521_23.4.A.1.232_XZDRKernel2.8.21-RELEASE.flashable.zip
2015-11-25 21:08 - 2015-11-25 21:09 - 19128121 _____ C:\Users\Sebastian\Downloads\SGP521_23.4.A.1.232_XZDRKernel2.8.21-RELEASE.flashable.zip
2015-11-25 21:07 - 2015-11-25 21:41 - 1555099209 _____ C:\Users\Sebastian\Downloads\SGP521_23.4.A.1.232_RedOracle - Central Europe 3 1282-0228.ftf
2015-11-25 20:46 - 2015-11-25 20:46 - 04015219 _____ C:\Users\Sebastian\Downloads\BETA-SuperSU-v2.52.zip
2015-11-25 20:38 - 2015-11-25 20:38 - 18964480 _____ C:\Users\Sebastian\Downloads\boot.img
2015-11-22 01:35 - 2015-11-19 15:22 - 00008402 _____ C:\Users\Sebastian\Desktop\install.sh
2015-11-22 01:35 - 2015-11-19 15:22 - 00008178 _____ C:\Users\Sebastian\Desktop\install.bat
2015-11-22 01:35 - 2015-11-19 15:22 - 00000757 _____ C:\Users\Sebastian\Desktop\READ_ME_FIRST.txt
2015-11-22 01:35 - 2015-11-19 15:22 - 00000310 _____ C:\Users\Sebastian\Desktop\backupstockbinaries.sh
2015-11-22 01:35 - 2015-11-19 15:22 - 00000000 ____D C:\Users\Sebastian\Desktop\tmp
2015-11-22 01:35 - 2015-11-19 15:22 - 00000000 ____D C:\Users\Sebastian\Desktop\system
2015-11-21 23:26 - 2014-06-03 12:50 - 00012639 _____ C:\Users\Sebastian\Desktop\sa0111adb86.cat
2015-11-21 23:26 - 2014-06-03 12:50 - 00012495 _____ C:\Users\Sebastian\Desktop\sa0111adba64.cat
2015-11-21 23:26 - 2014-06-02 10:50 - 00009995 _____ C:\Users\Sebastian\Desktop\sarndis86.cat
2015-11-21 23:25 - 2015-11-21 23:26 - 04837226 _____ C:\Users\Sebastian\Downloads\Xperia_Z2_Tablet_driver_R2.zip
2015-11-21 23:01 - 2015-11-23 20:19 - 00000000 ____D C:\Flashtool
2015-11-21 22:38 - 2015-11-29 14:21 - 00000000 ____D C:\Users\Sebastian\.flashTool
2015-11-21 21:38 - 2015-11-21 22:29 - 138459335 _____ (Androxyde) C:\Users\Sebastian\Downloads\flashtool-0.9.19.8-windows.exe
2015-11-21 15:30 - 2015-11-21 15:33 - 1596969401 _____ C:\Users\Sebastian\Downloads\SGP521_23.4.A.1.200_R3C_Germany Generic_1282-2019.ftf
2015-11-21 14:44 - 2015-11-21 14:46 - 1602563441 _____ C:\Users\Sebastian\Downloads\SGP521_23.4.A.1.232_Customized_DE.ftf
2015-11-21 14:27 - 2015-11-21 14:28 - 09989712 _____ (MEGA Limited) C:\Users\Sebastian\Downloads\MEGAsyncSetup (1).exe
2015-11-20 23:15 - 2015-11-20 23:15 - 00000000 ____D C:\Users\Sebastian\.swt
2015-11-20 17:06 - 2015-11-20 17:08 - 118773384 _____ (Androxyde) C:\Users\Sebastian\Downloads\flashtool-0.9.14.0-windows.exe
2015-11-20 16:04 - 2010-12-19 14:52 - 00000000 ____D C:\adb-tools
2015-11-20 16:02 - 2015-11-20 16:03 - 35844368 _____ C:\Users\Sebastian\Downloads\adb-tools.zip
2015-11-20 14:49 - 2015-11-20 14:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-11-20 14:18 - 2015-11-20 14:18 - 00001296 _____ C:\Users\Sebastian\Downloads\downloadinf_v1.01 (5).zip
2015-11-20 14:16 - 2015-11-20 14:16 - 00001296 _____ C:\Users\Sebastian\Downloads\downloadinf_v1.01 (4).zip
2015-11-20 14:07 - 2015-11-25 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2015-11-20 14:07 - 2015-11-20 14:07 - 00001296 _____ C:\Users\Sebastian\Downloads\downloadinf_v1.01 (3).zip
2015-11-20 14:06 - 2015-11-20 16:08 - 00000000 ____D C:\Program Files (x86)\Android
2015-11-20 14:01 - 2015-11-20 14:01 - 00001296 _____ C:\Users\Sebastian\Downloads\downloadinf_v1.01 (2).zip
2015-11-20 13:58 - 2014-09-17 12:48 - 00000000 ____D C:\Users\Sebastian\Desktop\usb_driver
2015-11-20 13:57 - 2015-11-20 13:57 - 08682859 _____ C:\Users\Sebastian\Downloads\latest_usb_driver_windows.zip
2015-11-20 13:44 - 2015-11-20 13:46 - 199569958 _____ C:\Users\Sebastian\Downloads\__rzi_0.278
2015-11-20 13:08 - 2015-11-20 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2015-11-20 13:08 - 2015-11-20 13:22 - 00000000 ____D C:\Program Files (x86)\Minimal ADB and Fastboot
2015-11-20 13:07 - 2015-11-20 13:07 - 00767523 _____ (Sam Rodberg ) C:\Users\Sebastian\Downloads\minimal_adb_fastboot_v1.3.1_setup.exe
2015-11-20 12:47 - 2015-11-20 12:47 - 00001296 _____ C:\Users\Sebastian\Downloads\downloadinf_v1.01 (1).zip
2015-11-20 05:29 - 2015-11-20 05:29 - 00728857 _____ C:\Users\Sebastian\Downloads\de.robv.android.xposed.installer_v32_de4f0d.apk
2015-11-20 05:13 - 2015-11-20 05:13 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Android
2015-11-20 05:06 - 2015-11-20 05:11 - 151659917 _____ (Google Inc.) C:\Users\Sebastian\Downloads\installer_r24.4.1-windows.exe
2015-11-20 04:54 - 2015-11-20 04:56 - 199569958 _____ C:\Users\Sebastian\Downloads\__rzi_0.808
2015-11-20 04:18 - 2015-11-20 04:20 - 199569958 _____ C:\Users\Sebastian\Downloads\__rzi_0.326
2015-11-20 04:10 - 2015-11-20 04:10 - 00001296 _____ C:\Users\Sebastian\Downloads\downloadinf_v1.01.zip
2015-11-20 03:14 - 2014-04-14 21:07 - 00000000 ____D C:\Users\Sebastian\Desktop\z2_tab_files
2015-11-20 03:13 - 2015-11-20 03:14 - 14783449 _____ C:\Users\Sebastian\Downloads\z2_tab_files.zip
2015-11-20 02:31 - 2015-11-20 02:18 - 1371483204 _____ C:\Users\Sebastian\Desktop\flashable-prerooted-signed.zip
2015-11-20 02:21 - 2015-11-20 02:21 - 00000000 ____D C:\Users\Sebastian\Desktop\utils
2015-11-20 02:21 - 2008-02-29 03:33 - 03499155 _____ C:\Users\Sebastian\Desktop\xposed-v73-sdk22-arm.zip
2015-11-20 02:20 - 2015-11-19 15:22 - 00000000 ____D C:\Users\Sebastian\Desktop\META-INF
2015-11-20 02:20 - 2008-02-29 03:33 - 2671771648 _____ C:\Users\Sebastian\Desktop\system.ext4
2015-11-20 02:20 - 2008-02-29 03:33 - 09215260 _____ C:\Users\Sebastian\Desktop\dualrecovery.zip
2015-11-20 02:20 - 2008-02-29 03:33 - 04019040 _____ C:\Users\Sebastian\Desktop\SuperSU.zip
2015-11-20 02:06 - 2015-11-20 02:18 - 1371483204 _____ C:\Users\Sebastian\Downloads\flashable-prerooted-signed.zip
2015-11-20 00:11 - 2015-11-29 15:17 - 00002103 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-11-20 00:09 - 2015-11-20 00:09 - 02880770 _____ C:\Users\Sebastian\Downloads\EasyRootTool v12.4.zip
2015-11-19 23:53 - 2015-11-19 23:36 - 24006878 ____N C:\Users\Sebastian\Desktop\TabZ2-lockeddualrecovery2.8.23-RELEASE.combined.zip
2015-11-19 23:52 - 2015-11-19 23:48 - 01260473 ____N C:\Users\Sebastian\Desktop\UPDATE-SuperSU-v2.02.zip
2015-11-19 23:41 - 2015-11-20 13:03 - 00000000 ____D C:\Users\Sebastian\.android
2015-11-19 22:32 - 2015-11-19 22:32 - 00001184 _____ C:\Users\Sebastian\Desktop\MEGAsync.lnk
2015-11-19 22:32 - 2015-11-19 22:32 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-11-19 22:32 - 2015-11-19 22:32 - 00000000 ____D C:\Users\Sebastian\AppData\Local\MEGAsync
2015-11-19 22:32 - 2015-11-19 22:32 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Mega Limited
2015-11-19 22:31 - 2015-11-19 22:31 - 09989712 _____ (MEGA Limited) C:\Users\Sebastian\Desktop\MEGAsyncSetup.exe
2015-11-19 22:30 - 2015-11-19 22:31 - 09989712 _____ (MEGA Limited) C:\Users\Sebastian\Downloads\MEGAsyncSetup.exe
2015-11-19 22:15 - 2015-11-19 22:16 - 00000000 ____D C:\Users\Sebastian\Desktop\root
2015-11-19 22:13 - 2015-11-19 22:14 - 00113099 _____ C:\Users\Sebastian\Downloads\tr.apk
2015-11-19 12:10 - 2015-11-19 12:13 - 00000000 ____D C:\WINDOWS\Panther
2015-11-19 12:10 - 2015-11-19 12:10 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\Program Files\iTunes
2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\Program Files\iPod
2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-13 15:16 - 2015-11-13 15:16 - 00561697 _____ C:\Users\Sebastian\Downloads\Mitgliedsantrag interaktiv.pdf
2015-11-13 15:16 - 2015-11-13 15:16 - 00037488 _____ C:\Users\Sebastian\Downloads\Mitgliedsantrag_Merkblatt_11-2014.pdf
2015-11-13 15:16 - 2015-11-13 15:16 - 00032378 _____ C:\Users\Sebastian\Downloads\Beitragseinzugsermächtigung.pdf
2015-11-11 11:19 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 11:19 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 11:19 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 11:19 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 11:19 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 11:19 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 11:19 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 11:19 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 11:19 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 11:19 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 11:19 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 11:19 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 11:19 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 11:19 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 11:19 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 11:19 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 11:19 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 11:19 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 11:19 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 11:19 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 11:19 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 11:19 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 11:19 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 11:19 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 11:19 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 11:19 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 11:19 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 11:19 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 11:19 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 11:19 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 11:19 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 11:19 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 11:19 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 11:19 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 11:19 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 11:19 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 11:19 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 11:19 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 11:19 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 11:19 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 11:19 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 11:19 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 11:19 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 11:19 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 11:19 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 11:19 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 11:19 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 11:19 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 11:19 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 11:19 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 11:19 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 11:19 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-11 11:18 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 14:41 - 2015-11-10 14:41 - 00005378 _____ C:\Users\Sebastian\Downloads\Antrag-Presseausweis-15.1048204.pdf
2015-11-10 14:33 - 2015-11-10 14:33 - 00035840 _____ C:\Users\Sebastian\Downloads\Formular Passierscheinausgabe 2016 (2).xls
2015-11-10 14:31 - 2015-11-10 14:31 - 00035840 _____ C:\Users\Sebastian\Downloads\Formular Passierscheinausgabe 2016.xls
2015-11-10 14:31 - 2015-11-10 14:31 - 00035840 _____ C:\Users\Sebastian\Downloads\Formular Passierscheinausgabe 2016 (1).xls
2015-11-09 19:26 - 2015-11-09 19:26 - 10096216 _____ (Google Inc.) C:\Users\Sebastian\Downloads\WidevineMediaOptimizerChrome (1).exe
2015-11-09 18:48 - 2015-11-09 18:48 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IDM
2015-11-09 18:48 - 2015-11-09 18:48 - 00000000 ____D C:\ProgramData\IDM
2015-11-09 18:47 - 2015-11-09 18:47 - 10096216 _____ (Google Inc.) C:\Users\Sebastian\Downloads\WidevineMediaOptimizerChrome.exe
2015-11-03 21:29 - 2015-11-03 21:29 - 00000000 ___DL C:\Users\Sebastian\AppData\LocalLow\PlayReady
2015-11-03 20:36 - 2015-11-03 20:36 - 00000000 ____D C:\Users\Sebastian\AppData\Local\CEF
2015-11-03 19:40 - 2015-11-27 19:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 15:03 - 2015-10-31 15:03 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Macromedia
2015-10-31 14:59 - 2015-11-30 20:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-31 14:59 - 2015-11-11 11:22 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-31 14:53 - 2015-10-31 14:53 - 00098719 _____ C:\Users\Sebastian\Downloads\silverlight (1).diagcab
2015-10-31 14:36 - 2015-10-31 14:36 - 13155552 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\Silverlight_x64 (1).exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-30 20:28 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-11-30 20:08 - 2014-01-22 20:54 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Malwarebytes
2015-11-30 20:01 - 2015-07-31 00:24 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Deployment
2015-11-30 19:59 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-30 19:59 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-30 19:56 - 2013-11-23 18:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52BAE3CE-E0CD-4712-AE6A-27340BC859C5}
2015-11-30 01:41 - 2015-08-04 20:27 - 00001164 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA.job
2015-11-30 01:39 - 2013-11-19 11:23 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-29 23:39 - 2013-11-19 11:23 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-29 15:40 - 2014-09-15 13:15 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2015-11-29 15:17 - 2014-09-21 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-11-29 15:17 - 2013-07-03 13:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-29 14:52 - 2014-11-20 21:44 - 00000000 ____D C:\ProgramData\Oracle
2015-11-29 14:52 - 2014-11-20 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-29 14:52 - 2014-11-20 21:44 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-29 14:51 - 2015-09-03 15:26 - 00000000 ____D C:\Users\Sebastian\.oracle_jre_usage
2015-11-29 14:51 - 2014-11-20 21:45 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-29 14:06 - 2014-03-28 18:04 - 00000000 __RDO C:\Users\Sebastian\SkyDrive
2015-11-29 14:05 - 2014-06-27 19:24 - 00000000 __SHD C:\Users\Sebastian\IntelGraphicsProfiles
2015-11-29 14:04 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-29 14:04 - 2015-07-10 10:05 - 01835008 ___SH C:\WINDOWS\system32\config\BBI
2015-11-23 20:23 - 2015-06-11 17:40 - 00000000 ____D C:\Users\Sebastian\Documents\Elisa
2015-11-22 13:37 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-21 23:33 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-21 22:38 - 2015-07-29 22:08 - 00000000 ____D C:\Users\Sebastian
2015-11-20 13:21 - 2015-07-29 22:34 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-20 13:21 - 2015-07-10 17:34 - 00772342 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-20 13:21 - 2015-07-10 17:34 - 00154170 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-19 22:54 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-19 15:22 - 2014-11-09 16:35 - 00000000 ____D C:\Users\Sebastian\Desktop\files
2015-11-16 12:04 - 2014-06-27 16:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-13 16:41 - 2013-11-25 22:03 - 00000000 ____D C:\Users\Sebastian\Documents\Job
2015-11-11 12:04 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 12:04 - 2013-11-19 11:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-03 21:27 - 2014-06-03 20:26 - 00000000 __SHD C:\Users\Sebastian\AppData\LocalLow\EmieUserList
2015-11-03 21:27 - 2014-06-03 20:26 - 00000000 __SHD C:\Users\Sebastian\AppData\LocalLow\EmieSiteList
2015-11-03 21:27 - 2014-06-03 20:26 - 00000000 __SHD C:\Users\Sebastian\AppData\Local\EmieUserList
2015-11-03 21:27 - 2014-06-03 20:26 - 00000000 __SHD C:\Users\Sebastian\AppData\Local\EmieSiteList
2015-11-03 20:35 - 2014-06-03 11:30 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Adobe
2015-11-03 19:41 - 2015-07-31 00:36 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-03 19:40 - 2014-05-24 01:28 - 00000000 ____D C:\ProgramData\Adobe
2015-11-03 19:40 - 2014-05-24 01:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-03 19:20 - 2015-10-04 18:01 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-10-04 18:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 11:13 - 2015-07-29 23:01 - 00002413 _____ C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-01 00:41 - 2014-05-24 03:06 - 00000000 ____D C:\Users\Sebastian\AppData\Local\ElevatedDiagnostics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-02-02 23:12 - 2015-02-02 23:12 - 0448512 _____ (OldTimer Tools) C:\Program Files\TFC.exe
2015-07-25 16:45 - 2015-07-25 16:45 - 0000132 _____ () C:\Users\Sebastian\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-07-11 13:12 - 2014-07-11 13:12 - 0007609 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
2015-07-29 22:04 - 2015-07-29 22:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Sebastian\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Sebastian\AppData\Local\Temp\proxy_vole4945012496934543345.dll
C:\Users\Sebastian\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-28 20:57
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-11-2015
durchgeführt von Sebastian (2015-11-30 20:30:58)
Gestartet von C:\Users\Sebastian\Downloads
Windows 10 Home (X64) (2015-07-29 21:52:30)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1137542381-2127988082-735095979-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1137542381-2127988082-735095979-503 - Limited - Disabled)
Gast (S-1-5-21-1137542381-2127988082-735095979-501 - Limited - Disabled)
Sebastian (S-1-5-21-1137542381-2127988082-735095979-1001 - Administrator - Enabled) => C:\Users\Sebastian
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.2002 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2001 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.2004.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2002 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 486539548.4759644.48.2147344384 - Audible, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
calibre (HKLM-x32\...\{59E75C53-7980-45AD-ADAA-733198B4BF7F}) (Version: 2.0.0 - Kovid Goyal)
ChromecastApp (HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.19.8 - Androxyde)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HID Monitor (HKLM-x32\...\{31923C55-8208-4D0A-8AD6-3AE099A1A741}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.107.06300 (HKLM-x32\...\{12CEF785-A93B-15F6-1604-79E51E920A06}) (Version: 2.12.107.06300 - Sony)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.1.0 - Panda Security)
Panda Free Antivirus (Version: 7.82.00.0000 - Panda Security) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.313.1 - Tracker Software Products Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.16.201511171525 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.297 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.297 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Ultimate EPubsoft DRM Removal 8.5.5 (HKLM-x32\...\{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}) (Version: 8.5.5 - EPUBSOFT)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.0.2014.0 - BillP Studios)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
==================== Wiederherstellungspunkte =========================
09-11-2015 23:23:20 Geplanter Prüfpunkt
16-11-2015 13:54:40 Windows Update
19-11-2015 23:12:41 Wiederherstellungsvorgang
25-11-2015 19:55:02 Removed Microsoft Silverlight
25-11-2015 19:57:13 Removed Bonjour
28-11-2015 22:17:50 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-05-30 22:12 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {050239EC-8061-4E36-99DB-05AC33ED6B74} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {12961FFE-54D0-41E5-BC08-48897D3A836F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {16D1098A-A8E1-4D46-82CC-E730C469FA18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {3CBA2C9B-C5BC-4F5B-BA98-CCA145CA91E8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6246029B-44B2-4BF1-9B36-9E4CC6B00739} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {6726422F-B0C6-4477-8DFF-58823636C76D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-12-06] (Acer Incorporated)
Task: {675C8EFE-4164-414E-870C-6DBA51E5045E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {6E2A6D95-6070-4912-BE17-5EF3B32D9648} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {703D4BF8-023E-405A-96EB-1C7C784E071C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {719F5CCF-26AA-458F-B5D3-2CC48E95B950} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {72D20222-5DA7-4D33-8EFE-49D9A0F07E0E} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {84305704-F602-49C3-A7E2-493475BC5D1D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-08-11] (Microsoft Corporation)
Task: {88FC726F-3744-468A-8B40-BF858D4A06E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {99BA225D-5B57-4301-A543-170D52CB0F01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A40C7446-846C-4275-A192-8857F1D9FE32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {B15B1300-AFC3-47FD-9C55-818E96A1D639} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B6625876-4036-43C2-806A-00C043B3A260} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {B7ACEEB9-B854-4B7A-B2B2-18870C40C8D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001Core => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {C02348C5-9990-45CB-B7E0-BD37582CB368} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {C18259EF-56A6-4257-9A5C-4DB31FB8BDC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C55D4163-FC3E-4E14-9DCB-A3917A807EC3} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C9A4AB39-5C6D-4F75-9380-297BF02BEA16} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {D8A6A533-E1E9-4CF4-BA49-9C93820EBF5A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {DA52E2F0-8665-452A-A9AE-B3840B11DA98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DBD484D3-3F4B-480F-90D9-AD4C63CF9B8C} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {DD15A4B5-F0EB-414A-B778-BD8454D37CE1} - System32\Tasks\{30535103-F6E1-4BFD-ACE7-6E9B0CE64FB2} => pcalua.exe -a C:\Users\Sebastian\Downloads\ID_CS2_GR_NonRet.exe -d C:\Users\Sebastian\Downloads
Task: {DF47DEFA-AEDB-4AF1-A6B1-480BCCAB4938} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001Core.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-29 22:52 - 2015-07-29 22:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 13:12 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-01 15:59 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 15:59 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 15:13 - 2014-05-01 15:13 - 00470016 _____ () C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll
2013-09-09 13:01 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-10-01 15:59 - 2015-09-17 06:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-01 15:58 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 15:58 - 2015-09-17 06:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-01 15:58 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 15:58 - 2015-09-17 06:43 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-01 15:58 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 15:58 - 2015-09-17 07:04 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 15:59 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 15:58 - 2015-09-17 06:49 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-10-01 15:59 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-29 22:52 - 2015-07-29 22:52 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-07-29 22:52 - 2015-07-29 22:52 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node
2015-07-10 12:00 - 2015-07-10 17:45 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00961536 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00204288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-07-10 12:00 - 2015-07-10 17:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-29 22:52 - 2015-07-29 22:52 - 00074240 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.networking\bin\NodeRT_Windows_Networking.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00124416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2015-09-29 17:10 - 2015-09-29 17:10 - 00314368 _____ () C:\Flashtool\FlashTool64.exe
2015-11-21 08:20 - 2015-11-21 08:20 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-11-21 08:20 - 2015-11-21 08:20 - 11526656 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 11:43 - 2015-11-20 11:43 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-09-21 13:01 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-11-26 20:11 - 2015-11-26 20:11 - 03494400 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-02-09 21:29 - 2013-12-24 23:14 - 00642016 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2013-09-09 13:01 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-05-01 15:15 - 2014-05-01 15:15 - 00463360 _____ () C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll
2015-11-12 14:22 - 2015-11-07 05:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-12 14:22 - 2015-11-07 05:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2013-09-09 12:22 - 2013-02-18 06:38 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-21 13:01 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-09-21 13:01 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 00093568 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2015-09-07 16:01 - 2015-09-07 16:01 - 00056704 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2014-09-21 13:01 - 2015-04-21 12:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2015-09-07 15:59 - 2015-09-07 15:59 - 00237440 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 00143232 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 00167296 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2015-09-07 16:02 - 2015-09-07 16:02 - 00212352 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2014-09-21 13:01 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2015-11-06 11:46 - 2015-11-06 11:46 - 02385280 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2013-02-18 14:45 - 2013-02-18 14:45 - 00452096 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Calendar.dll
2015-10-22 12:13 - 2015-10-22 12:13 - 00823168 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-11-18 11:17 - 2013-11-18 11:17 - 00144640 _____ () C:\Program Files (x86)\Acer\Acer Docs Office AddIn\AcerWordAddin.dll
2015-07-31 00:24 - 2015-07-31 00:24 - 00038112 _____ () C:\Users\Sebastian\AppData\Local\assembly\dl3\VV0NH808.PKO\NXB6JLDH.OQC\85e393a0\00241d04_acdfcd01\WordAddIn.DLL
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\100sexlinks.com -> 100sexlinks.com
Da befinden sich 5317 mehr Seiten.
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> 100sexlinks.com
Da befinden sich 5317 mehr Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\caspar-david-friedrich-der-monch-am-meer-der-monch-am-meer.jpg
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\caspar-david-friedrich-der-monch-am-meer-der-monch-am-meer.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0214c"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0214c"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Sony PC Companion"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{08B0DADE-F5AF-4FEE-B222-9D1F9CA1674B}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{A7713674-9AE4-487E-8F3C-1A3F09616C34}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{258C9A66-D65B-4D04-A981-738F5CC9F89F}] => (Allow) LPort=1900
FirewallRules: [{0740175D-3B68-4615-B172-48C84D00FCA5}] => (Allow) LPort=2869
FirewallRules: [{57E6E213-6364-405E-9E81-76E51EF48813}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{92913F68-4B4C-4404-B861-516763E14686}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{A413FD5D-F951-4A8E-BB42-7B2AF6BBC4C3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{09C5739E-59BB-4408-85F1-E26FF932A56D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{44F53036-DE68-4DE8-964C-C1FAFB6B2465}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{FE8C8649-AE5C-4207-A161-E3AEC91AF5C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A2A356C-2EBC-436E-A331-2E6CC873A535}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D852A01-39BB-420B-BEA9-0E5E38A192AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B295BAD-4ED5-4863-BA03-0EAC677C2828}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{8B04EE6A-8393-4E5D-BBBE-D050B72ED6FC}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{BA4A3EC9-7077-4C58-8DAC-3CB249D8D053}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B7A69F55-1493-4218-A936-5CCA34D03996}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{37DC4800-C06B-4743-923C-94E0B77432F3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{9A344EC6-E90E-41DE-A4C9-1EB0959C6988}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{F70DB652-DC66-4D1E-8A40-1C45E3973E4B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{73B8392B-261E-494D-9551-AE844FEE4F2F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{CB1EFA0A-2F27-486E-B514-B141CA0988A6}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{E9EFEFF8-3840-458F-88C8-D027F205B63A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{81B8F512-CB08-43AA-BB94-05DBEA67730E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{AFB42729-9013-4D3A-B7A9-2AFD0F5860DA}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{7C9F8659-8C4D-4737-B83A-B848581025AE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{E6ED67D8-0DBF-414B-8473-32D783B15C38}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{72707831-8D9D-41DE-BB1D-332DF3ACF85B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{A473CBE5-B1AA-4EA9-BA43-B6BFD64830F3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{0BF695B0-12FC-47B4-AA1B-3144DF34F430}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{A5C31CF7-785E-47F3-92AC-35FF11F716BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{B7E3DC7D-72D9-4644-B799-EEB8E26BAA78}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{E2CC49C7-A7C1-4BE8-979B-F80A6E243718}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{D8722001-B5A4-4715-A7D0-E688495CB149}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{881AE928-4763-4083-90D8-809C3C8D8F64}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{80EB33EF-6788-4B99-8DBA-6C998025484F}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{E8126C62-560B-4A4D-A824-D4F52F11177C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{35767A33-008A-49A5-B0AB-897DA70412A3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{603BFC61-9037-4D31-99EC-4B01DE0D0869}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3F68929C-5858-4540-90DA-8557A4125B3B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{E5B36476-F663-452B-83DD-69C40D709C8B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{BCAB0193-AE02-43A3-8A80-94FB94C64FAC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{79D3AD6A-BD2F-46A7-A415-BA8CB006A79C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{1CCC6D7A-2B94-4BFE-877B-69CED4127195}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BAA03EBE-447E-4C44-A694-8F8A9434B341}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{400948F9-77AF-4AAA-B863-C5A77C749149}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{B75B4F8A-948A-4379-9BB8-BA3A17855C10}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{CC1F09E0-432C-4C9C-B2F8-46B22B9E9CF9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{9C900CF0-FBB9-4507-8D69-0C1C989BE6B4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{20C7BE15-1AF4-4E89-B7B7-A671C706224C}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2214EC07-082B-4563-A108-C9CA3F42BB84}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{8BB7153F-9B33-4239-B396-1C0840D6D2D2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{4A960E85-0FFE-4B7B-887F-F2D2ADFBA016}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{09C1FB59-BC6D-4EC8-BD97-15E42EF2078E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{1727CECE-4023-4B8F-9CED-F0D56419FD52}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{3D209863-22AA-40E8-BEDD-C88E388F4477}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{1CD6182F-78CC-45F8-8259-2884DEBCDBF6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{D5833126-7A6E-4319-8316-CDFBE0621595}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46112966-A5C5-4386-9C6A-135C03D9908E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{924A3F0C-9891-4FCB-BC4F-C09EF0D9AE5C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E578D48A-2C74-48D1-A615-736FDC4AA123}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EF090A5C-3F32-4658-B521-329F4FF5AFA7}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{41633633-02E9-4220-BE90-38279A2E2C7C}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/29/2015 08:53:43 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1240) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (11/29/2015 08:53:43 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1240) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (11/29/2015 08:53:33 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1240) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (11/29/2015 08:53:33 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1240) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (11/29/2015 08:53:23 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1240) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (11/29/2015 08:53:23 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1240) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (11/29/2015 08:53:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1240) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (11/29/2015 08:53:12 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1240) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (11/29/2015 08:53:02 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1240) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (11/29/2015 08:53:02 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1240) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Systemfehler:
=============
Error: (11/29/2015 06:42:44 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (11/29/2015 02:06:25 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/29/2015 02:06:24 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/29/2015 02:06:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/29/2015 02:05:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (11/29/2015 02:05:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Network Activity Hook Server LightWeight Filter Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (11/29/2015 02:03:26 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (11/29/2015 02:02:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_Session1 erreicht.
Error: (11/29/2015 02:02:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Benutzerdatenspeicher _Session1 erreicht.
Error: (11/29/2015 02:02:44 PM) (Source: DCOM) (EventID: 10010) (User: CHEMICALWORLD)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU 2127U @ 1.90GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 3971.27 MB
Verfügbarer physikalischer RAM: 1498.11 MB
Summe virtueller Speicher: 5939.15 MB
Verfügbarer virtueller Speicher: 2489.39 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:449.11 GB) (Free:221.53 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 29EE9349)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
01.12.2015, 07:40
| #2 |
| /// the machine /// TB-Ausbilder    | Laptop mit Windows 10 hängt hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
01.12.2015, 20:53
| #3 |
| | Laptop mit Windows 10 hängtCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.12.01.04
rootkit: v2015.11.26.01
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16590
Sebastian :: CHEMICALWORLD [administrator]
01.12.2015 19:37:20
mbar-log-2015-12-01 (19-37-20).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 378054
Time elapsed: 40 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 20:36:34.0488 0x1ad8 TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
20:36:34.0488 0x1ad8 UEFI system
20:37:06.0118 0x1ad8 ============================================================
20:37:06.0118 0x1ad8 Current date / time: 2015/12/01 20:37:06.0118
20:37:06.0118 0x1ad8 SystemInfo:
20:37:06.0118 0x1ad8
20:37:06.0118 0x1ad8 OS Version: 10.0.10240 ServicePack: 0.0
20:37:06.0118 0x1ad8 Product type: Workstation
20:37:06.0118 0x1ad8 ComputerName: CHEMICALWORLD
20:37:06.0118 0x1ad8 UserName: Sebastian
20:37:06.0118 0x1ad8 Windows directory: C:\WINDOWS
20:37:06.0118 0x1ad8 System windows directory: C:\WINDOWS
20:37:06.0118 0x1ad8 Running under WOW64
20:37:06.0118 0x1ad8 Processor architecture: Intel x64
20:37:06.0118 0x1ad8 Number of processors: 2
20:37:06.0118 0x1ad8 Page size: 0x1000
20:37:06.0118 0x1ad8 Boot type: Normal boot
20:37:06.0118 0x1ad8 ============================================================
20:37:06.0681 0x1ad8 KLMD registered as C:\WINDOWS\system32\drivers\68651603.sys
20:37:07.0266 0x1ad8 System UUID: {AD9E801A-CE69-FD46-4BF9-A19F2BC3A7F7}
20:37:08.0329 0x1ad8 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:37:08.0345 0x1ad8 ============================================================
20:37:08.0345 0x1ad8 \Device\Harddisk0\DR0:
20:37:08.0345 0x1ad8 GPT partitions:
20:37:08.0345 0x1ad8 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5E38CCA3-DBE5-42EB-A161-BCFCC9DB9D77}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
20:37:08.0345 0x1ad8 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B47AC8DE-0818-4995-B663-D74E5A9325A0}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
20:37:08.0345 0x1ad8 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AFD03256-2134-425C-9570-B5603F26AF02}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
20:37:08.0345 0x1ad8 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {401E00D2-6845-427E-B655-11B51469A1F7}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x38238800
20:37:08.0345 0x1ad8 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {28342971-6D8A-48D8-A01F-90F5F19D4549}, Name: , StartLBA 0x383D7000, BlocksNum 0xAF000
20:37:08.0345 0x1ad8 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7A76BD15-2CF6-40E4-9C51-D4C371C92C88}, Name: Basic data partition, StartLBA 0x38486000, BlocksNum 0x1F00000
20:37:08.0345 0x1ad8 MBR partitions:
20:37:08.0345 0x1ad8 ============================================================
20:37:08.0392 0x1ad8 C: <-> \Device\Harddisk0\DR0\Partition4
20:37:08.0392 0x1ad8 ============================================================
20:37:08.0392 0x1ad8 Initialize success
20:37:08.0392 0x1ad8 ============================================================
20:38:19.0853 0x1840 ============================================================
20:38:19.0853 0x1840 Scan started
20:38:19.0853 0x1840 Mode: Manual; SigCheck; TDLFS;
20:38:19.0853 0x1840 ============================================================
20:38:19.0853 0x1840 KSN ping started
20:38:22.0241 0x1840 KSN ping finished: true
20:38:28.0585 0x1840 ================ Scan system memory ========================
20:38:28.0585 0x1840 System memory - ok
20:38:28.0585 0x1840 ================ Scan services =============================
20:38:28.0835 0x1840 [ 22CE801AD25C51E2553F41A076BB0CB2, 0520216417F1619FB642734EC937C59D5E79A24306C1E9B793C82FAE077851E6 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
20:38:29.0148 0x1840 1394ohci - ok
20:38:29.0164 0x1840 [ 2C49A2441EBB24C6ACFB524C1459115F, 0ABACB6F21C41C0297994E61F1BFABB3905AF6B569D0446FE8E174EB9225B8EF ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
20:38:29.0195 0x1840 3ware - ok
20:38:29.0289 0x1840 [ B87D3D07FE6F15328C6860D542F0E2BD, 46CF069EDD7DBFB4DB800BABA3081DAB363DD2CFD724AFF5916D3419F62A3574 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
20:38:29.0382 0x1840 ACPI - ok
20:38:29.0429 0x1840 [ 1E3C4EDBB7F3F668B7205E351010BB79, A3CA12F72836C4F77B671264828B370B9EBA9CD71110E2C0514994760B6B12FF ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
20:38:29.0460 0x1840 acpiex - ok
20:38:29.0476 0x1840 [ 13B1C26AEDCB40082CDD97506F968129, 883442206B4C60AA493E84CC3037B6C1568441E1F43D2B1FCBFD8D87D135D511 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
20:38:29.0523 0x1840 acpipagr - ok
20:38:29.0554 0x1840 [ B3D64FF927D611721DA73A61BF3A18B3, 96B51AFDC3078B5088AAF66F0CF3E07D2FCBBC84A19D309A25DF0A5C6CECB958 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
20:38:29.0695 0x1840 AcpiPmi - ok
20:38:29.0726 0x1840 [ 19F793B2203D94AC1F8AEDB08B494E2E, DC98CCF9935E1F1C32FA88575A9A678B74916EFF48E39A64CF1FF92232F64A52 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
20:38:29.0773 0x1840 acpitime - ok
20:38:29.0929 0x1840 [ 6F87D122342EA80DBECA387D7AE1CB6F, 3911E36C3895450F65FA31B7F8747E16F7804C748B0C6DDEF59DF83B4F5EE246 ] AdobeActiveFileMonitor13.0 C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
20:38:29.0960 0x1840 AdobeActiveFileMonitor13.0 - ok
20:38:30.0085 0x1840 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:38:30.0101 0x1840 AdobeARMservice - ok
20:38:30.0257 0x1840 [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:38:30.0289 0x1840 AdobeFlashPlayerUpdateSvc - ok
20:38:30.0336 0x1840 [ 2A24E10C1A1DE0E0035E353EED494A1C, CBBFA86578BE74CAADDCA923D65E3BFFC57BC17B887936ADE5C6952530546A22 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:38:30.0430 0x1840 ADP80XX - ok
20:38:30.0477 0x1840 [ A3D96563BF46FC8A0E5756B796127D14, BAD3C30714F6514D2AF725077A79FF671CC022E415786E1666C0B7C24CE3670A ] AFD C:\WINDOWS\system32\drivers\afd.sys
20:38:30.0523 0x1840 AFD - ok
20:38:30.0570 0x1840 [ EF09D07626820F7F89519514C17FE768, C3EC1DC163CD5946270ED876CD414889BBF2C586A8AF5DC7825FA5D77001E827 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
20:38:30.0602 0x1840 agp440 - ok
20:38:30.0617 0x1840 [ 8A289EF0721F95267BF2404BABEE146D, E263D258F03DF3BB405D49AE7230C37E7EB8F392FDEE48059C7C1E3709520D35 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:38:30.0758 0x1840 ahcache - ok
20:38:30.0805 0x1840 [ C301499987AF909258774AE9DC5778BB, 3ED539C999847116AE9DB9C8C5A34AB09703BAE3018E1EAF6DBC779BB6736F32 ] AJRouter C:\WINDOWS\System32\AJRouter.dll
20:38:30.0961 0x1840 AJRouter - ok
20:38:31.0023 0x1840 [ DD69535D379F9E40AD0D6002887AAA99, 579DD18CE2B264B4058C6069B8AEE6FD9FE6A882B7DA19E300DFE40B37A4E5BE ] ALG C:\WINDOWS\System32\alg.exe
20:38:31.0133 0x1840 ALG - ok
20:38:31.0164 0x1840 [ 6763084E8322A4876D1613854640F914, 89EEEB47517A9964FA799821E5E45BDD6009EBDC628D6DADE6A7F03DE7CDA6CD ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
20:38:31.0258 0x1840 AmdK8 - ok
20:38:31.0289 0x1840 [ DE29D8AB57AD67D4940CAB4A48B3E230, 4E92AFCD9107573DAB8E65AC6318E4B8851DCCBE17E135DFF8CF5733210B52E6 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
20:38:31.0336 0x1840 AmdPPM - ok
20:38:31.0352 0x1840 [ 4C1F9BBAF5CCD76D4642F3B92B97B454, 514CCAA8B586B1019658BE101046386EB727AD48D7913AEF9A168763E91F0DE5 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
20:38:31.0367 0x1840 amdsata - ok
20:38:31.0399 0x1840 [ F8195C1A15955180DD663E7FF4C2F6DD, F3C0C6B38FB9478217EE25EBDBDF7A18F01B97655BC38373E70E71171705D5E9 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
20:38:31.0414 0x1840 amdsbs - ok
20:38:31.0430 0x1840 [ DD2F5BBCFAC4D8E48DB1A95A7EEBFF08, 619E3106072C6F785144D785C4AFB4C607CAF7ED29AAA4A1411BE262E62B7ADE ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
20:38:31.0445 0x1840 amdxata - ok
20:38:31.0477 0x1840 [ 46AAF119090573A80D603745582229ED, 8D7C4AED66DD32A104965DC23D17C0815CD1BE2E3D52375C1A63863664EE174F ] AppID C:\WINDOWS\system32\drivers\appid.sys
20:38:31.0492 0x1840 AppID - ok
20:38:31.0524 0x1840 [ 24315B385F515D6D5476757EAFD62633, CE645397BF43CC54B864A0E4FCB86F76C10B9C2D2482E85DBBE15EF7BF045F17 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
20:38:31.0664 0x1840 AppIDSvc - ok
20:38:31.0695 0x1840 [ 2CE396457D5C18F034D243EC7E159010, DDF588A568DF5EAE058DF315535BD746760363E2242EF8C705F8DCBA2D5DA4A7 ] Appinfo C:\WINDOWS\System32\appinfo.dll
20:38:31.0727 0x1840 Appinfo - ok
20:38:31.0820 0x1840 [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:38:31.0836 0x1840 Apple Mobile Device Service - ok
20:38:31.0914 0x1840 [ A8AC0B8ED134888731D1A1BCEF930FA1, 917D2C99CB28C5F20BA386148B6A93541AEF900A9A99D310D732B501322945E5 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
20:38:32.0133 0x1840 AppReadiness - ok
20:38:32.0227 0x1840 [ 43BE4036BC793A48BB0021B0FFF943CF, 233102A2B0D4B0527C6C2894EA5D14D556AD4C00BCFFC4E2B171F8B9DD200BAA ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
20:38:32.0430 0x1840 AppXSvc - ok
20:38:32.0461 0x1840 [ 0756EECAC010BE449D07502DF27E7701, 6A895CA80050D021DB5E130102F626027339A22673B7C15C51A375C0401F03D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
20:38:32.0493 0x1840 arcsas - ok
20:38:32.0508 0x1840 [ A5792F971EFE86B7F56EE7299ED1082B, 82DCD15E2C9D8A3EA663941C9CE73020FEEF2F91354D0BB51E8A142AA1E30217 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
20:38:32.0633 0x1840 AsyncMac - ok
20:38:32.0649 0x1840 [ 8921DF6060DB5C7700AA48CB12E9EA08, 8F18841B454CDE4926C50B23F818D00ECE0AE884DB198E396445CB44CB39B2C4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
20:38:32.0649 0x1840 atapi - ok
20:38:32.0805 0x1840 [ DCE84DFDB3820C6DD91E4257949BBA96, 9FE51498BE8B99C666EDA446871981D74320D52F5E1895B047E28D631D7A58D2 ] athr C:\WINDOWS\System32\drivers\athw8x.sys
20:38:33.0149 0x1840 athr - ok
20:38:33.0211 0x1840 [ 240FF83DD79546B26F187FAB20F83864, C4DC0159016B4A4630357131E614814C068D07BEA94AAF6393E882A78C9FCA1E ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:38:33.0555 0x1840 AudioEndpointBuilder - ok
20:38:33.0618 0x1840 [ 6300722E8527EC54D426FD00EE5196B2, 71376BE797E8F3E2E671167DA400239D5289DE7EE56CF29564C98715B9DB1D09 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
20:38:33.0727 0x1840 Audiosrv - ok
20:38:33.0774 0x1840 [ 2F7F80543129210CA75995D0DCA488E8, 353E598FF26FA363C02A2B44BA8D7D1ED97B8AC8C69F1B5C5D521BD0D5D5AB94 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
20:38:33.0821 0x1840 AxInstSV - ok
20:38:33.0883 0x1840 [ 00D64E82900E4EC9062805ED87C2D75A, 577110F9A7C6C2C4CF86FFF4F60E23F61623ED325FC950033900A5102754A677 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
20:38:33.0930 0x1840 b06bdrv - ok
20:38:33.0961 0x1840 [ 5164A66EC1565711A7B4CF2F143B4979, DA29F0FB63F3EB2BF92D51FEB4BB7D2B964553D2F634556325953927464CB3A5 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:38:34.0133 0x1840 BasicDisplay - ok
20:38:34.0165 0x1840 [ F4C58BBF2972BD84C73F6A14CA35AC4E, B7A226EB861B63ACF4BF9B5A331ACA6FFC9B787DCCAA7697EEFC4F634508A6D5 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
20:38:34.0196 0x1840 BasicRender - ok
20:38:34.0227 0x1840 [ 25349D0B334E528667980948ED107D89, 70EF9D3B8DCAC6E9720C6F3EBC77392FADC182A6925F9024FE30A21321E0137F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
20:38:34.0258 0x1840 bcmfn2 - ok
20:38:34.0290 0x1840 [ DF78B56EEE6004DEE8CE57763128075E, 5758CAF4B0182F3F2E2508B3BB58B0271F2689808D09675B2753FE373D1D77D2 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
20:38:34.0430 0x1840 BDESVC - ok
20:38:34.0477 0x1840 [ 1E8A9267F8886803AAE02982FC1B5BC4, 655DF84E037BD6E582A6BA89737A4388956219171AF7253D126E54A23F16BE59 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:38:34.0587 0x1840 Beep - ok
20:38:34.0649 0x1840 [ 7FAFFFC4C59F5010D6E7CEA152076B92, 945FD6C04E109D4E5A4164BAA9A8120EC85AB809555AAD83E61B9F179F976FD7 ] BFE C:\WINDOWS\System32\bfe.dll
20:38:34.0837 0x1840 BFE - ok
20:38:34.0915 0x1840 [ BD60F5633F6BD617D9ECCA3FFDC0D37E, 2F0DECAEB7096CD628387263381E123C883F483BD87F7F2BA6DEFBB5A184BAA3 ] BITS C:\WINDOWS\System32\qmgr.dll
20:38:35.0227 0x1840 BITS - ok
20:38:35.0258 0x1840 [ C9FD65687EF89715999C582D3E568812, 42BA59A78A47C510CB2AFDC6C6080B33F9F611F84FEE5262DFF16D7633C50EB1 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
20:38:35.0399 0x1840 bowser - ok
20:38:35.0446 0x1840 [ 3A4A543F135DE9A06ABA9DF982D79DD7, ABA165435C27BE15D7EBD3E7D023E295CB7AE2A099DF9E253C78EC45EADD75EA ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:38:35.0633 0x1840 BrokerInfrastructure - ok
20:38:35.0665 0x1840 [ 2AAD720B32904B97EDD8C3211344F79E, 41B1AEA5FAA48033B2581E18D68EFC986C3D65B383847E250C054CE3133A893C ] Browser C:\WINDOWS\System32\browser.dll
20:38:35.0805 0x1840 Browser - ok
20:38:35.0852 0x1840 [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
20:38:35.0883 0x1840 BtFilter - ok
20:38:35.0930 0x1840 [ F8DD3B0EAC1EF1D087AE47E5819540AC, 866C951B52E3202AC89552AEA72A45123367199335578F03815E2ED55DA2FDAE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:38:36.0040 0x1840 BthAvrcpTg - ok
20:38:36.0087 0x1840 [ 647E2A425AD43637EAA01096A58B7089, 8F76D024FEBCBA1AC54363133DE1E0DD5B9D696E5E688EFEBC3B79F7F1B9C568 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
20:38:36.0415 0x1840 BthHFEnum - ok
20:38:36.0462 0x1840 [ B95040CAD3434D9EE003065363A0FAFF, D441E0676EA1AE1ABC305732024311CA59715E6763B3D7ADB728DEEFC403E182 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
20:38:36.0509 0x1840 bthhfhid - ok
20:38:36.0587 0x1840 [ F334BF7B0737CEB3B6822631EAD55A87, 4E5AEB1F8E109BA01A5D1CDE2E3C677FF07F2AFE8B195CB5F82AA28816D2060E ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
20:38:36.0634 0x1840 BthHFSrv - ok
20:38:36.0665 0x1840 [ 29AEE352AED4FCD2191436D263D75347, 3D21262EA26BF423BFA4A9146E53F8B036B2A1157DBE91A11C5603AF7A670B6F ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
20:38:36.0697 0x1840 BTHMODEM - ok
20:38:36.0775 0x1840 [ FCC211B0F46D831506D0D76539203899, A2609658AE36EB0FE4CFAA00684986193FEACED7BA8D869A9DF8D03312E53169 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
20:38:37.0009 0x1840 BTHPORT - ok
20:38:37.0040 0x1840 [ 26DD0127A05B333E36316E6EA9A6AAE2, A2DC4483FF5639EE8DD315AB2989865CA6A6992C578FD7F7D31698A015355941 ] bthserv C:\WINDOWS\system32\bthserv.dll
20:38:37.0134 0x1840 bthserv - ok
20:38:37.0212 0x1840 [ 5866AE46EEF644E6DE5C95942AE419D7, 0726C0845D2BA4247AB26ACF05006F6FA96015158CD49795801BB906DA80C007 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
20:38:37.0556 0x1840 BTHUSB - ok
20:38:37.0572 0x1840 [ 854AF190F55E6D70EC65A85798F896E2, 6D39F9131BE93F934502BA1DB109E7AD35D3987B636F7B32F9C34823DF25746B ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
20:38:37.0728 0x1840 buttonconverter - ok
20:38:37.0759 0x1840 [ A10A1E05A943B10ECE5D57D131B7404D, 71BB816B6841001A4305DF1814926B639265E91895CA5D06284B0970E40CE386 ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
20:38:37.0837 0x1840 CapImg - ok
20:38:37.0978 0x1840 [ 5D329DE5B549D80F6B93B3F241EB14AA, 372D00D8C2D968DF324218A5B4152EAE049F676A85EAC50A6E050FC909105961 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
20:38:38.0072 0x1840 CCDMonitorService - ok
20:38:38.0103 0x1840 [ E41F70406C34F1CB667B4B27D81AD162, 8869C7EB9CBF68B90640765D15DB5B8DACEF45025C1E580AA94D96E32560274B ] ccSet_NARA C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
20:38:38.0119 0x1840 ccSet_NARA - ok
20:38:38.0165 0x1840 [ F2829DC6D292DCAC5029893BB2E9FEE3, AF2A25722D3BE37BABD1F6668786AAF39E9D6CA18CE8E845E63266E218C64526 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:38:38.0197 0x1840 cdfs - ok
20:38:38.0244 0x1840 [ F3A9E38AE23AD4015764AF89E4AE3519, 57ED6AC834177E128720FEC5B5793F35C7C36474E2D787F182B6730933222CC9 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
20:38:38.0369 0x1840 CDPSvc - ok
20:38:38.0385 0x1840 [ CA160E02F35A61C6F5C681FB4669C519, E6BC66156EE226F16804C4FDC8A60EB15CE6212EAFB9FB841FAC899979E140E2 ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
20:38:38.0432 0x1840 cdrom - ok
20:38:38.0463 0x1840 [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
20:38:38.0510 0x1840 CertPropSvc - ok
20:38:38.0541 0x1840 [ 60D7D304DF75DFF6A46CF633F583B592, 4141D8D1C6FE829C02053DA91AC6B0628BDEB3322CAAD4AD958190F9D173340E ] circlass C:\WINDOWS\System32\drivers\circlass.sys
20:38:38.0557 0x1840 circlass - ok
20:38:38.0603 0x1840 [ FF9D4BCE19E5D36CB3A845A3286DA6C3, A0E2C38D629359EEC6F8EEC6F92A3E571AEF018BAF259F395DC497ED4827460B ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
20:38:38.0635 0x1840 CLFS - ok
20:38:38.0697 0x1840 [ 5C4648673693724C8D4A1A92E1AA06E6, 5D548241715687BFA52E40B867EF73CB45D01B7F9A9B7F00B92BF2B4C97BE1D0 ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
20:38:38.0744 0x1840 ClipSVC - ok
20:38:38.0760 0x1840 [ 8EBA63416EC166EBA6EF6D34A505D8C8, 5EB0236ABEA2277B71D9F009DA71934C618606B20BBEC07B8595195E40C12A2B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
20:38:38.0822 0x1840 CmBatt - ok
20:38:38.0853 0x1840 [ 3B64DA873CEA5BEC42570BFF1054A014, 3649B25855CB9BE5BA3B3FEE4221575381FB2D488B8B050B5DD0088386AA0F7B ] CNG C:\WINDOWS\system32\Drivers\cng.sys
20:38:38.0900 0x1840 CNG - ok
20:38:38.0916 0x1840 [ 5EEA0856000F81B3D709BC81B3AA1EF2, C04E4E31D3FC38102BA410D312F58AF848920EE37004A5C306D79229C9B6079A ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
20:38:38.0932 0x1840 cnghwassist - ok
20:38:39.0010 0x1840 [ 74CD3BF688E2B408227FE012A2F2D8ED, CC01AC79CEB9DC94FA5675D66F048928C9968B8944E34F5482A73C14B70EE8A8 ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
20:38:39.0072 0x1840 CompositeBus - ok
20:38:39.0088 0x1840 COMSysApp - ok
20:38:39.0119 0x1840 [ D38774D1D383A2CDB9A4F64B7206913B, 6CDDC46D1D431342F00CA537FC327B23B8AA4D513CEEEE61F3E19C77975DF9C8 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
20:38:39.0244 0x1840 condrv - ok
20:38:39.0291 0x1840 [ 8AFDD74F2DC5BAD9B2215FB19DB65240, A2BDDA4C77C63D3D8E9F1D397D7B41EC1BF093A6399C14D311D4D230B5F1E093 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
20:38:39.0354 0x1840 CoreMessagingRegistrar - ok
20:38:39.0463 0x1840 [ BB812787B838A74943DEF209350C3883, 2C168F48A68644AA3CB6167BEC2A260E3E9C78D0766A15AA0FAA39CDBD7FA040 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:38:39.0526 0x1840 cphs - ok
20:38:39.0573 0x1840 [ 35DB06AACD8AD5999161DA71FF0E16F0, 22AD27811AAD14666ACEF4115447B0CFAA70D1E73923059FB2A9B4C3CBE500A6 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
20:38:39.0682 0x1840 CryptSvc - ok
20:38:39.0729 0x1840 [ F038EAF73AAB72A4A89185A5A7B9FD75, 8213A60B3BEAFC1C554C5D049DFE3C6E44CEFE639EDD6A335AC18A9DAEDA2D4B ] dam C:\WINDOWS\system32\drivers\dam.sys
20:38:39.0744 0x1840 dam - ok
20:38:39.0791 0x1840 [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:38:39.0932 0x1840 DcomLaunch - ok
20:38:39.0994 0x1840 [ 0605AB12BF1856DF21AB708F28EA91CF, 3A6A7F8F84044DC1EA490A007E6DBC52203BA237ECF1B845961D9BB95E9BF8C8 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
20:38:40.0073 0x1840 DcpSvc - ok
20:38:40.0119 0x1840 [ BABB7BB5AD3CECFF466E6080F43CFC58, 1B8FF66557EC4C749156ED6DACC4D61D5DC4E25DD58F6DB3713C356214B80FDA ] defragsvc C:\WINDOWS\System32\defragsvc.dll
20:38:40.0182 0x1840 defragsvc - ok
20:38:40.0229 0x1840 [ 63C9464B165D31ACC46B6B089AB36B41, DE38DE4E6331D07630B63224F8014C27368C29791EDB58CC5DAE7CBACD37160A ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:38:40.0276 0x1840 DeviceAssociationService - ok
20:38:40.0323 0x1840 [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
20:38:40.0354 0x1840 DeviceInstall - ok
20:38:40.0386 0x1840 [ CF3895DD260ADE05BC91D8FBE0A82907, D7D8A29E873BE5C3832C9264F0165F6CD50D42ED0E04B0FCF07F054793092334 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
20:38:40.0495 0x1840 DevQueryBroker - ok
20:38:40.0511 0x1840 [ 25435407D97419627F4B10653433BF2B, 5429B0DB7C5302E9A6AF92C046637183D4147D4A206963ABEA3A611214D6AB04 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
20:38:40.0542 0x1840 Dfsc - ok
20:38:40.0620 0x1840 [ E59C209F1F633C1AEAF151B2CA46BBAA, 6A4DA927418B56A228CC8D9DFA3351B2B53A9328F5C56C10F0C7B19974B2ED89 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
20:38:40.0792 0x1840 Dhcp - ok
20:38:40.0854 0x1840 [ 95AA7877FD4161BFBC8493F9279B1901, F6B7DF75D763A89901BD12454BEF92D161B392F721B8568505073929D9F419BD ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
20:38:40.0917 0x1840 diagnosticshub.standardcollector.service - ok
20:38:40.0995 0x1840 [ 58395E37ED838B93A56F1D089C2F53CF, 57D167B58DF5B33F7E2A98E1B8B33C8F076D34CA032D22F050AE6F83A48DC8E6 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
20:38:41.0104 0x1840 DiagTrack - ok
20:38:41.0120 0x1840 [ FDCD449AE9E75D7690593D16ADAF4DB4, 3366C4BDB031EB525F85850E903C46802A2AC762C0772C6F6E543DDA4AF1E9D5 ] disk C:\WINDOWS\system32\drivers\disk.sys
20:38:41.0136 0x1840 disk - ok
20:38:41.0167 0x1840 [ 43A1B8B43CA4E213E0FD920F2FD6BCBA, 839C6047FD6EA951538209C30C9D8AE68F9B47A58DA151D071C03408250B0ECD ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
20:38:41.0339 0x1840 DmEnrollmentSvc - ok
20:38:41.0401 0x1840 [ F10A8F6D036CEDD14A5471782C52F041, E0DA3C4F76DBBEAED549375E57819F8825B33A118F7674D417D294054863F648 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
20:38:41.0511 0x1840 dmvsc - ok
20:38:41.0573 0x1840 [ 7228733177F673B4D51BD1AA082D47C1, DBE155CDCFAA7C32407A207F637F252FA0CE30F1DE7E7DBEC42DB37FADB5BFA7 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
20:38:41.0682 0x1840 dmwappushservice - ok
20:38:41.0729 0x1840 [ 592E41B3C11CA12203D3708AD8FC3D37, 6C69D5D603FBF038C069EDDCE29F7C6A60CAAE58B985AB218E1497F2BA934D42 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:38:41.0807 0x1840 Dnscache - ok
20:38:41.0886 0x1840 [ 6184C7A2F12625C108AEFD3A43429967, 689153F319BB1013FF60F71317E8380A6945EEE8141EDBDD6B185A966E23BB93 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
20:38:41.0964 0x1840 dot3svc - ok
20:38:42.0011 0x1840 [ A616D8297C1BEA690BBC796736A7A78D, 9365470F4609606410AD79D98E1E77D815DC7C5AA924FB639FCF713EE8EDEA76 ] DPS C:\WINDOWS\system32\dps.dll
20:38:42.0136 0x1840 DPS - ok
20:38:42.0183 0x1840 [ 45771610FF181434073B5A0A00F20F8D, 6A17DB09AA6D021F000F7315317235E1FCF41FD58EA7DF81A7C9F5A6DE999984 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:38:42.0229 0x1840 drmkaud - ok
20:38:42.0276 0x1840 [ 00D9A948FB7344C62CEBED88E50EE39A, EF33FE7FB34DE571F3956C1F7AC8EFAA25BFD9F3AFA3ECD25DD34C5890873245 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
20:38:42.0401 0x1840 DsmSvc - ok
20:38:42.0433 0x1840 [ D920A8B070A9BA5C9DEFC3BA7C3883B5, 8EA05CDE58930EB16B4B502561AF2DB5229658FDC1948A9A8F249A7402C21398 ] DsSvc C:\WINDOWS\System32\DsSvc.dll
20:38:42.0495 0x1840 DsSvc - ok
20:38:42.0604 0x1840 [ 89C9C3745F270EF93988DA57BC6AA62B, 947886F3121919427BDCB123C6FC28E29CA73D427E92025E1BEAA743D27306D3 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:38:42.0714 0x1840 DXGKrnl - ok
20:38:42.0745 0x1840 [ 6E36BDBB46DF7F865D0DD30663AE3891, 98967B01EA450AD4D5FE8085F710359C022D783B839A51BD4A266718156B01EB ] Eaphost C:\WINDOWS\System32\eapsvc.dll
20:38:42.0776 0x1840 Eaphost - ok
20:38:42.0917 0x1840 [ 3070013B01EDA42C7EB67D731340C396, C083CA05650750876E70CB6AB51D5C047C06098C2ED86B083A74C97830247BFC ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
20:38:43.0169 0x1840 ebdrv - ok
20:38:43.0208 0x1840 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] EFS C:\WINDOWS\System32\lsass.exe
20:38:43.0226 0x1840 EFS - ok
20:38:43.0273 0x1840 [ 59EE187E333EE9914DD9BEA5F4E0D85D, E34BB8075E38FC6AEC056323C6E3B5B4E7041EE6F4D51699B706DEEA18BDB911 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
20:38:43.0290 0x1840 EhStorClass - ok
20:38:43.0296 0x1840 [ 9297F1CC486F24BDFD2874156AC5430F, 1AF8689ADE4E658FC9418F7886B6C19F7D005EAB2AEF9B0E14FC81C61A74CECF ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:38:43.0327 0x1840 EhStorTcgDrv - ok
20:38:43.0358 0x1840 [ 9E8FF6B95FD420FA9E40BE548E5C8D92, 8825B81418335D03CFAADB792C1466023C459BE489ACACBD6686FFB544F22D30 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
20:38:43.0421 0x1840 embeddedmode - ok
20:38:43.0452 0x1840 [ DC2F91EAE9A28FA8C6610A9B7701B70D, 480DB509BF944AAC3617594F1245B4603069DE39186BC1FA7EDB8E0536B05E79 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
20:38:43.0515 0x1840 EntAppSvc - ok
20:38:43.0687 0x1840 [ 138690A45CE2EE341D00A86AFF44D95F, 79230ED8285E5A9FCB7A6C3EFE64E1BAEBC64018394F9E8849A493F4ADA5C006 ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
20:38:43.0718 0x1840 ePowerSvc - ok
20:38:43.0733 0x1840 [ F7FCCA6300485EF60CEA6D991D6C8C78, 24080D80CF1FD678DF4C9CAE70F65F8D9232F5F6A6F2B73A77B5E3C91E6505F3 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
20:38:43.0780 0x1840 ErrDev - ok
20:38:43.0827 0x1840 [ 2093F65AA84478E28C8E9D05BC413845, 086D4E0D4B993F4041AA8A9DCBEEDB53BD05B88E2BEFB218837FB10FACDF4233 ] EventSystem C:\WINDOWS\system32\es.dll
20:38:43.0905 0x1840 EventSystem - ok
20:38:43.0937 0x1840 [ DCCDC3F35F0618692117DF90800A4284, B636B2A39AE89A9C2CDE17EC52DA669DA8AA9E2B04CA5CA19926DA8009655244 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
20:38:43.0983 0x1840 exfat - ok
20:38:44.0015 0x1840 [ 5A1C6AFFF6946C5C21A27AE05084C0D1, 558CB87E596E85182F6976F215EE0E35F57BF901409A2805E6A3C29D8984B048 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
20:38:44.0046 0x1840 fastfat - ok
20:38:44.0108 0x1840 [ 046FC9CF53A91E2FBA498CA7B0C3B028, BCFB06DF53065706DD6287E8C47BF5047F8A1E33981E1881E6ED7510337F5BC8 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:38:44.0258 0x1840 Fax - ok
20:38:44.0305 0x1840 [ 4E4B7D935DBF522B2F23D3573596181D, 9D0EC9F65920EE0FFFB2D49C58E4D5151C8CEEB7AA82543D226E4B84EEE4B3F0 ] fcvsc C:\WINDOWS\System32\drivers\fcvsc.sys
20:38:44.0336 0x1840 fcvsc - ok
20:38:44.0368 0x1840 [ 583EB1C7690E361213BBD0472155128B, 5F5871490A6DAC4A824F4428941AC86FBFA9AA349B99B5D9544E5D62EB459FA8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
20:38:44.0414 0x1840 fdc - ok
20:38:44.0461 0x1840 [ 94B1A46EDD335F0C54C7BDAFC43348E6, 58073D58D0BE7389C2A4736AFE108835E5AE9C9950FF630644F585C99B964043 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
20:38:44.0508 0x1840 fdPHost - ok
20:38:44.0524 0x1840 [ BC855BB7DFE06F27F78E0EB2A8CCB70D, D16C3DAB99C16B077BA5DA5E9E0646B0B9237B00ABAE867D9F81A2D072D583B1 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
20:38:44.0571 0x1840 FDResPub - ok
20:38:44.0586 0x1840 [ F1125F20D56F28DDCD1A6F3E81EB4F5F, A6620ECCB15FAA70E4A43ADA4CE82CF97D708B6FA07F3FAED276359E7F92FD0F ] fhsvc C:\WINDOWS\system32\fhsvc.dll
20:38:44.0633 0x1840 fhsvc - ok
20:38:44.0649 0x1840 [ CDFD81CACE0E11596A3BB61EC4CF6467, 569FA86A215B054131AA9AFEECFEE7FD7143DCFFE275B84196004AEA538B2476 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
20:38:44.0696 0x1840 FileCrypt - ok
20:38:44.0711 0x1840 [ 3F02FEDAE894CBF4BAADDF8C8E1D53A8, DA32ABB1CDA867B8456C46F8581FA7F3A8D8B89D9F6E7422F51941D5FFA15B13 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
20:38:44.0743 0x1840 FileInfo - ok
20:38:44.0789 0x1840 [ 2824933386E30DE5BA089DF539CE19A3, 7B33E514576C68B444AE99CBA1360EBFAE8A46EEE5C01F4EE4CF471A712AB148 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
20:38:44.0852 0x1840 Filetrace - ok
20:38:44.0868 0x1840 [ 6A598249640F8BEDD79EC73917E1664F, A675238EA19E6632CDEB4EEFF7CF509EAAEF76AD8DFD247664E5607555D9CEE1 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
20:38:44.0883 0x1840 flpydisk - ok
20:38:44.0930 0x1840 [ 44B6A6832134DF651E887E941478CA35, FCF4EB726D00F5A17DD66C81CFDA49427281C94CF9CA2008397D591AEA61AE05 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:38:44.0961 0x1840 FltMgr - ok
20:38:45.0071 0x1840 [ C197284A9D565A38497733AF2BDFA111, C6615AF0D366C2DD6D431B073901EED02D49AA3F252230735DBB52A90BCFA833 ] FontCache C:\WINDOWS\system32\FntCache.dll
20:38:45.0461 0x1840 FontCache - ok
20:38:45.0618 0x1840 [ 109AACC7FB0170535F71491F673AFD38, 212B6761ABBAC29993DA0A47C3DDE8074EA9E5A8FFA8FF6EAB95AC69D8FDD5A0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:38:45.0649 0x1840 FontCache3.0.0.0 - ok
20:38:45.0696 0x1840 [ 3F3B9E8CECD5604BC7746EF3A852EB67, 51AF62A9563379266C0C873E82F55427900032DFD7AC3EBDCDF77F8F8DE91A5D ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
20:38:45.0711 0x1840 FsDepends - ok
20:38:45.0727 0x1840 [ A60583221C7BB7CEC35C63285A297BE1, 3C842FBEAD1FA2BD8D37B2B0E8EDF77F4F50508C56FB25DFA81DE9679090D51D ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:38:45.0743 0x1840 Fs_Rec - ok
20:38:45.0774 0x1840 [ 58013A50225174EEF1410E37795D7908, F8E557CA4110ABB203192DEAF59D91A5FEF2A5EA394637276DAB7F4D2E7BFA39 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:38:45.0821 0x1840 fvevol - ok
20:38:45.0836 0x1840 [ 0DAAE3EFCE00133AB3E383A36C47CDAF, 9145665F4F0575F951803AAFAA1A7DC0FAA35430CAE7D90E902074D60D6F4C62 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
20:38:45.0852 0x1840 gagp30kx - ok
20:38:45.0930 0x1840 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:38:45.0946 0x1840 GamesAppService - ok
20:38:45.0993 0x1840 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:38:45.0993 0x1840 GEARAspiWDM - ok
20:38:46.0024 0x1840 [ F59155B95D01C08F9ED774B626B504A1, EF0FCF35AD9CD5E5D695F0C064244D2B327E7FB10FD7CBB0586253EC75562918 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
20:38:46.0102 0x1840 gencounter - ok
20:38:46.0118 0x1840 [ AE24452F55C6F1784CBD7489D0CDDB02, 4E13C51CBF30A8662B1180AC74E968CFC428B6EA7931F09357E7D120063D4823 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
20:38:46.0211 0x1840 genericusbfn - ok
20:38:46.0243 0x1840 [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt C:\WINDOWS\System32\drivers\ggflt.sys
20:38:46.0305 0x1840 ggflt - ok
20:38:46.0336 0x1840 [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc C:\WINDOWS\System32\drivers\ggsomc.sys
20:38:46.0352 0x1840 ggsomc - ok
20:38:46.0368 0x1840 [ 96F0D3A583A91B634EE2AC2507356EDC, 43D2575F33D28F61C13D2DCF358BFA9DCEAE276C83152DBE7AE2020A66929CD9 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:38:46.0384 0x1840 GPIOClx0101 - ok
20:38:46.0462 0x1840 [ E50CE978F571B900D9A7E2F1C5BCC070, EA14873A5F1B700D7CDBE55B9D214DC457262866A90D80B3E8325A8EB7932CE7 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
20:38:46.0571 0x1840 gpsvc - ok
20:38:46.0602 0x1840 [ BA2455D93BD57989A04FE4094AA6F941, B579FB367C063EA30C034381148410D49D38E183A5A4D51D2334A81DAEE95CEC ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
20:38:46.0681 0x1840 GpuEnergyDrv - ok
20:38:46.0759 0x1840 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:38:46.0790 0x1840 gupdate - ok
20:38:46.0790 0x1840 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:38:46.0806 0x1840 gupdatem - ok
20:38:46.0821 0x1840 [ C277A49F8A8295840DEBC9240B75A282, 8B2BA0E6A8300323765D95ECD843105B0FC4B80B85EE2220E677C4E9A760C9D8 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
20:38:46.0868 0x1840 HDAudBus - ok
20:38:46.0884 0x1840 [ D5A57EF4822A0388352FFF9F5CD53495, 509F365386859157E9078821FAA56D2A3C0BA296CA129E0D42453428A14687A5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
20:38:46.0931 0x1840 HidBatt - ok
20:38:46.0946 0x1840 [ 39575B53EB80C77FF2A3F1449D00B7F5, 37E66B38BACE00AFEF7093F990A234399D8451A9D2C2C8CBECAB69C664E63EA6 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
20:38:47.0071 0x1840 HidBth - ok
20:38:47.0102 0x1840 [ 35C3B602664116E737FF729F9A7156AD, 7A3C5CAD716E819CC53405971F3ACD135BCF023EC2228C1095E2116BCC384E62 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
20:38:47.0149 0x1840 hidi2c - ok
20:38:47.0165 0x1840 [ C4ABE526BBF2A18E8AF70177FBAD9C6E, 4DA06B563A08AC15D949F4599F73F172B3BFCB5D23B34240D1E2114438A11929 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
20:38:47.0181 0x1840 hidinterrupt - ok
20:38:47.0196 0x1840 [ 348416C7D7EB05BC3099FE2F2B27985C, F30E8682E9DD731A1AD7328FB8A48A2BB7D6E52780AE1FDE839D26E84B4FA7B5 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
20:38:47.0243 0x1840 HidIr - ok
20:38:47.0274 0x1840 [ 5576DF399CF2D3B63608F7F282151249, 04939E79B8B8035547CE6FFE9001252CA810BAD46D8DB75FF5C13EB10EEB5C57 ] hidserv C:\WINDOWS\system32\hidserv.dll
20:38:47.0306 0x1840 hidserv - ok
20:38:47.0337 0x1840 [ 01F732724AF6EFE69886DA95A4E51820, E048A480F9396418BDE9659596E7EDA5FF97D3CE029D186048609B47575BEAE1 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
20:38:47.0446 0x1840 HidUsb - ok
20:38:47.0477 0x1840 [ 7433A8D28EE11A661C7A45AF28BA7987, 8A73DB423924E84CD3629BF6C7298CD093D2437B73B3F4520D39330923DDA2D6 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:38:47.0618 0x1840 HomeGroupListener - ok
20:38:47.0681 0x1840 [ 3FDBFBE5AE639996EB8D482C16BA7EA9, 7E48304818AABB4C5B0CB7FD32D96D6F90F4180AB0F668A2FE653A7097A40673 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:38:47.0774 0x1840 HomeGroupProvider - ok
20:38:47.0806 0x1840 [ 3844CE7DD23530CAD59D8CABA57CCB05, A44BB60686A0E98FF370D9DED5B32C3F34F0352ACFA3B3052BA4023922B53DB7 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
20:38:47.0837 0x1840 HpSAMD - ok
20:38:47.0899 0x1840 [ CA6EADBB8731CA27BDA4037BF290AC14, 31EC9397D55D4EEC416AD722134E2D6B5D14E46D2150CB94889C4BFDAACBF421 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
20:38:47.0946 0x1840 HTTP - ok
20:38:47.0962 0x1840 [ 8841D927EB1F7FFC8B1805BC0CF190ED, B063E686380EEF582CF736E33751812F0041C593C7F30EE97D13DEDC9B246AB5 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
20:38:47.0977 0x1840 hwpolicy - ok
20:38:48.0009 0x1840 [ 53436C3835E80F4421652A67F44D6313, 8731091945A839713348DF3060A4C96033874E2B3DC7E099BEEC8C65B07F98CF ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
20:38:48.0071 0x1840 hyperkbd - ok
20:38:48.0087 0x1840 [ B2DC6C2F313EBB967B556B4E73A75451, B1816A0AE15705F0325F167EA76166779607D6086EC36A4A960E3BA47B4EBC4B ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
20:38:48.0134 0x1840 HyperVideo - ok
20:38:48.0149 0x1840 [ D4CDEE4A62BDFFF6E8558A9552148EA7, 55306786CB45082AE374937EBA256FF9CD640BB2E8C19DC6C704489D4743F5CC ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
20:38:48.0259 0x1840 i8042prt - ok
20:38:48.0306 0x1840 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:38:48.0321 0x1840 iaLPSSi_GPIO - ok
20:38:48.0368 0x1840 [ F1DF87463AC308047B089E9F0456B4C8, DFFF3C63D3124C2B879B888104042406FE326D4E7C8C1881A269BD4287B9CD33 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:38:48.0384 0x1840 iaLPSSi_I2C - ok
20:38:48.0478 0x1840 [ B9E489CC1EA3284FEED33799DC70612D, 0DD714A3A37C391B38F4EEEB3F85C3C3C056F4AAB4A5EFA63835AD967BC25B51 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
20:38:48.0509 0x1840 iaStorA - ok
20:38:48.0540 0x1840 [ 9FDD4763A115D04F565C38183DE4646F, A8B0653E7C5F5B3CB2A1B642F502269FB1BB1E35DBB1CBABDBDADF92C9815727 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
20:38:48.0587 0x1840 iaStorAV - ok
20:38:48.0618 0x1840 [ 4E69EE8F8E5DA036535D433C544AF9E2, 2ADE9B97CE1C19FF984D8BB99CF31415872C2D9628864BD78C0E44D21CC94EE3 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
20:38:48.0650 0x1840 iaStorV - ok
20:38:48.0665 0x1840 [ 15C59DF20F74A0C2C764B991FED7F4A5, 6E9804775E815F32A4D73C346E627D64A3096525E78FAE3B6E43CFECAE270428 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
20:38:48.0696 0x1840 ibbus - ok
20:38:48.0743 0x1840 [ 88E6A429944544346EC3AE1FD7D24BCC, B6B8D51E5491C91D2FCDC77C1D82A5168B0C860252208E1B4612D8D5C19401AD ] icssvc C:\WINDOWS\System32\tetheringservice.dll
20:38:48.0900 0x1840 icssvc - ok
20:38:48.0900 0x1840 IEEtwCollectorService - ok
20:38:49.0071 0x1840 [ CEFA6BDB4789F3DA003ACBDCC64F5877, 0FE78AEFA9A75B4A99AD6B73AC3252E4C6DFA9D306FEC02D26C1FD574108BFBA ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:38:49.0228 0x1840 igfx - ok
20:38:49.0259 0x1840 [ 75909533EECD0CD9D5974B59474AA6C0, F81D0F949F1F01D09C91735C79288395B82C27B8FB78804752E5A678D7EF3860 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:38:49.0275 0x1840 igfxCUIService1.0.0.0 - ok
20:38:49.0368 0x1840 [ 6F9C31435DD3E3D3BC247212EA144EBF, 05C4A0BD4BABD27783CEFEE6108C1A05911A212189233F09AF1A56BDC60F60F8 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
20:38:49.0446 0x1840 IKEEXT - ok
20:38:49.0493 0x1840 [ B1F193AB8FB72E9FC34B3A39314ED872, 408E98D9C8ABB928090DD9E5D1BB227EFBC997BF168437BAEF0461EB0D1DAE3D ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
20:38:49.0509 0x1840 intaud_WaveExtensible - ok
20:38:49.0696 0x1840 [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:38:49.0868 0x1840 IntcAzAudAddService - ok
20:38:49.0931 0x1840 [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:38:49.0946 0x1840 IntcDAud - ok
20:38:50.0040 0x1840 [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:38:50.0071 0x1840 Intel(R) Capability Licensing Service Interface - ok
20:38:50.0134 0x1840 [ 5175C772BCD11C9B0471D30535F15F60, 1F3740ECE66A3F849445DE3A15648BCCC8CB349300C449F107FC762D2B792F0B ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
20:38:50.0150 0x1840 Intel(R) ME Service - ok
20:38:50.0196 0x1840 [ 498759139F71142888CF7EFA1ABE18C8, 9CD0CD748B143F947B4DEDE39344A8C284717CC8AC97E25827EB73CF10831419 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
20:38:50.0212 0x1840 intelide - ok
20:38:50.0243 0x1840 [ DC270DDCDDC2EF65D484A65CC5166222, A88BEAD819ABEFE28B6F9A10586ADCB0EE2A5ED9273F176E9313750609C7892F ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
20:38:50.0259 0x1840 intelpep - ok
20:38:50.0290 0x1840 [ B4D9C777762B1F7356958B9C0AA93BEB, F11B07FE939A107AB4EED4857854DF269C2D86A80C8507C8B1E95F7805975EDB ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
20:38:50.0321 0x1840 intelppm - ok
20:38:50.0353 0x1840 [ 22BD83268B80A8C89AAC0BDF46E4EB5D, E7DC0C2E4104B51EA545BA8D0CFF11FD6A15BFD8EE16E546E8FC220853402CB3 ] IoQos C:\WINDOWS\system32\drivers\ioqos.sys
20:38:50.0478 0x1840 IoQos - ok
20:38:50.0509 0x1840 [ A49E47A6E1429123F46A7CA9C05AEFC1, FFD68CA46DFAA4954FD76145808E2C74BDC34FFD6979BB3FB6A3EE4DC33CDC78 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:38:50.0572 0x1840 IpFilterDriver - ok
20:38:50.0634 0x1840 [ 8FBA61B7CB44F136226BE3B346FC6D19, 2190A523AC948B18C2C7B6DC96ABB654DAB471AD5E5E13F79899416E91777AED ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
20:38:50.0728 0x1840 iphlpsvc - ok
20:38:50.0760 0x1840 [ E0C276985AF968CE295B8E09C121321F, 07B54165E80D4254C29A6CF00CC634E70F190EF0EB8EEF73EC14F38B841087A5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:38:50.0838 0x1840 IPMIDRV - ok
20:38:50.0853 0x1840 [ 5D3744E6FDEC1A6FB3FA9B1DD4AF0694, 209BE9FC25C8BF8CE058B7E993B6A902B881380DADC69F5208733077DA7F4382 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
20:38:50.0916 0x1840 IPNAT - ok
20:38:50.0994 0x1840 [ 043A93A498B3C4A88CACA3BCBC9B54C7, C08C5A03940806C6CB75ADDCBE6183145AD2AFE84D77BC85E620E7C1542F0893 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:38:51.0041 0x1840 iPod Service - ok
20:38:51.0056 0x1840 [ B18202D72C0EF4B53CEC6F59E3E1B955, 6DA244E6485372C16CF0B38838DC90B48079A85F5D22B0F2F197C8DA37F0A293 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
20:38:51.0103 0x1840 IRENUM - ok
20:38:51.0135 0x1840 [ CD04CBCCCB4C0E4BB06B98E0F45C888A, 106B3E823C188BD14328F2BEA28559D2F637C270064B2FD214522FAC4E616F4C ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
20:38:51.0150 0x1840 isapnp - ok
20:38:51.0181 0x1840 [ 5D90E942C94B20E0F321015C0ABF3EEA, 4110551B172D4A5524DD857D7CB65FAF2594310BE7883D5641BC0DF5EF49C82C ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
20:38:51.0213 0x1840 iScsiPrt - ok
20:38:51.0228 0x1840 [ DD1F43B86AD84E53203F92FD3EF3AEB6, 9DE2BA80B315E56DF2E74EAA65F4ECB8324DFC19E30EB56EDDF08340AB100E87 ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
20:38:51.0244 0x1840 iwdbus - ok
20:38:51.0275 0x1840 [ B2AAF45E83CAFA49A34EB2F2D6D7609C, 1AE9FEE38D295F485165F2BA53F2D7CED5D9845D98F9EAC23ABF2244D3CB1D96 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:38:51.0291 0x1840 jhi_service - ok
20:38:51.0306 0x1840 [ 4192DFE6CA143C0AD8AF42C51A82BECA, 31FB3A261D0D5241CC87EF7DFF8BFC1A1EACE8CEC42138918EC5958DAEE100CD ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
20:38:51.0322 0x1840 kbdclass - ok
20:38:51.0338 0x1840 [ B63C0DB341DCB46CF7AA259333A737DD, F1B43BA68707F3F99CD31AB2035F5E86CD967AE4E5393928C69861785E960872 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
20:38:51.0385 0x1840 kbdhid - ok
20:38:51.0400 0x1840 [ 53C79A7FABDAAFD11EAB31963FB2CED7, 357418645DDCEFA5546AE78EDCAE86D50928710CA7A3F65F01CF721AADA36623 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
20:38:51.0556 0x1840 kdnic - ok
20:38:51.0572 0x1840 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] KeyIso C:\WINDOWS\system32\lsass.exe
20:38:51.0588 0x1840 KeyIso - ok
20:38:51.0635 0x1840 [ 1E99B26BDB9B9C9BC775ED4543558560, 890870A6737B4910735D1B23F714AA73FCCD1C131D135FACBA6909F06D31B3FF ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
20:38:51.0650 0x1840 KSecDD - ok
20:38:51.0697 0x1840 [ 6198A79011C67497B324798B3D4272CE, C587F7D86837550D07918F6AACF26BF65EBAF7FF57475DC9196B4D011E83AE47 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:38:51.0713 0x1840 KSecPkg - ok
20:38:51.0728 0x1840 [ 503597D9B72DBD9998F722F12A51ACFC, 9B3585282191163AA70243BAD921ED8725A98454E0D3879E0F671E0E4F56AB4F ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
20:38:51.0760 0x1840 ksthunk - ok
20:38:51.0806 0x1840 [ ED5AE20C27F27F293C6C61AEC9881054, 4D5BE394D129BD559B0A9D237F3F59CB3D24C15ABDD97AE2E64931D6B9D14FF1 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
20:38:51.0900 0x1840 KtmRm - ok
20:38:51.0959 0x1840 [ C529DA0AD5A21878E318801B024AF8E7, A14E8ADCA33C37B1D256CB4926A19F56D2D19B94EDF314A4ED34A8B5AB62CA5A ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
20:38:52.0006 0x1840 LanmanServer - ok
20:38:52.0084 0x1840 [ D6D9F4CAFD3F1A7E30AD02E508552CD2, F0D225E5951CFE1D8349F634CC91BDD5B3F9DCF6233CCB965E99BFEAFE642265 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:38:52.0178 0x1840 LanmanWorkstation - ok
20:38:52.0225 0x1840 [ 24881F16D2829764681F5FAE7B86D7D3, 290348CFAF3165847E4B53965D22E9D417EE20FFD23293B5C1855C57E6328599 ] lfsvc C:\WINDOWS\System32\lfsvc.dll
20:38:52.0350 0x1840 lfsvc - ok
20:38:52.0365 0x1840 [ 6ED675774BDC3735AB6DA12D29F825CF, 4317C7CF491F4E806975E7A973CFF11CFEE9E94730DDABCC67C3D693691DDDE5 ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
20:38:52.0475 0x1840 LicenseManager - ok
20:38:52.0521 0x1840 [ DB789F57CE94C827FBFF709CA5ABD29E, 4CA4DD079A63649C36F76A31C4081F11F5CF6574AC573B63EF930DB19B1D1C95 ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
20:38:52.0568 0x1840 lltdio - ok
20:38:52.0600 0x1840 [ FECBC6C4981772E5D0F517B34A5496EE, 15DB097BFB221B91E580E5CD1DD6B34A9A2C78A1A6FCE4162A855BB4AFE673E9 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
20:38:52.0646 0x1840 lltdsvc - ok
20:38:52.0678 0x1840 [ 95DD1E89A772A383E0FDC677A2E2ED44, 94701ACC1F4D5422CB7084609BC25D34A05F68829DB5030AA6697BD7DBC3B0B2 ] LMDriver C:\WINDOWS\System32\drivers\LMDriver.sys
20:38:52.0693 0x1840 LMDriver - ok
20:38:52.0725 0x1840 [ 24C87BDC66AB192FEB273BEE5FD5AA38, BFAAE1F2450DEBD1A14877C046C6EBA91014DB0B5D0FB95EC14CB714B773B3C0 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
20:38:52.0803 0x1840 lmhosts - ok
20:38:52.0881 0x1840 [ 9CA9CB0E115418F90FFC67973462280A, E3B25C360A9F5A614206B6AD07E67B2AF71D667E3CDC56BAC11F4C5AD0BACAA6 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:38:52.0912 0x1840 LMS - ok
20:38:52.0959 0x1840 [ 287979F25EBBE306F1D972643D273905, 6C62706A8CF03017F3A0D55134D02111C3E1E765EE18AD2199852E00DB3987FC ] LMSvc C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
20:38:52.0975 0x1840 LMSvc - ok
20:38:53.0021 0x1840 [ 3BB39166E446D456C277C17DFEA3DAC6, 1A08E1D017BBCE91E508D876835FA7AD2DA0859A8CFE8F8F31B4F12B48E2573D ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
20:38:53.0037 0x1840 LSI_SAS - ok
20:38:53.0053 0x1840 [ 25CF625E46307A5D6674C8DFA1A289AA, 1D00EB70B6B0157013A7C15EF194F51B8596612066EF31B337D8134D6BD0BBBE ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
20:38:53.0068 0x1840 LSI_SAS2i - ok
20:38:53.0084 0x1840 [ 722C52B12EA4C198D56994934C9DDAB6, 5F4AB818251C770821BAF41C19B1C483A31CCC28EB96F2084D4092E33EAF906B ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
20:38:53.0100 0x1840 LSI_SAS3i - ok
20:38:53.0115 0x1840 [ 3371FF1D5D745C3306C6A2C4E99C25A9, DD6F0099001501BAEDDF8411FBCD930BD6472662D209199249203CB2FDAA23FB ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
20:38:53.0131 0x1840 LSI_SSS - ok
20:38:53.0209 0x1840 [ E2EEF074F5260378F9AAFBCD592319A3, DC56674A08FA03FA7AF7DD8B3CC55D8324D1CB51546092A990A935FF9AB48A3C ] LSM C:\WINDOWS\System32\lsm.dll
20:38:53.0365 0x1840 LSM - ok
20:38:53.0396 0x1840 [ C692B9C0352315417CF49FFA664957A3, C2D4F9A936B809889F7C51FE48214A1923175913A6C5D0B72D3BA469214B5174 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
20:38:53.0443 0x1840 luafv - ok
20:38:53.0475 0x1840 [ 6A4C75FD28F60062FEA3DF3B15D956C0, 4FC58F3320D33BDACCF759A50C623A3E58E4320749E6691B397DF0C8EAAA8A6F ] MapsBroker C:\WINDOWS\System32\moshost.dll
20:38:53.0756 0x1840 MapsBroker - ok
20:38:53.0803 0x1840 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:38:53.0818 0x1840 MBAMProtector - ok
20:38:53.0959 0x1840 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
20:38:54.0021 0x1840 MBAMScheduler - ok
20:38:54.0068 0x1840 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
20:38:54.0115 0x1840 MBAMService - ok
20:38:54.0146 0x1840 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
20:38:54.0162 0x1840 MBAMSwissArmy - ok
20:38:54.0178 0x1840 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
20:38:54.0193 0x1840 MBAMWebAccessControl - ok
20:38:54.0240 0x1840 [ B2ED9A7A5587A128A0EFD0DBE7662E95, 63070AAFD44E3CD2A4B262DF27222B103455A4D8C2E45914502BFA03D84D32C9 ] megasas C:\WINDOWS\system32\drivers\megasas.sys
20:38:54.0256 0x1840 megasas - ok
20:38:54.0413 0x1840 [ 083F71488E6780A67290273180256EA5, 5F43CE66F5A48850BABB70F4D219FDD002F9BC2B2F0E58E66FE2C492AA335E50 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
20:38:54.0459 0x1840 megasr - ok
20:38:54.0522 0x1840 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
20:38:54.0522 0x1840 MEIx64 - ok
20:38:54.0694 0x1840 [ 5907A10D46747A2B6DBFD6A198254DC2, 6C283E9DC75C7ABFD270D6FABBF4F54628A1786E7CE2F603BF664CBB9E4FE583 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
20:38:54.0725 0x1840 mlx4_bus - ok
20:38:54.0772 0x1840 [ 91ED6F0EDF4158D63C52194F17D4F42E, ACF543978E253650C167C6C370699AEA7340EBCECF7CAB904CBDD334D1BD6928 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
20:38:54.0928 0x1840 MMCSS - ok
20:38:54.0944 0x1840 [ 2C4CC9F6ADBED5A6D131FDB97A78FF68, 04DC76E3F0959C0A9B00DF2133B075194FB7DCBD76832B9D25B0E37223D300DC ] Modem C:\WINDOWS\system32\drivers\modem.sys
20:38:55.0006 0x1840 Modem - ok
20:38:55.0022 0x1840 [ D8DB13529C8AD6FBAF8E2F382024374F, 13025035C479E2EF76EDCB90D83BE65B4ADD9F7000AD31FEAD628D5DDFE69158 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
20:38:55.0194 0x1840 monitor - ok
20:38:55.0241 0x1840 [ 2DAAF1EE1C30F2FCF59851A64ADA0422, 08CD801E63E2862DE058CD732C3DB3D87B1A2898732365440E3F8919932E96FC ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
20:38:55.0272 0x1840 mouclass - ok
20:38:55.0288 0x1840 [ D30FE074503283829ED194BCAE6239C3, A3A127381ECC798417D01F6B8A1894EED7D71989047BC4D1D74D0E7C8394AD65 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
20:38:55.0319 0x1840 mouhid - ok
20:38:55.0366 0x1840 [ D5EC9413527B286CFEEB0294C53ABB95, B094C611F5A7E33D2F8667B2A4D6260E1D57BD135867F984EE5B674C7EE72B95 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
20:38:55.0397 0x1840 mountmgr - ok
20:38:55.0444 0x1840 [ C34AB4280614658903BE848CE79ACDB5, 9A943D9B3CF941DAE4EA4E2771B5EC5DA37AB16AD43095EF092B4259D62FF810 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:38:55.0460 0x1840 MozillaMaintenance - ok
20:38:55.0522 0x1840 [ 989A1BBD9C49B107B4A47D06E6827A69, 62D90B22AE13AC84324DFD5FEBA595813AD07469B7FEC41380CE223D93020CCA ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
20:38:55.0647 0x1840 mpsdrv - ok
20:38:55.0710 0x1840 [ A0DBB9386BEA8DA1A159C2A2E07081A3, 9D3F26005A76A72F9512F040D45C16124D17F8C8DA45C51FFAF74F066357D0A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
20:38:55.0897 0x1840 MpsSvc - ok
20:38:55.0928 0x1840 [ C1E74DD1D84861D8F12FF8BC0BA11975, 5912A0455C840F5C8AD6383823C9C7DE6FF8B5CAF1B72EA181864999891EAF30 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
20:38:55.0975 0x1840 MRxDAV - ok
20:38:56.0051 0x1840 [ 1DF2C5FD2710A13B07E663A12F0E0EEA, 8EBCA9269F52A5CF602F5DE2B0C2AB2BFD82F415465DBB74C73D43F321D9FD46 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:38:56.0112 0x1840 mrxsmb - ok
20:38:56.0139 0x1840 [ 185932B1149BD707F8A13174CDAB365B, BC26CB10DD6E81A94477564444E91F76D47E685E897BD77B9C1393F0D31AB718 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:38:56.0251 0x1840 mrxsmb10 - ok
20:38:56.0273 0x1840 [ 99E24D4DBACBC569833B9A67710D65E7, 93BC765E7B6E19E83AFF783DE8080A80A1D69A406B496F1E36C47AE6E86AFB76 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:38:56.0317 0x1840 mrxsmb20 - ok
20:38:56.0363 0x1840 [ 6F8BE4FB6262012E61BBADB5444628DC, E87489207AA48106C08E4BADDD8D66D14BC9DD6AD2A4CDD880BA655932CDDE60 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
20:38:56.0412 0x1840 MsBridge - ok
20:38:56.0460 0x1840 [ 283BDF3602F442336DAF242BDD07FB98, 185F046B6AA24FFD1567F00AA70357C82002FF627E329CEF9B926645A6DDB172 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:38:56.0508 0x1840 MSDTC - ok
20:38:56.0540 0x1840 [ 7C55F1751CAC199680D4489D1EE46544, 967EC8137D321F6139C3382D19A338FD97A3023EB654747AC57C2008BE4AF677 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:38:56.0555 0x1840 Msfs - ok
20:38:56.0587 0x1840 [ 988588C16A53C2581488C15FF18934BF, F021FD31163CB5C7012CF96EF642C5E551708C835039075268F4CBED002D441D ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:38:56.0618 0x1840 msgpiowin32 - ok
20:38:56.0633 0x1840 [ 09622DBC24D0178F15DB8461BB6970DF, C0B3F9B2219AAF87E417EE9FF54C64B8AD9944E101EA79B5DC81D99E8C2ECF30 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:38:56.0665 0x1840 mshidkmdf - ok
20:38:56.0696 0x1840 [ 34BB07495C0159BE4189841E16F3BC2F, 264B5735D9A68C85BEDE363D4C0AE1FCC381B39EA884B4BAEE185EB8A873184A ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
20:38:56.0723 0x1840 mshidumdf - ok
20:38:56.0742 0x1840 [ 7BF3F0DA362C053918F5F2EC43CE39E2, AA773FA3F83C0C572160D3D0286A697DC628FF4F3655EF21D01C6D1B7BE5DF1C ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
20:38:56.0762 0x1840 msisadrv - ok
20:38:56.0804 0x1840 [ 669DA2006C0B9D882D2014617E1E88F5, 090F558818806CAEF6C81D369F8BFFE4A8240295EF37CAA7102A18F4CD20D868 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
20:38:56.0837 0x1840 MSiSCSI - ok
20:38:56.0842 0x1840 msiserver - ok
20:38:56.0857 0x1840 [ B2D0FD21FE67D6434769CC6F7A7883CA, B2368BD72952C6EE6DAF1AA006DF575A3019E4721BEFB108D3DF1B9E07B2BC5D ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:38:56.0901 0x1840 MSKSSRV - ok
20:38:56.0928 0x1840 [ FB3801F176376286A3F8F20FFB8CDC53, EEF89081665B9BBA93AE9F5912C40C1698E8BA8DBBCCC3BBE0BAB5A86B7E05D4 ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
20:38:56.0973 0x1840 MsLldp - ok
20:38:56.0992 0x1840 [ 8CBDF0E7A6CD824352F37A682A33DF7E, 4567FF4C73648FF26EA68EAE2B524B767099789086C158875C97768C77B81359 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:38:57.0012 0x1840 MSPCLOCK - ok
20:38:57.0033 0x1840 [ 33E5B6261D69ACD4948A5C64B9D8F29F, 1D32340640312372E52E59AFB5DB872E6F9DFE3AC16B56F9D928AE230DA02B8A ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:38:57.0060 0x1840 MSPQM - ok
20:38:57.0092 0x1840 [ 557DF8C0DBBBF518AC395C6EB1B179AE, B294B5A7882C0C60D91FB853FC87505B6E7638D25E360FDAE002AEBB714ED471 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
20:38:57.0120 0x1840 MsRPC - ok
20:38:57.0139 0x1840 [ 0A29AFA668F5DD50482A98ECE70C77A7, 4C1F23B062361D97B1C8D864AB227E5F398F774A99B5E60A1149A4F78D5BEC20 ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
20:38:57.0156 0x1840 mssmbios - ok
20:38:57.0177 0x1840 [ 30CE30877FD5BFADE74FA27D7829BF89, B5EA1F8C91E75722DB1E3E2172C8607FEDBF35BDC4141258A3E6D29D8B0E193B ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:38:57.0209 0x1840 MSTEE - ok
20:38:57.0225 0x1840 [ 13D88C0B8A2FA001CD72D454955A6974, 19DD5C8BBD07B64F355737436BF702FFC209D84A8855D2224D3377E233D4BB34 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
20:38:57.0256 0x1840 MTConfig - ok
20:38:57.0287 0x1840 [ 00C7F0F06A0A48B9CDB6B3AC3BE288F0, BF469A2DDF495ACB9FEE9063C6680C95BCC8686682C9EDAE6D1893D4058E8AA6 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
20:38:57.0303 0x1840 Mup - ok
20:38:57.0319 0x1840 [ 8E237527CA260C71D39ED4081BDF3419, CA52DD174C756A404B1FAD3F2A70E50085C2820BF12369259F61DA649101A179 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
20:38:57.0350 0x1840 mvumis - ok
20:38:57.0413 0x1840 [ 684D9033C3DF1727DD36C6464533176D, BD0EE7F922A493528FC705CE30BF59B1E0743A913A05D811FFA6590DD356718E ] NanoServiceMain C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
20:38:57.0429 0x1840 NanoServiceMain - ok
20:38:57.0491 0x1840 [ 48D0587A8302FD3302CFE6F59F7345B0, 26D48AF3F7FF4867E179347CD635055DEA9A751C6C61CE2C391A7F74FC0DC1DE ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:38:57.0804 0x1840 NativeWifiP - ok
20:38:57.0882 0x1840 [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate c:\Program Files (x86)\Nero\Update\NASvc.exe
20:38:57.0913 0x1840 NAUpdate - ok
20:38:57.0960 0x1840 [ 11BE8117653C542D264788A700AC5BFE, 87EAAC2DF62BB26619DA72950F5EE41DCA1DBDF93F098647F9D200D588F14003 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
20:38:58.0069 0x1840 NcaSvc - ok
20:38:58.0085 0x1840 [ 286C6276B2BA86F29A0F687D05466277, AC8551536F37717A0ACE4A260F5696D1276F7AC62F669E8F12AA158DD86F71A5 ] NcbService C:\WINDOWS\System32\ncbservice.dll
20:38:58.0210 0x1840 NcbService - ok
20:38:58.0241 0x1840 [ C55DA734ED2A831E0BACAAFA01CEB7FF, 9D989B03D07BBAD287B317D238691664B0694331D6A69B7A1AA3D8AB7D1323FC ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
20:38:58.0351 0x1840 NcdAutoSetup - ok
20:38:58.0366 0x1840 [ CF8296427834CF8BBB3EE1444C17362D, 6EFBE1F015DFFA0704C66DF5C88089DD5771E1542018E4AE98389CFF3D0B2309 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
20:38:58.0382 0x1840 ndfltr - ok
20:38:58.0444 0x1840 [ 616F40B897DA651221F86A1741E9609B, 22D66029726313D92FC8E074BCC51C1E1560CB5FE36DCB735E7E063EA53E299A ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
20:38:58.0507 0x1840 NDIS - ok
20:38:58.0522 0x1840 [ A0719D1EBA971DFC5DF5F7CC010385F8, A982487D3A74E66F3C29AAA5B46CE9A0969F07F267DDEFE58C58573573AB0024 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
20:38:58.0616 0x1840 NdisCap - ok
20:38:58.0632 0x1840 [ 0C557932CCCC65AEB37326DD36504527, C0AF3066DEE4BCC32DB30CCC16B7A91442A8383BB36C7C4E3CC0A5EFE0FAAA9B ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
20:38:58.0679 0x1840 NdisImPlatform - ok
20:38:58.0694 0x1840 [ 56F9345D1945826135FBAB7589592B1F, 6BC2A5900076B917823C7392C582A2648D0C8000F2F65D309D5B48E36D4FB4D6 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:38:58.0726 0x1840 NdisTapi - ok
20:38:58.0741 0x1840 [ AADFC340939D99E5D756E713E1D452EB, EFEFDBB2188DE82C2C5E67929861B269FD4C127D34D1DE6D0596ABC33E2C2B51 ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
20:38:58.0772 0x1840 Ndisuio - ok
20:38:58.0788 0x1840 [ 312DFD787D99D3BF1427B0388BC04F71, C082CA1F332AD57FF2100748518D3D7B3D0F1B042F69BD7401C44B77AFE97462 ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:38:58.0819 0x1840 NdisVirtualBus - ok
20:38:58.0835 0x1840 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
20:38:58.0882 0x1840 NdisWan - ok
20:38:58.0913 0x1840 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:38:58.0944 0x1840 ndiswanlegacy - ok
20:38:58.0991 0x1840 [ 6E98F16983C4AE8703FF9F90AB4B31DD, BB8BD5DB4B5FB31F3A257747C27CBEFA4B7837EC5C0CF3D4F408E626E4003F4C ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
20:38:59.0022 0x1840 ndproxy - ok
20:38:59.0069 0x1840 [ F1B7CC77F412C8D45B2DDCF76EDA4F9D, 25F2AA76E675D9BCC0B1FD47AFEC6DF2D0B47E7B1C8AF6FB27C1ED2FB902961A ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
20:38:59.0163 0x1840 Ndu - ok
20:38:59.0194 0x1840 [ 824FDC990A3F79069BE468A132EB6888, D09F7A9EC04E37DA504CE54EEC25C312B407B6A8B214CBB074BEB50DE420F52A ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
20:38:59.0210 0x1840 NetBIOS - ok
20:38:59.0241 0x1840 [ F0D791348AD254360CC3C3E501CCB745, E4CAB4D3C2CD3169731283B00DEBFE26438BB66A3F0D78BDB68E876A14FC7070 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:38:59.0304 0x1840 NetBT - ok
20:38:59.0319 0x1840 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:38:59.0335 0x1840 Netlogon - ok
20:38:59.0382 0x1840 [ 7C8A7380CBE45DFD3DF118D8601499A7, C137280B7696F8CF4258BDC8B241C66BB3AA5708C5410D85255E46C7E8284826 ] Netman C:\WINDOWS\System32\netman.dll
20:38:59.0429 0x1840 Netman - ok
20:38:59.0476 0x1840 [ BBE9D72EFC7BD66B28309C3607683DBA, FC372EFBC650CE0BDB117858D840A1FB361947B1C67D1DD16BABA95D0286856A ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
20:38:59.0554 0x1840 netprofm - ok
20:38:59.0585 0x1840 [ 5D046D71B18BEFB2E4D164C3DEEDD672, 536834D020889973854830919B23DF22CC1B27236AFAEDEBDF42D432CE48FCDE ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
20:38:59.0820 0x1840 NetSetupSvc - ok
20:38:59.0867 0x1840 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:38:59.0929 0x1840 NetTcpPortSharing - ok
20:38:59.0960 0x1840 [ 46E862DA2CF8F351375EF537276B69B5, AC0FE0977E56380849DCE668AC0F5AF183AAB115ED84ADD964E390CC0BEDF6D3 ] netvsc C:\WINDOWS\System32\drivers\netvsc.sys
20:38:59.0992 0x1840 netvsc - ok
20:39:00.0085 0x1840 [ 88CE4AC85F36B6347C1D820FA373B998, E10B5DF8883928A2062FC6180DE4CF0DE33C68622C2E3E4E1AFC56A0682F8E75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
20:39:00.0179 0x1840 NgcCtnrSvc - ok
20:39:00.0195 0x1840 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] NgcSvc C:\WINDOWS\system32\lsass.exe
20:39:00.0210 0x1840 NgcSvc - ok
20:39:00.0288 0x1840 [ EA1C2DAB8A63712B94897A58557B086C, 98DD7E5C84F3CDF2DAA89484892D6B439F5D14297B5243436925BEEAA0C02EE1 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
20:39:00.0460 0x1840 NlaSvc - ok
20:39:00.0492 0x1840 [ 49187521F6CD3719898F22D32BF6FE14, A248D75B3C8DE2C90C408B82FCBBE0D5623CAC9526A188EE9A4CE44C191BE308 ] NNSALPC C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys
20:39:00.0507 0x1840 NNSALPC - ok
20:39:00.0538 0x1840 [ 944E0EB604FDC54C14FDEC74EB394BD2, 8CF7D61FE5E27504CAE75EE1F0FF9EC3D2161F48DD2FFC0823FC1B512CE463CD ] NNSHTTP C:\WINDOWS\system32\DRIVERS\NNSHttp.sys
20:39:00.0554 0x1840 NNSHTTP - ok
20:39:00.0570 0x1840 [ 66A53D468BD466DF2FC43E02655341AF, 1CA0DE465414B5E0F1774C79226FCBD984FCA91074E4195FA97244A2882E5F6F ] NNSHTTPS C:\WINDOWS\system32\DRIVERS\NNSHttps.sys
20:39:00.0585 0x1840 NNSHTTPS - ok
20:39:00.0601 0x1840 [ 58208570B63593A511BAA7C54040862F, 43DA12D2312C24F00C5D38BF85A774B8DD8E149AD0085017374D29BD8379189D ] NNSIDS C:\WINDOWS\system32\DRIVERS\NNSIds.sys
20:39:00.0601 0x1840 NNSIDS - ok
20:39:00.0663 0x1840 [ 85ACBE5BA9DB4F18352D73FACBF79B9B, 0CE8DD2F8A219A266B0DBD29317B78ED48729D79A4E8CA46235B842399259F87 ] NNSNAHSL C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys
20:39:00.0679 0x1840 NNSNAHSL - ok
20:39:00.0695 0x1840 [ 99697751DE64A3D7CA4306120D6CC87A, C623ADF8BFD6D278B1065B8CA999A336A52ED4BBBE261B7EC0C6D382C25F73B7 ] NNSPICC C:\WINDOWS\system32\DRIVERS\NNSPicc.sys
20:39:00.0710 0x1840 NNSPICC - ok
20:39:00.0742 0x1840 [ 7F640E0EA360A3F6EE86F74813FEFC24, 12D09A9229AF484F23FFC7DAFD4BC44EC421B13F694E98B57CD3015BD0CD8A60 ] NNSPIHSW C:\WINDOWS\system32\DRIVERS\NNSPihsw.sys
20:39:00.0742 0x1840 NNSPIHSW - ok
20:39:00.0788 0x1840 [ 163E56A6A4D85F8AD744C69C1C9E73BB, 36BAE9773D3608D246A033E1050492BE4B95DD3D4E983679B4C2208F83FE5772 ] NNSPOP3 C:\WINDOWS\system32\DRIVERS\NNSPop3.sys
20:39:00.0788 0x1840 NNSPOP3 - ok
20:39:00.0882 0x1840 [ 879B319D73A7D590978A7221FF718A7E, 8128000477720E37ADFC39B548342CEE794930416F874CC4B80F68D68C64CFEE ] NNSPROT C:\WINDOWS\system32\DRIVERS\NNSProt.sys
20:39:00.0913 0x1840 NNSPROT - ok
20:39:00.0929 0x1840 [ 71B34C94305109929814D5B272562279, D4F71523D5A716B94F0FBCD70FD8C53692129A463646992364CDFB9C22BD6BFE ] NNSPRV C:\WINDOWS\system32\DRIVERS\NNSPrv.sys
20:39:00.0945 0x1840 NNSPRV - ok
20:39:00.0960 0x1840 [ F7C11C9BFE13CCEE4C96760D437AD7AE, A66FD750B16DBF29757805B9168C4BBC1ED0E6C75A04A8F7BD8EDFB86084F575 ] NNSSMTP C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys
20:39:00.0976 0x1840 NNSSMTP - ok
20:39:00.0992 0x1840 [ 73932C39B0117344CC9AEED5B8653F36, E135BD6D6D98D4B0FF540170403233155A3C0F4A08A694E33EAF8EF1E61627B9 ] NNSSTRM C:\WINDOWS\system32\DRIVERS\NNSStrm.sys
20:39:01.0023 0x1840 NNSSTRM - ok
20:39:01.0038 0x1840 [ D5F2661EB8D3027070EB630D3CA2DD86, 8999955CF5C16703BF2606DB4B8028F35429761E5FACE16E31C4FC9189FCAFBB ] NNSTLSC C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys
20:39:01.0054 0x1840 NNSTLSC - ok
20:39:01.0195 0x1840 [ 9B70CE32DD84A674B100BEA37F756016, 4B52FDA1FB24B02AE149AC70F46F3605B85A2A8AC5B948260BF53A5F076A674A ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
20:39:01.0320 0x1840 NOBU - ok
20:39:01.0351 0x1840 [ 41557BE174E9EC6AC703A8A4ADBC6650, 8CF6DF3FDC3C7C44B32851538A67BF86A54AB6444A424D7A20B7A9A94B4158D8 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:39:01.0383 0x1840 Npfs - ok
20:39:01.0414 0x1840 [ AC3F70FCFBCE97AA2F12BA43EE13B86E, D0AC50FB022C0F3031531CEE210D47FC3244C6FB55FAAD4AAB04081F0A21DAE4 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
20:39:01.0555 0x1840 npsvctrig - ok
20:39:01.0602 0x1840 [ 0AF4872D3D6FD3A030E836DAC2B3EF2D, 03EE7B6FAFC0BB5C26793BC5FF8BD1019AC96B3104688009C1E062C3F4F34D6D ] nsi C:\WINDOWS\system32\nsisvc.dll
20:39:01.0680 0x1840 nsi - ok
20:39:01.0680 0x1840 [ 66A98C407085B8920DF1E6D722F1ADB8, 3FE307E4A9E41B08E0453507E50D6D0C67FA6F4245A863D90181463C749C83B5 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
20:39:01.0727 0x1840 nsiproxy - ok
20:39:01.0821 0x1840 [ 466EC5659C02ED53DBD47DC1BC2B8086, 1F35DE75386F7D029C01D67B09D5E5157141C6892858885C11972CE73D6078AC ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
20:39:01.0914 0x1840 NTFS - ok
20:39:01.0961 0x1840 [ 383E546EF4982262A0EF6CC2B6E9D525, 3C6C90B62E8EB094E6928C388E5081A3F73DF87B0F34F716B72EA7B6EF71FBB7 ] Null C:\WINDOWS\system32\drivers\Null.sys
20:39:01.0977 0x1840 Null - ok
20:39:02.0008 0x1840 [ 466F875F1D4C6ABB46AF28007009237C, 26F5A5579737A7CF2267F79DDE5A551149C682D5FD24663B53FCEC5AA6B448CE ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
20:39:02.0024 0x1840 nvraid - ok
20:39:02.0039 0x1840 [ 76F19EAE7A52CBAF7B8EC428BE6E0DA0, CF1E55D92FA32744A20AB75D466A3E05E6FACF4694F9265C41F5C27C1E7243DC ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
20:39:02.0055 0x1840 nvstor - ok
20:39:02.0086 0x1840 [ 0D0CB77D74B38E0EC62341C19E469D8D, A05D3CC67FEEB2FD219BFAA34BF98CB3F3718042124AF28F0E9FDFB9F132DD76 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
20:39:02.0102 0x1840 nv_agp - ok
20:39:02.0164 0x1840 [ EA3FFE8617B9FCA1620AD9876E92F4F1, 68D5143CA71D10A2BB44E29B3C76580596669D0624076BCF6CCBA7AF3140538E ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
20:39:02.0242 0x1840 OneSyncSvc - ok
20:39:02.0352 0x1840 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:39:02.0383 0x1840 ose - ok
20:39:02.0664 0x1840 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:39:02.0805 0x1840 osppsvc - ok
20:39:02.0852 0x1840 [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
20:39:02.0977 0x1840 p2pimsvc - ok
20:39:03.0039 0x1840 [ 3612CE3432E0A2BE0081E6B488ACF84C, F1A641735FD374CA293FB98FADA2C41E2033B17FECCA3B6D225D0E591AFFF413 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
20:39:03.0086 0x1840 p2psvc - ok
20:39:03.0164 0x1840 [ 742FC7886B2F155317723F1D6B045F94, BCB0DC50A64423973694DD35A270C6C9F4BB5A0A0819ECA0287B8BB9458DB137 ] PandaAgent C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
20:39:03.0180 0x1840 PandaAgent - ok
20:39:03.0196 0x1840 [ 38F1AE32339731F6E5A7281AE8042545, 308954518C45D29FC199525F0CC7FE4EA805322EC0B871DDDCBEEC15355514C8 ] Parport C:\WINDOWS\System32\drivers\parport.sys
20:39:03.0243 0x1840 Parport - ok
20:39:03.0274 0x1840 [ 707889D2F95AAE8C9DD254D8767AD908, BE7BD94728D7629F8B7567523FFB42B8979941CEA2EA03E11BFCD51CF119FC27 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
20:39:03.0289 0x1840 partmgr - ok
20:39:03.0321 0x1840 [ A09B0D8F9F0FC17EBCE6481AC9FD5CDF, 8E8D68992D98CF3DBC4B70C7902B3EC28A1E2DA8D4DB38F0AD9D52B1A5A1D40F ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
20:39:03.0352 0x1840 PcaSvc - ok
20:39:03.0415 0x1840 [ 2834089EA4E550FF3B96E61FB4AA34ED, D25DAB47F9778675E984E0738D2014024C2758D52D7E071167A12FF466B7898E ] pci C:\WINDOWS\system32\drivers\pci.sys
20:39:03.0431 0x1840 pci - ok
20:39:03.0477 0x1840 [ 3D587E4295B11B8480F7ACB09A89D718, 8C3BD62B3451E1B2E7197EDAE381785406DF86C03BEEC486602C642FDD37DBC1 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
20:39:03.0509 0x1840 pciide - ok
20:39:03.0540 0x1840 [ B8F07002B5F1DA23CFF979C2806B09F3, AD5C589A02BB8185AA070420BF30E78BC8BE3C6F9B0F66319A8CA05B70A5ED32 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
20:39:03.0556 0x1840 pcmcia - ok
20:39:03.0571 0x1840 [ FF588077D0C6AC2EA3FCBF1903CE08D0, 64BE1646FB6D8CC902B6F386255F7C0420E3C334E14DECD527DD541B43A1DCD6 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
20:39:03.0587 0x1840 pcw - ok
20:39:03.0618 0x1840 [ 70469C8AC4AD367295E70CFDD81B754C, 3EC6FD742C7C60363939E5343477810D751D91D32A2F24285976C08A7C4477AB ] pdc C:\WINDOWS\system32\drivers\pdc.sys
20:39:03.0649 0x1840 pdc - ok
20:39:03.0665 0x1840 [ 688F47C342E1BBC87A48AB71D316233E, CE99AB67C7E7A11AC69C2F4513AEBDACA385BA7F8CC49BE6313CE04ED404A0E7 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
20:39:03.0759 0x1840 PEAUTH - ok
20:39:03.0790 0x1840 [ 189265498945593D5256CFF7FEBB9665, 9CB88CC3C726BFE6EDCE8D9E4544306AACD3FB9E969E3A438D9FD533F25C1281 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
20:39:03.0806 0x1840 percsas2i - ok
20:39:03.0806 0x1840 [ 9B86965114F6831A5130EFE6657B17D9, 4C5B657DB9A9F96BFD3EAFA756ED60D911EB58857C439F5FA6E495A473ED1145 ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
20:39:03.0821 0x1840 percsas3i - ok
20:39:03.0915 0x1840 [ 8A5A52C855FB5BFEF019AE9938AEA8AE, 77CB8A09B209DB5895319BA9D073A67148926E22C47836343050DFC178AFAEEE ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
20:39:04.0040 0x1840 PerfHost - ok
20:39:04.0118 0x1840 [ 839BD56425530973FF3F6F7C0057CD22, 9BADF39BC4628409CFCD5F1300C6040C49B2ED72D0FA389C6BB042E5B17E1A40 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
20:39:04.0259 0x1840 PimIndexMaintenanceSvc - ok
20:39:04.0337 0x1840 [ 82FDEC2A262728F62F2111A84CC04B16, A1FCE38D4F55F10BB9B3BFB7D9E3EF7C27D499D9C8882218C8A9A73487798188 ] pla C:\WINDOWS\system32\pla.dll
20:39:04.0462 0x1840 pla - ok
20:39:04.0493 0x1840 [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
20:39:04.0524 0x1840 PlugPlay - ok
20:39:04.0540 0x1840 [ F1E9C35A8DFD4D64382CFB9019A950F9, 24E0381C6909F9876D6DC4697DC6405FE18DF91531891B2CCA6DB0191B9C6DF4 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
20:39:04.0618 0x1840 PNRPAutoReg - ok
20:39:04.0696 0x1840 [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
20:39:04.0759 0x1840 PNRPsvc - ok
20:39:04.0821 0x1840 [ 62C0BD179961132EF2C5B952210C11F5, 2473FBB3619D0DDA229D4BEC30CEFE7497C27ED3844A5B7655F6F2D328FEAF61 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
20:39:04.0884 0x1840 PolicyAgent - ok
20:39:04.0915 0x1840 [ 6390391EDFC43DD11CE9E6AADCAC20EA, C8BC222FFBB9E47489D16BB5248E0E2E594011C46CFF71F5DBCC4D5CC6788098 ] Power C:\WINDOWS\system32\umpo.dll
20:39:04.0946 0x1840 Power - ok
20:39:04.0993 0x1840 [ 1433EB7908E5E1E20FFD50E4126C3484, 34D81680C8F2F2C5892FC0E0A6DFCBB241AFF493267A1FE182ED28AE9F712456 ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
20:39:05.0024 0x1840 PptpMiniport - ok
20:39:05.0212 0x1840 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:39:05.0518 0x1840 PrintNotify - ok
20:39:05.0564 0x1840 [ 22DE54C3974E4FD98F61D095C22C59B7, 64E78D6DEC4A28ABB0A23F2CF078459D81796EC79235AE45976ABB4F72B1D1E6 ] Processor C:\WINDOWS\System32\drivers\processr.sys
20:39:05.0602 0x1840 Processor - ok
20:39:05.0640 0x1840 [ 27D0B024BB356C6BEB1214B61E47DE02, 8CBDD62E243CC652F2197AE83DEDD21D91D2792558A6D7D1CC680B37607DEF4B ] ProfSvc C:\WINDOWS\system32\profsvc.dll
20:39:05.0702 0x1840 ProfSvc - ok
20:39:05.0741 0x1840 [ EDD52C352CBAAAD13FD7BD5DCEA309B3, EC7D294B23FD5C309E5C4C455896937B85DC615E1B36C9F8F3BDC90E75EBF9CF ] Psched C:\WINDOWS\system32\drivers\pacer.sys
20:39:05.0770 0x1840 Psched - ok
20:39:05.0829 0x1840 [ 7634AD77547B9B3E6C772956CBCF15CF, DBE1A1637BD737443DB090E6401594941E328C5E831DA2005921504596D10944 ] PSINAflt C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
20:39:05.0847 0x1840 PSINAflt - ok
20:39:05.0861 0x1840 [ 7D2D3E766EEB6F234931D46B99BDBF75, 38285365D350FBD3CF6C7A277FFEC9B2322E0BD25460A535802E84703115D1A4 ] PSINFile C:\WINDOWS\system32\DRIVERS\PSINFile.sys
20:39:05.0877 0x1840 PSINFile - ok
20:39:05.0898 0x1840 [ DB31C96C3A95E42366F9C4552F262A9C, E441505B70004376903BE7F41D7A84D79EFD6D6B7259F38A810B0EFD4065A068 ] PSINKNC C:\WINDOWS\system32\DRIVERS\psinknc.sys
20:39:05.0907 0x1840 PSINKNC - ok
20:39:05.0923 0x1840 [ 4A8D1170BB6ED097CAC6802CF6D8BB96, DF925F89E05E7CF19ADCF1909CCDE220285286D7BD5836F19DDFF4937DCF9263 ] PSINProc C:\WINDOWS\system32\DRIVERS\PSINProc.sys
20:39:05.0939 0x1840 PSINProc - ok
20:39:05.0954 0x1840 [ DC0689626D73EDDBF2C5C9EE3FD5F43D, 805900441A405DED77B00A2A5EA7ACDCD7F0842C8C21DA721B375B710811D98F ] PSINProt C:\WINDOWS\system32\DRIVERS\PSINProt.sys
20:39:05.0970 0x1840 PSINProt - ok
20:39:06.0001 0x1840 [ 8654C41241D78E82A7ED06CB93979578, 2AA77192D47B26092CAA7D97A37831CF131B4EF31F2928595DEA5C04C4B3F534 ] PSINReg C:\WINDOWS\system32\DRIVERS\PSINReg.sys
20:39:06.0001 0x1840 PSINReg - ok
20:39:06.0032 0x1840 [ F29E7E36F8A8A7BAC112327E842FF0B5, 41045499589E59C6448F09D162286A3EF7EA7600F0FE98CB560FAC95187C7E9C ] PSKMAD C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
20:39:06.0048 0x1840 PSKMAD - ok
20:39:06.0110 0x1840 [ EC01F4C59EEA2DDB6090F200FA493985, C93B8D80A2B401DAA75C13645F657451CE1D5899011A9CD1BD92E00570D1D035 ] PSUAService C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
20:39:06.0126 0x1840 PSUAService - ok
20:39:06.0157 0x1840 [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64 C:\WINDOWS\system32\drivers\PxHlpa64.sys
20:39:06.0173 0x1840 PxHlpa64 - ok
20:39:06.0204 0x1840 [ A5B22EACF1DA28E19CC9F80D37978657, 9543615574D540AC825DBE8D1581DFC8CC0B7A1113420903F6747E3789EEACDA ] QRDCIO C:\WINDOWS\System32\drivers\QRDCIO.sys
20:39:06.0267 0x1840 QRDCIO - ok
20:39:06.0323 0x1840 [ DD3FF2053356D11C785999BBC633F3E0, E9A5B7C657F4523E5DEF7AEE7ECFCC94E911FC65F1D491BEF01239F357B8D8E0 ] QWAVE C:\WINDOWS\system32\qwave.dll
20:39:06.0427 0x1840 QWAVE - ok
20:39:06.0473 0x1840 [ 51590F442C6E5D43244BA30DDB0CE79D, 9C7FD0A19753C13FD4A27EBFD60703A2414D5A2F6F451F0B32769C8D7C953980 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
20:39:06.0495 0x1840 QWAVEdrv - ok
20:39:06.0534 0x1840 [ E94067155C8AA4EF134CB2528E0C9CD7, 6EEF603F64827AB138930DFE379BF8E48E64AE8AA5EE7B9E0CA369022BAAA2EA ] RadioShim C:\WINDOWS\System32\drivers\RadioShim.sys
20:39:06.0544 0x1840 RadioShim - ok
20:39:06.0582 0x1840 [ E951E70019865B06126AF850BCCA2026, C590DE38C7603149AFA0271D57EEBAF956F18F50584FCF04BC2C8D8CEC5C5932 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:39:06.0627 0x1840 RasAcd - ok
20:39:06.0663 0x1840 [ 0BF8607133AE264BC3C41A5BAA5FFB7B, 9A4F6AC6013AB5C2A99BCFC2CCF161DD225DE8D85D61579655ADBF04A4383A61 ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
20:39:06.0709 0x1840 RasAgileVpn - ok
20:39:06.0750 0x1840 [ FE0976379F9E7DB6F7945FCEB88C7E29, BA331CE55C02E86478714DA87FAC547B50D53BC7D02BCA5A64D484DED44BFAA5 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:39:06.0802 0x1840 RasAuto - ok
20:39:06.0831 0x1840 [ CA60F6C03611AF1710BC903ED9F566FB, B5C9E8BAC631738761E11168AB68EB1ECC5EC96BF9A8248B9127DCF744CA4691 ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
20:39:06.0879 0x1840 Rasl2tp - ok
20:39:07.0004 0x1840 [ 586A17C10D417D889F1FF7D8636E2F34, EEDA4EE8D2BC5C8C7756AB79F1F19AF8B1C4057996748FAE4E3F37844DB0EB33 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:39:07.0111 0x1840 RasMan - ok
20:39:07.0133 0x1840 [ E5FA41160F5A3D78D8F7765E5C5F6BB0, 31BA423FFFC3206717DC34B482149421EE28B27A4A3BA2DC78C3B3A9EE0C1365 ] RasPppoe C:\WINDOWS\System32\drivers\raspppoe.sys
20:39:07.0170 0x1840 RasPppoe - ok
20:39:07.0195 0x1840 [ DF0834AE921E633E05D1FDC55C318957, 851A00961224DACBEF9DA427122F6B4B73BB99849D5ECB55DBBD311B2EA84C33 ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
20:39:07.0223 0x1840 RasSstp - ok
20:39:07.0254 0x1840 [ FC9B7AC6E2B837EF7CD6C64F7068D41D, 9B0DD842033E82BC7EE80416A62B084BF5200923EB7A6C80415BB28004E9B5E3 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:39:07.0317 0x1840 rdbss - ok
20:39:07.0348 0x1840 [ FB7375657F8A5932C35EAA45E9B4B416, 99594708BFD6DC9F8CECBF092058D4D0D4F1BC3204E86F9FDAD5207ED5ECF194 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
20:39:07.0483 0x1840 rdpbus - ok
20:39:07.0508 0x1840 [ A32AED8C644734B283A7C9D08D76064D, A12F67C57E43B6A2FE6449EA3822B1108FE70C66AF9911798777F85D760E384C ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
20:39:07.0553 0x1840 RDPDR - ok
20:39:07.0585 0x1840 [ 37CC7E41243EFBB4FBC0510E5CA32A02, 634E2F81D61F937F30E5ECE01FB581E090C6DA073EF7B1A3F6083ECAF363CB46 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:39:07.0602 0x1840 RdpVideoMiniport - ok
20:39:07.0655 0x1840 [ DAF957B25A35757E9D814611FAE8FE3B, 5244A427B2DEB5349B9F336A4A39A6834A6E8118A8EDA00738C6CE09F2452C24 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
20:39:07.0679 0x1840 rdyboost - ok
20:39:07.0749 0x1840 [ 2C72E029C153D25325CA182A669E4ADE, 5CE0E04A6B53A1F11E8159DFD1E59F2AE6631E3B5BD27BAAEC4A35BC02A55722 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
20:39:07.0811 0x1840 ReFSv1 - ok
20:39:07.0863 0x1840 [ BABEE4A896D005BD0D205F1C932DA25E, 269FDF65BE3A226FA2A5CA25085366E32ADAD30A020484FE844962E8C61CB1D2 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:39:07.0924 0x1840 RemoteAccess - ok
20:39:07.0962 0x1840 [ 066062967A77867BDCF665960EFDAD32, 68143DBDFA7C68786C22F5CC4E80200255C663A844069C080E7816F423ABB1F4 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:39:08.0005 0x1840 RemoteRegistry - ok
20:39:08.0084 0x1840 [ DF84555A734BA2BDA55BCCCC47095ADD, 639814A7F5B758792FE6D84E3FF312F9CE9DACB21B93EA43394DC7A04526CB81 ] RetailDemo C:\WINDOWS\system32\RDXService.dll
20:39:08.0241 0x1840 RetailDemo - ok
20:39:08.0288 0x1840 [ 6451FE42C35FDE3862D99579444F4A8F, BD56A1120AACF6143E6EB739E12BEE86DF142F1159865608BDF1BBE54B66AFCE ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
20:39:08.0335 0x1840 RpcEptMapper - ok
20:39:08.0366 0x1840 [ F24131EAD1D0B73463052BB042A37B6C, 43B5772310B200DF1914C8E4D10401A0BCE9082BDEAC34736AFB2920B39D7956 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:39:08.0397 0x1840 RpcLocator - ok
20:39:08.0444 0x15f4 Object required for P2P: [ 6300722E8527EC54D426FD00EE5196B2 ] Audiosrv
20:39:08.0460 0x1840 [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:39:08.0506 0x1840 RpcSs - ok
20:39:08.0553 0x1840 [ DC66C1D262D64E30A30B68E9F21AC74B, A5ED3D31BCD68DBC00A956787517ACA167C86F5FFDAF7C9A85505FA2B705C6CB ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
20:39:08.0600 0x1840 rspndr - ok
20:39:08.0663 0x1840 [ BC1FD4C82BF2922A8A6E8661DD1B8CE8, 254A790F0F10AD15C7C585D2918D4333C577EED848BA9FE4E2C4498E32494418 ] RTL8168 C:\WINDOWS\System32\drivers\Rt630x64.sys
20:39:08.0710 0x1840 RTL8168 - ok
20:39:08.0772 0x1840 [ 53FC65C60661B26BB8A47750306FEDF5, E376096556B29DB9726800DDFCDD6FFF281EFB94F4EE64F794ACC851AB3954B9 ] RTSPER C:\WINDOWS\system32\DRIVERS\RtsPer.sys
20:39:08.0835 0x1840 RTSPER - ok
20:39:08.0866 0x1840 [ 88F7703F2A4677C828124AE2110D3EBC, 529F6A5815806F2EA2235802BD28AF8D7A40E7799356BD3EC337C9E71B6B53E6 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
20:39:08.0913 0x1840 s3cap - ok
20:39:08.0944 0x1840 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] SamSs C:\WINDOWS\system32\lsass.exe
20:39:08.0960 0x1840 SamSs - ok
20:39:09.0006 0x1840 [ B467E932FE4E16E201DC7E56870CB559, 6FCE9A2DFC5D222BBEA4AA271A17B830FCF8EAE44B07BEE5FF34AE50CABCBB6A ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
20:39:09.0022 0x1840 sbp2port - ok
20:39:09.0083 0x1840 [ 3E115C63649402D321D396F8D606C9B0, F4BA7FE0E89D563A57B6865E4CF1334998987D11A0D70FF7491726A507B40DF4 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
20:39:09.0123 0x1840 SCardSvr - ok
20:39:09.0154 0x1840 [ 67EFFD3D1BB6D2B67DF7F8FDCB1A51FC, DE41539FAC730F5CFF6C8754ECFF1253AFDC1C86743AE71B61D716B7A84E85FD ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
20:39:09.0201 0x1840 ScDeviceEnum - ok
20:39:09.0232 0x1840 [ 31DDA0716EC265CA57DAF9D2295FD76F, E6F39C1B3CF81918277DB8C6E3DF9A82812E1C9063DEB1FB85FE433DC9A16CBA ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:39:09.0264 0x1840 scfilter - ok
20:39:09.0342 0x1840 [ 1BFAC03B6422E878EFCDA934BF4C4823, 0BA537A4B9E8020E6B709A44F1382DB3B41CEF631B847201F812152FEB303CD3 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:39:09.0561 0x1840 Schedule - ok
20:39:09.0607 0x1840 [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
20:39:09.0654 0x1840 SCPolicySvc - ok
20:39:09.0686 0x1840 [ 004C66464D8FE76D5DA78BE6777D61AF, 58B5C436798EEBBE7081D54B55B70DEB15331856802CD45E3FF8BDE794F06A27 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
20:39:09.0701 0x1840 sdbus - ok
20:39:09.0732 0x1840 [ A906C527B838A4922611C63EBD250F91, 6BB0054A9C2408138BDF49D834FF99B5B9764E7747ABC15016F54FBA1D28394F ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
20:39:09.0857 0x1840 SDRSVC - ok
20:39:09.0889 0x1840 [ F4BF50A7D16A97A887BFA0F193693C42, EEBF5AAC149C72F490BAC954B25BB6882B10FC38F93CA4F4829A06702B1ECEF9 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
20:39:09.0920 0x1840 sdstor - ok
20:39:09.0920 0x1840 [ 648A299839E8F48A946C41DE270D28F5, EEC9A5FCBE3FF78FB5E0452FF1932A8B0C7399688041E22555703CB1977A4428 ] seclogon C:\WINDOWS\system32\seclogon.dll
20:39:09.0982 0x1840 seclogon - ok
20:39:09.0998 0x1840 [ 29452A9DA3E3482F0C2963312F979053, E1782D36C336C4B4C261AD665C1E9051905AA86020E08FC94069972AF4C4DB4B ] SENS C:\WINDOWS\System32\sens.dll
20:39:10.0045 0x1840 SENS - ok
20:39:10.0107 0x1840 [ 919BA7E3054E4F1D61A3524ADCE6A970, 3C382673DF5AF2F38A5AE4A268F5856B0CC9E65D52213DE6D2C06E252753B73C ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
20:39:10.0514 0x1840 SensorDataService - ok
20:39:10.0561 0x1840 [ 01C2EEA7870FE26A4A6CCBA5421CC7E5, 9E643AB6BCBECE4F2A5FD4C96547A4E3F2BDFEFC5FE24B802467718EC69929F8 ] SensorService C:\WINDOWS\system32\SensorService.dll
20:39:10.0795 0x1840 SensorService - ok
20:39:10.0826 0x1840 [ D2FEE824B4AA0BE377F1353E5F915BF4, 00D754C62F3482BBD0EA72C896139C39D15192B2D9FCC7B755D1FB9DF9FCFD9B ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
20:39:10.0920 0x15f4 Object send P2P result: true
20:39:10.0951 0x1840 SensrSvc - ok
20:39:11.0014 0x1840 [ 9DB0BBE3ABE1F49651AE51EC5BCABE58, 0B46C1F231F41766AB73EE7E9834D3CDACA602D12E702D9277E28B47417D9CA4 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
20:39:11.0030 0x1840 SerCx - ok
20:39:11.0061 0x1840 [ C4AF79C37334D995D95C22C14FDBF7FD, 4D4985921261909F2123467A22EDB102B490710F60AB935624435E5BB808A0E9 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
20:39:11.0092 0x1840 SerCx2 - ok
20:39:11.0108 0x1840 [ FC541A272F47BE03E67A9FCB87FA8C3E, 730A3616FD67E9F2832442144B2655A8EF78B9AFCB204113E73E257256491354 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
20:39:11.0139 0x1840 Serenum - ok
20:39:11.0170 0x1840 [ 2A5F5F95FCA123DCBF53B5F603B64789, DE5C9E1D88B2C180B137DA7839F3EF6C936A171ABA49F89C10EE9C73A2226F3F ] Serial C:\WINDOWS\System32\drivers\serial.sys
20:39:11.0202 0x1840 Serial - ok
20:39:11.0233 0x1840 [ C8738887228B7BFA3B1A906816A8BB12, 328283569201791891D5E9FB3028DB5B9FD93A7BEFC00C7DEBC2CC5731DE64D5 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
20:39:11.0295 0x1840 sermouse - ok
20:39:11.0358 0x1840 [ B1CB58853153397DFFA2D13A81451D09, CC9B3B064711E9B5CB38DC1C84DC410033939848BD31BB0D12F990E8154F357E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
20:39:11.0405 0x1840 SessionEnv - ok
20:39:11.0405 0x1840 [ 67832B68752CDF7FDE56949E4A2E70BF, A72320EA8575A751DF86A1EE7969AD9D548D6185F2520197262E11B79FF8222B ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
20:39:11.0436 0x1840 sfloppy - ok
20:39:11.0467 0x1840 [ F10E5536E1C753E01CF19FA4F466CE90, C9897F22B176D84CA233F864078895E3DAD4DAD090FACBB01BD6E59EE337B47C ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:39:11.0530 0x1840 SharedAccess - ok
20:39:11.0577 0x1840 [ 4AC12D495B3CB4275F74C68A7A017561, DC53EBD606ECCD8BCF6D618C0EB58B03F5C20F09E0F0AEDE9B8082D6B208B19A ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:39:11.0655 0x1840 ShellHWDetection - ok
20:39:11.0670 0x1840 [ ED058030296CF9B79C8D48BF43724323, 01DC7C2590DF48116CD1A126F207FE5DE439A53286BAE3736E22EE3D1CA80BE3 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:39:11.0702 0x1840 SiSRaid2 - ok
20:39:11.0748 0x1840 [ 633D3D1581E9DCCD5A2D8F039104C9A5, C44B5097016C2AEC8B41F77425FE44413562F9DCF0C0C11CA69D8178970B4706 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
20:39:11.0764 0x1840 SiSRaid4 - ok
20:39:11.0795 0x1840 [ 0CCFDCB61625C7FBFE612363401ACF20, 88A1ACFD95F020C2A5BBEB1D2BE1E977D6F6DC219C1BAC9CDF6779D8D3E3C406 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
20:39:11.0811 0x1840 SmbDrvI - ok
20:39:11.0858 0x1840 [ 35B8FC714C2E7F07F7DC7C64452153F8, 6D45EB01B5F972ED0E5520E771F007FFEE892054FABDB3DD00D3E9915D3A0A31 ] smphost C:\WINDOWS\System32\smphost.dll
20:39:11.0936 0x1840 smphost - ok
20:39:11.0983 0x1840 [ DE3A5C27EC842A113F68A2705FF63B00, B134EF63708A892B673B539F544F7980FF72838D822E8E4CCDDB359B22CB8805 ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
20:39:12.0077 0x1840 SmsRouter - ok
20:39:12.0108 0x1840 [ CD1056818A6FCEF4D32BD1D6E34070D5, F5BFB61ACB220A73B0DC4487B049F52E9F9FA2D4188C001E7A5838D47CEA6343 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
20:39:12.0170 0x1840 SNMPTRAP - ok
20:39:12.0248 0x1840 [ 21FF393512F51F5A98620C794B4488A3, 8A35923D3D6993FC014D86F0F7BD5C106586824DB8D26C04DC2AD0B8ED13ED20 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
20:39:12.0280 0x1840 Sony PC Companion - ok
20:39:12.0342 0x1840 [ 187B4AD4446C59F8FCC4A10F473EE3D1, 0AAD961B3D7B3484DC89CB86F3EC96CEBFABB7224A5BFB48083DE8F1805EA7B4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
20:39:12.0373 0x1840 spaceport - ok
20:39:12.0389 0x1840 [ 2799FCA215919FDC9A87C5FCAB530828, BDE968BF26693AA4D70AB669896BCA49C6F533EA226386B35B0EA589A55227B5 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
20:39:12.0405 0x1840 SpbCx - ok
20:39:12.0467 0x1840 [ 58C17D92AD61EC7A98B05F4FAD0D205A, B881134A1BD9194145A9D18BDB34D57E2C167F06C2A9368459D0C33E6E0D6501 ] Spooler C:\WINDOWS\System32\spoolsv.exe
20:39:12.0577 0x1840 Spooler - ok
|
|
01.12.2015, 20:54
| #4 |
| | Laptop mit Windows 10 hängt Teil 2 von TDSSKiller: Code:
ATTFilter 20:39:12.0827 0x1840 [ 5C31E109943E67CFC801810C00AB63EE, 9A80D7CDA1135EBCE10E753986A59CFA3D8D49F9B0BE38FDF99880B1DD88C41D ] sppsvc C:\WINDOWS\system32\sppsvc.exe
20:39:13.0139 0x1840 sppsvc - ok
20:39:13.0202 0x1840 [ AA1F23501511EFE9CF9771F6B20E8D45, E786852D9877CCFD35444F8FC694467132F868D87A8C344FD1016FFDE74695A5 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:39:13.0264 0x1840 srv - ok
20:39:13.0311 0x1840 [ F5B169EDF9D5E3C7200D89D30E065D13, 12BAF3A3CB76F0900FA53681C9AD16F40308F493BA22C0F60E1E268D0D6AF825 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
20:39:13.0358 0x1840 srv2 - ok
20:39:13.0374 0x1840 [ 2E142E027F0AA698BA4DCE49CBDB43CD, A21027BBBC75A55A8B302D028113A0683016E4C72790A8C561DDB1AE7FDB4289 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:39:13.0421 0x1840 srvnet - ok
20:39:13.0468 0x1840 [ BF71B3FB5B7557CB740CDB09C5FB50D9, D6F9E65FDC9C4ADAFE82D94F71A1F5960DB3BEEBF4FE5B2D087515C4FAA5F287 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:39:13.0562 0x1840 SSDPSRV - ok
20:39:13.0608 0x1840 [ EF1BC04215C201ADA3F7F5A2F034EA21, E1A7A0FA2032B9E7D3951100E74C04D93CD848C88D23D57FBA0BFA2816B29C61 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
20:39:13.0687 0x1840 SstpSvc - ok
20:39:13.0812 0x1840 [ 78760751FBCB900F6F68CA1700DAE2DC, 356914797056B11745E18ECD033B8DC801C3C3DD6C5127FCD430A02C4FDD34A9 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
20:39:14.0030 0x1840 StateRepository - ok
20:39:14.0046 0x1840 [ DDE064A4298FD1FBF804D3ED691E7EDB, B0D117B1FC0DA2CB76F5F63699E2F108930B6C6721AC443111D48215ED624278 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
20:39:14.0062 0x1840 stexstor - ok
20:39:14.0140 0x1840 [ 60F04DF1AB55D6D4BDA02052DD20537E, 52996EDF2C06968DADC9BDF24E4039929B81643493C7193B8CC4A6BD1A3AE761 ] stisvc C:\WINDOWS\System32\wiaservc.dll
20:39:14.0327 0x1840 stisvc - ok
20:39:14.0359 0x1840 [ 32C95F44108C3E7DB58F773346E3C9D0, F852D8ECA06080EA6DE1A90509071965A750D9CFC9627F0D4DB8ECC57133B0B5 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
20:39:14.0374 0x1840 storahci - ok
20:39:14.0390 0x1840 [ 8883C8CE4942A99B84E1CC6EFA19738E, 60C1CDA4382F8EE70D810DBB1BCAF5F389433563FF23EEB84859612F396D8CE6 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
20:39:14.0405 0x1840 storflt - ok
20:39:14.0452 0x1840 [ AE7B7E1E95BFB9340B1956C98CA52C81, 3E0214A0C486C1CD05D9BC57E58A998A3CEADDC1D24AE2A75098F56B37069160 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
20:39:14.0468 0x1840 stornvme - ok
20:39:14.0484 0x1840 [ 63513EF3121689B3A59BD217618A2E42, DE9B89732801DEC60BD116D58CFB427F7E37F093BE8A9F6E0CAC729B5346B314 ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
20:39:14.0609 0x1840 storqosflt - ok
20:39:14.0655 0x1840 [ CC96FF061C772340F2ED89ABBA567ADC, 028CD44405B7FAFC7BF331DD729E44E0594A63386F48CF39D7725A58B3DE22D6 ] StorSvc C:\WINDOWS\system32\storsvc.dll
20:39:14.0765 0x1840 StorSvc - ok
20:39:14.0796 0x1840 [ 000F5CFCEF0F06DC8FD1D2F568E48AE4, C1FE485E57A1B912CE79556E0EFF03CC11362E7966D250E3AA4962DCCB8F8EE6 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
20:39:14.0812 0x1840 storufs - ok
20:39:14.0812 0x1840 [ 7415087F9006D6818F85F3CBD79B1A50, C768EBB2263375D285D689FEEF546147D42D7376977424A4D6FD655CC78EA7CD ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
20:39:14.0827 0x1840 storvsc - ok
20:39:14.0859 0x1840 [ E49858EA5865A015EB78B7F7C1C07DE2, 1ADBBAC2D2E2E3C40AB0BDDE068001E76A8DAB79C54F06479F7A4567DAD7A7A8 ] svsvc C:\WINDOWS\system32\svsvc.dll
20:39:14.0890 0x1840 svsvc - ok
20:39:15.0015 0x1840 [ 802278EE4ACCE9EA1F1481DF20EB1667, E78F0DA2CA0B2C2DF3B7E3B2A22C03380FE649813EE6EB31067C5FB6727DB7BD ] swenum C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
20:39:15.0046 0x1840 swenum - ok
20:39:15.0155 0x1840 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:39:15.0265 0x1840 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:39:17.0578 0x1840 Detect skipped due to KSN trusted
20:39:17.0579 0x1840 SwitchBoard - ok
20:39:17.0619 0x1840 [ 313D2C0DBA0B23A8302254FD317D2EC8, 20B98D6F33FEC7ACBCEED9757A3FEAD837FA7BA378BA25575A33EA45E076FC6B ] swprv C:\WINDOWS\System32\swprv.dll
20:39:17.0671 0x1840 swprv - ok
20:39:17.0705 0x1840 [ 12D0CB1DCAE6725B6CA54CC2038C4C8C, 7D224298E440B8C5FDD99A52485A6245DE5109C9A02E65AD38F1EC6DBF4AEEF2 ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
20:39:17.0745 0x1840 Synth3dVsc - ok
20:39:17.0807 0x1840 [ D154C83B12ABD0227531D48F10AB4944, F6C9BFC2C1A4BC83E45D1F45C1922C99A7E17E4BB9B76154179A6C990CB5FF84 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:39:17.0859 0x1840 SynTP - ok
20:39:17.0952 0x1840 [ E4DEBF8D1983712E5E3CF8A7D87D0ABD, 0D76A7E425F9125ADFA1278CA03A838B91FD0E55F7CD17A1A926668411E30611 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
20:39:17.0969 0x1840 SynTPEnhService - ok
20:39:18.0022 0x1840 [ D5B31B2F14848015C211F1D674A82F3A, 58C18254C817693DB727090D1CC518032B3A67C5B3FC7F2F8CE4613A33790CFA ] SysMain C:\WINDOWS\system32\sysmain.dll
20:39:18.0326 0x1840 SysMain - ok
20:39:18.0361 0x1840 [ D5AAA188C70146977CFEE8D128599F3F, 9ABC30982E552EAF41FE84397EEEE5A3187444062C662D7CF35A03E3B274AFB8 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:39:18.0477 0x1840 SystemEventsBroker - ok
20:39:18.0520 0x1840 [ 95875059929EF91B55EA612D7967DD3D, 5F734209C8C9725376F7C146ED84999CC6D019C4C10B1795F53E72BE8853E2DD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:39:18.0821 0x1840 TabletInputService - ok
20:39:18.0884 0x1840 [ FE33F417DFD9847CB571D3C7EE5FA7E3, B3C7BE7998B9B093DD969A2588EE8CEBD9771331A63D4B1D86A188317B5EE71C ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:39:18.0931 0x1840 TapiSrv - ok
20:39:19.0035 0x1840 [ 7EBD20284AC9BF9F0A020B86769BB074, 26D8CC9C1EE069BB617973BA7CBCFC36BAF1EABF975F395077547F930197A56A ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
20:39:19.0164 0x1840 Tcpip - ok
20:39:19.0233 0x1840 [ 7EBD20284AC9BF9F0A020B86769BB074, 26D8CC9C1EE069BB617973BA7CBCFC36BAF1EABF975F395077547F930197A56A ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
20:39:19.0325 0x1840 Tcpip6 - ok
20:39:19.0380 0x1840 [ D378A1AF58AFA84BB6AC753F2C1BE9F4, 8BBA623193D51E6A8DD0627FA08C93B918EF1BA2EEBA46CDBB86FE6A1007FDEE ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
20:39:19.0418 0x1840 tcpipreg - ok
20:39:19.0453 0x1840 [ D42AC03ACF9CA67693D1D9BB4D2A0BC8, D39D5180F3CDB23B4551A8C98F3C92A960B4CC9FA48E0FE11A6D89B0C247783F ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
20:39:19.0477 0x1840 tdx - ok
20:39:19.0500 0x1840 [ CCDBD2817C10A4F631280CBB3AE44FFB, A022DEF4D3CF75F41FA26275347F4BA38A513AD32FF18385C2E756DECB61D404 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
20:39:19.0504 0x1840 terminpt - ok
20:39:19.0567 0x1840 [ A0608264209A836821D6AB8C67B108AB, 7912C75F72BCAB7426A2E00C597C8D94C185B5DD31BD6C4BE5D56FECD5B0D9EA ] TermService C:\WINDOWS\System32\termsrv.dll
20:39:19.0676 0x1840 TermService - ok
20:39:19.0692 0x1840 [ 261830B1E3650E4471E1F98850B929B7, D281B8A93315E64C7AF5002E5BFBE6AFF8B35FD6AA747AE07D7AA96F4AFAA613 ] Themes C:\WINDOWS\system32\themeservice.dll
20:39:19.0773 0x1840 Themes - ok
20:39:19.0803 0x1840 [ 8D23F0819A00C547814409B734DD3747, 0E1B25A53C84486F8A57F309F3C016114F90F5AF5E576889BD230931F38594A5 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
20:39:19.0952 0x1840 tiledatamodelsvc - ok
20:39:19.0999 0x1840 [ 354DAA630928CD4DA2BC84A0DA4ADA9D, AFAE4948EA4F899267DC52DF9A06450FC3E77083B563E541581DA90685C7E98C ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
20:39:20.0062 0x1840 TimeBroker - ok
20:39:20.0101 0x1840 [ F4AEDABC8F3A9D632F8206D0C7F8CA09, 6E76749CD4B857B4D930267E3CF448AF4D14FAC851873C5E71572E62CAD2FA36 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
20:39:20.0127 0x1840 TPM - ok
20:39:20.0136 0x1840 [ 2D0338A3009075FCCB119CB7F3280F82, F42F3B8DA0F8B2C99892E66CDEF471A1CD30A30CF437ADFF464A2C786A6B87A6 ] TrkWks C:\WINDOWS\System32\trkwks.dll
20:39:20.0183 0x1840 TrkWks - ok
20:39:20.0261 0x1840 [ 62D6A900C5DFF2ECF131384E5A5C85AB, 1AF1FB868C59DFF452E3351EE5070B2C746DE606B9E2F1834CE2256F41ABE7A9 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:39:20.0324 0x1840 TrustedInstaller - ok
20:39:20.0371 0x1840 [ 676C801CAA61AADD0C918CC536A74B78, DB5DEC9445272E46D32DC2A9A99A9AE45729E424E61C679ECFD973AA88457BE6 ] TsUsbFlt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
20:39:20.0491 0x1840 TsUsbFlt - ok
20:39:20.0517 0x1840 [ 2BB6CC0DD1CEE86330743B56FA9FE91F, EE71E3DEECA7599947AB09E8967FE8066348D82B4C17D8CBE800FCDE9CF4989D ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:39:20.0555 0x1840 TsUsbGD - ok
20:39:20.0587 0x1840 [ 14B46248612DF1B1A695040FFFBCFAFC, 8C373A3C416FC9AB3872A187E64AC7A6E69FF605BD8784E8F2B1C28C293A0495 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
20:39:20.0817 0x1840 tunnel - ok
20:39:20.0833 0x1840 [ D0BE5EA1652D55029C9A898FB8ACFCE0, 80C4BC30B967C79B3457F43EB9B530CA2571C6158958879AC55E5A81F71CFF15 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
20:39:20.0864 0x1840 uagp35 - ok
20:39:20.0880 0x1840 [ 13C15E4B238895FE4731DB1D612EEB5F, 211E4B05AA09F7FBE2487C3241A98D1F970FEE5B9B1BAED2788B57233BFC4104 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
20:39:20.0895 0x1840 UASPStor - ok
20:39:20.0927 0x1840 [ BEBB8B55C5F99B69EEE39A9D7BADB21E, 08A094EA38AB58CC70108A3BDFDD3251897DC4B13FDDAD54C1B063137836EF34 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
20:39:21.0036 0x1840 UcmCx0101 - ok
20:39:21.0067 0x1840 [ DE3EDAF609D00EA2E54986E6459796A6, 61A9AB51869F38300CC5CC5D302B962FB966F54CBB2E393954F36372B3A479FE ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
20:39:21.0442 0x1840 UcmUcsi - ok
20:39:21.0505 0x1840 [ FB1C1D8B96A482F3581338D6752E1D6C, 0FFAEE3E088614B3483C459513BB9D78EB76B574696FD877A3CDF6A11378F46C ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
20:39:21.0536 0x1840 Ucx01000 - ok
20:39:21.0552 0x1840 [ 4E1543ACE2F6E2846713E5123D9D4159, 1A6AFC525A80D1F19B14CDAD38790DF7293911C4D0E8301161D92201B934C3D4 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
20:39:21.0630 0x1840 UdeCx - ok
20:39:21.0661 0x1840 [ CDCA9CC1D8293E75218D8FF85F2337A4, 173086C08DDC7625E026E425F1E2B5D6C795771BEAE9BFF6093E3592FBEBD323 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
20:39:21.0708 0x1840 udfs - ok
20:39:21.0724 0x1840 [ BC683E19307C533C7161DB7A58051347, 5553BE3421986FDD9992EBFD883CDA151F7166C01BBFA3E9183A3C93E41D79B6 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
20:39:21.0739 0x1840 UEFI - ok
20:39:21.0770 0x1840 [ D14B42C26DE402F316D49667D15446F0, 61CC9FF03EF78631C800EFD8D587975CB94D53DB80E6F60BD13BA52EC5690D3D ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
20:39:21.0802 0x1840 Ufx01000 - ok
20:39:21.0833 0x1840 [ 192470BE4321791FBB25F379D0141D6F, AD120F8F98BD99014471CE60630B5FEE7555AB261C98B7D9819FE23C386655F7 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
20:39:21.0864 0x1840 UfxChipidea - ok
20:39:21.0880 0x1840 [ F7BD838E84E6B286DBCE068EFB8C0800, A55188C8F8BDC739A7ED7D29CDCB2A17468BBB158E13D804963B31ED73449520 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
20:39:21.0895 0x1840 ufxsynopsys - ok
20:39:21.0927 0x1840 [ C844E39B900FFA46CA8DD2BBA670A077, 0CB6232BCE47C59821DF25D6ED33E85C3E32DDAB101AA8A2C22B5401E73F5D5B ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
20:39:21.0958 0x1840 UI0Detect - ok
20:39:21.0974 0x1840 [ A25842AC180F0E8B02380ECB8ADA1AF5, AF22E7559C5EF8DC22A2B9E27FFFFF075B1D1B68A8307266BD9473E0FAF36BEF ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
20:39:21.0989 0x1840 uliagpkx - ok
20:39:22.0005 0x1840 [ 21088F43172525C7E02D335A3327F46C, B04AD471A7DFE83AB557DB4540616B7DF4A1904F8BDDCB920D449FCEE6F36FD5 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
20:39:22.0052 0x1840 umbus - ok
20:39:22.0083 0x1840 [ 294A291B5D48FE8F38DD94B7272442C5, 66C9139636760C92C1E04FCF440C432FF6C5A94E1577CAFE1D61FCF2D30472ED ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
20:39:22.0145 0x1840 UmPass - ok
20:39:22.0192 0x1840 [ 3427889AECC3B6912A0A01D095E32B98, 322AE14B74295ACFC124719BBEF8809201150A184E262EC55E26D2B45787BF9D ] UmRdpService C:\WINDOWS\System32\umrdp.dll
20:39:22.0302 0x1840 UmRdpService - ok
20:39:22.0380 0x1840 [ 0D5C9E27E93AAEA3E30A1E59A7AC3DFF, 31A203DA03877E6B887930990C5BB53402F0DFFB22A6F8FC5A34EF0B99CD8A7E ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
20:39:22.0505 0x1840 UnistoreSvc - ok
20:39:22.0629 0x1840 [ 6EE394F8BFDC59D51E1C347246867004, DDD2A7CF321A4EF0BA2F87EDA61E477CBC8A63D99D52CDBFA71CA28140DA780D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:39:22.0645 0x1840 UNS - ok
20:39:22.0707 0x1840 [ BD693208673F40BA21AA70B69F1D439C, E324947C2DD34386A83B09E73668F1CCED127AC91194B8BF7EC4C8E36CF8203E ] upnphost C:\WINDOWS\System32\upnphost.dll
20:39:22.0754 0x1840 upnphost - ok
20:39:22.0786 0x1840 [ A7A52EDDC3FAF183D6AC4774690ADF13, 630A0331F2EFA2DC7EFDACD08D8DF5C85BFDA30FF1525050FF54E069AFA45F6C ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
20:39:22.0801 0x1840 UrsChipidea - ok
20:39:22.0817 0x1840 [ 2EEA0897DD9E30E958B508D557F0B5E4, BE051A3AA5DFF56310FAB67AD19AC0443A3580542886EF3554EBE18F1323596F ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
20:39:22.0832 0x1840 UrsCx01000 - ok
20:39:22.0864 0x1840 [ DC54D775A3A61E4CDE871B4E38A1459A, CC996A9D293201BBD285E7B629B12EE88574702B8AC7BB4149439D6A25A07F7E ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
20:39:22.0879 0x1840 UrsSynopsys - ok
20:39:22.0926 0x1840 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
20:39:22.0957 0x1840 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
20:39:25.0283 0x1840 Detect skipped due to KSN trusted
20:39:25.0283 0x1840 USBAAPL64 - ok
20:39:25.0315 0x1840 [ 18B63A0980F4AA1E6D7879B253980E37, 05F96DBE0A3DE2A685DEEBA8B6838A47AEB7CE2EBE8EB6BAD67B36DCF7E73589 ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
20:39:25.0346 0x1840 usbccgp - ok
20:39:25.0361 0x1840 [ 1C60A1A3C8E1E819E16F12BAEB1C83F8, E255BD173DBF091C5EA07381862E23C1FD761489EC396E312974FBC124E1F33A ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
20:39:25.0393 0x1840 usbcir - ok
20:39:25.0455 0x1840 [ 9A3E39F85DC6E3B9F792F1095ACFF788, 66B8E137A5232E9F717907CFD49FE624AE101F4DE14E2960849DABF7A877E87A ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
20:39:25.0487 0x1840 usbehci - ok
20:39:25.0518 0x1840 [ 0A368247A900656CC0678117DFC3A87C, 9BEAD14DA067439D913F609955E95CFA0B88ED4F1BC60B473E00F9D9CBC01B9C ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
20:39:25.0565 0x1840 usbhub - ok
20:39:25.0596 0x1840 [ C08449092043601887A1743350888635, 5CD916649D2CD8823B89C9E7459AD76AA8E54D70B6D9F40AD4A41144E22ACBE0 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
20:39:25.0643 0x1840 USBHUB3 - ok
20:39:25.0690 0x1840 [ 72EA850B59F40C25A4FEDDA5FE84EFEB, FB4801AA1FB72FC1C41024916368823E88D53E338640E3BEA865B0F0E7B8EE91 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
20:39:25.0938 0x1840 usbohci - ok
20:39:25.0953 0x1840 [ 47B2B2DE152E25546944049CA1170BB1, DDA0A806D3108B2475AB13F584EA8CE6F0932C5E394C2C3FA691DFAB8A2BCAC0 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
20:39:26.0031 0x1840 usbprint - ok
20:39:26.0062 0x1840 [ 1F72E1A7E1858B7B3FF81522FCEBDE95, 4FAD243DA73C45CD5CA5E50F824F30EF0DC777D83957FD21FF43D8C89EC15AAC ] usbser C:\WINDOWS\System32\drivers\usbser.sys
20:39:26.0305 0x1840 usbser - ok
20:39:26.0361 0x1840 [ CD35467670DF1E6FBF36DA308F0C872B, E1F4F9B1EBD476394CBD0C934842AEE2502B030D97351B0A1E751FF23B011B57 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:39:26.0382 0x1840 USBSTOR - ok
20:39:26.0399 0x1840 [ DFA92EA105DD1073B43FB210EEB03DD4, D940432458F0A04F5013B48197CEA0412C8A909C50605AA21DD08271C90E2FE3 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
20:39:26.0470 0x1840 usbuhci - ok
20:39:26.0516 0x1840 [ B1484D4BBC6B7B424F1CD1554B0AFB84, C9432978603360182AAA983248FFA97576B3C59BE5DA45473DFA17E2940479C8 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
20:39:26.0577 0x1840 usbvideo - ok
20:39:26.0618 0x1840 [ C67A03F54A1EA683F4880A481EE5FF6C, 346185B378577FF14EFAD01ECB7DFC9AFC0D50F16DF081C3BA99AEFF710A0EE9 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:39:26.0650 0x1840 USBXHCI - ok
20:39:26.0720 0x1840 [ 32212C0FE0556915E763C29DEB6D267E, C5BC9DA3AB0C41604E8F3D01AFC2C25351FF5D3967E766DD0CDB4C0239ED6312 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
20:39:26.0844 0x1840 UserDataSvc - ok
20:39:26.0891 0x1840 [ 19DB66E644058AA880AE20144FA40839, 3622EBD3E203C436000947666E7CDF9B075951CC1929241CCCDB123F55F93E46 ] UserManager C:\WINDOWS\System32\usermgr.dll
20:39:27.0031 0x1840 UserManager - ok
20:39:27.0085 0x1840 [ 0CFEA30C0217EE74FF853B2B0CC0BE6D, 1F0856D2D94F46D7B24B7EE18ED868C9EFAE972039D35D1FAA9058A12CF40493 ] UsoSvc C:\WINDOWS\system32\usocore.dll
20:39:27.0384 0x1840 UsoSvc - ok
20:39:27.0400 0x1840 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] VaultSvc C:\WINDOWS\system32\lsass.exe
20:39:27.0431 0x1840 VaultSvc - ok
20:39:27.0478 0x1840 [ 26223003DDFB347B5CF3EC0B56DB066B, 78848BE1334C05F28FA431B08225EAE8345B2C66E7D677F9936892FC941EA961 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
20:39:27.0494 0x1840 vdrvroot - ok
20:39:27.0541 0x1840 [ 0C3F4E7684C1D72E85A98689E65A98A1, F7928D3EFC1A83125887ADA5F8E008022B58F0DBA8A711B4D60975D8CE82B595 ] vds C:\WINDOWS\System32\vds.exe
20:39:27.0645 0x1840 vds - ok
20:39:27.0676 0x1840 [ A417284BC6B5C2EEF63F2C5154473530, 55146660CDDD829630C216038E6500CFAC906E67C82881047B665BFEEB286D10 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
20:39:27.0699 0x1840 VerifierExt - ok
20:39:27.0737 0x1840 [ 4C39C05A72EB14C0567501C7E087E564, D3DC122B7E4A5BD345517FE3A9E9E58CD3C78887F9F327AB782BADCAD0F8F2EB ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
20:39:27.0792 0x1840 vhdmp - ok
20:39:27.0801 0x1840 [ C42206A15078596FDE8E89BB629DE342, B95F9EC2413ADE658A7CE4A9BB57A0E125C29205C24BBB120153DACAF4CF9482 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
20:39:27.0832 0x1840 vhf - ok
20:39:27.0888 0x1840 [ 248D9F911A5C94CF8477125DD0C3A291, 418C7285184BCC9DE4E56175960585867A5DB21FEF761C49FF6F1AF1C07D8088 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
20:39:27.0902 0x1840 vmbus - ok
20:39:27.0918 0x1840 [ 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E, 2B5CF364F4D1D3359FBEA8BB2E72A1FCE1277E8D893977B751D9AC10A27DF018 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
20:39:27.0933 0x1840 VMBusHID - ok
20:39:27.0980 0x1840 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
20:39:28.0043 0x1840 vmicguestinterface - ok
20:39:28.0058 0x1840 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
20:39:28.0105 0x1840 vmicheartbeat - ok
20:39:28.0121 0x1840 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
20:39:28.0152 0x1840 vmickvpexchange - ok
20:39:28.0168 0x1840 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
20:39:28.0215 0x1840 vmicrdv - ok
20:39:28.0230 0x1840 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
20:39:28.0271 0x1840 vmicshutdown - ok
20:39:28.0288 0x1840 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
20:39:28.0328 0x1840 vmictimesync - ok
20:39:28.0344 0x1840 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvmsession C:\WINDOWS\System32\ICSvc.dll
20:39:28.0383 0x1840 vmicvmsession - ok
20:39:28.0399 0x1840 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
20:39:28.0439 0x1840 vmicvss - ok
20:39:28.0460 0x1840 [ 91F165C5D71D9DCB18D4661CF10D1084, 1D55C1FF0F5D860E6DB60EEFE303C0797C98BB0B053ECC255F9B316872288818 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
20:39:28.0478 0x1840 volmgr - ok
20:39:28.0498 0x1840 [ 17042748AC05862A0283D32575220080, A85B480CB969CB7678545D2A9EE99CBD2ADFF210FA016A43E092D0711FBB633D ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
20:39:28.0525 0x1840 volmgrx - ok
20:39:28.0545 0x1840 [ 823A237D871CD652C6BFD47BECB6810A, 99310521451CB54C29A5DEA54C3A666F95E2A1FF0979D5F9792885A161E90C65 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
20:39:28.0572 0x1840 volsnap - ok
20:39:28.0591 0x1840 [ 78727FA284C2095EED660D71CD3C9AEF, 323F0BD5A624DF77973F28C7CF31EC6B3A525496EBF063666623A62B1DB0EA65 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
20:39:28.0608 0x1840 vpci - ok
20:39:28.0634 0x1840 [ 2415961D561E02F5E46B7C1C687A6788, 68A54B9595A0D15D410D5F1656B6EBE3B913A4BA5F71C658C9B99420E6ED327A ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
20:39:28.0650 0x1840 vsmraid - ok
20:39:28.0743 0x1840 [ 16419CBDB04DB9FF298169AA93413822, 743AD26F08AF5EFF5DD353E75C3D659B10C3FEC2FEDABB76387B87721B5B98F8 ] VSS C:\WINDOWS\system32\vssvc.exe
20:39:28.0837 0x1840 VSS - ok
20:39:28.0868 0x1840 [ 6AE9A843AE979F2DCCA5A25C07C7A5F8, 3CEC26DE2EEC97929A0FBBD87FF75F8DC387C0988B2047074C8F069ACBEF2587 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
20:39:28.0900 0x1840 VSTXRAID - ok
20:39:28.0947 0x1840 [ BD232C761C59FA8D8EF626CA630E2D2E, E494EFDCE8F6343F49F33F1F03DCD5DEC9CB6F349B1AD302B4D3333B5F6BD8E5 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
20:39:29.0040 0x1840 vwifibus - ok
20:39:29.0056 0x1840 [ 3039687AB65CEE26CF478C1F42FFCD7D, 40E140C6F94B6203767A1493DF8CAE6BA1FB67FBD0C13789444F72410D0E6FF1 ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
20:39:29.0103 0x1840 vwififlt - ok
20:39:29.0134 0x1840 [ 37C868DDE3103130B00AD1313DAB5ACB, BF9C30817A3502F5C0673FD462B18FE1BF37963B29DF09D84B66BDCBF8ECBA81 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
20:39:29.0165 0x1840 vwifimp - ok
20:39:29.0228 0x1840 [ EC9B6544C569E8D7FAB91772BD7D23F2, 06CC5F21E9A9DD35099CB3E44C3E2BF2F944CE5B71284E6A85E1B681F12BD31B ] W32Time C:\WINDOWS\system32\w32time.dll
20:39:29.0306 0x1840 W32Time - ok
20:39:29.0322 0x1840 [ FC40A7527D39F06D032A6553D22E4BF6, F572FCB5EB3DE16FD6222A5B6A43C81E3A1F838890667D9F0453F82FFCA772FF ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
20:39:29.0337 0x1840 WacomPen - ok
20:39:29.0384 0x1840 [ 2CFE8CBE358CC4D5715E010E3B13559F, 54E9BFCE202FA123EB261C226094054950429AAFA304AA714F461B003E070BD9 ] WalletService C:\WINDOWS\system32\WalletService.dll
20:39:29.0493 0x1840 WalletService - ok
20:39:29.0525 0x1840 [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:39:29.0556 0x1840 wanarp - ok
20:39:29.0572 0x1840 [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:39:29.0587 0x1840 wanarpv6 - ok
20:39:29.0681 0x1840 [ CF9EF65FA66B0F4982FD1FACAB3009B6, 681C1CD5DCAF87EF436B907534E98B0AB4F66BD62E46B8977A7880B854766A27 ] wbengine C:\WINDOWS\system32\wbengine.exe
20:39:29.0884 0x1840 wbengine - ok
20:39:29.0947 0x1840 [ 8F2B0ED6FCA72B34BEEA37E32D0EE106, A86C641A13FDF056B7BA13641551582199DDB08E9490003C74D999518B097C00 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
20:39:30.0150 0x1840 WbioSrvc - ok
20:39:30.0181 0x1840 [ A40484AC27EE08DBE7F8DA5E1F6651ED, E3259694450C4F1DEC5E0EA5E23BF3A51F1819374DF47FECF70282AFD46114A1 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
20:39:30.0322 0x1840 Wcmsvc - ok
20:39:30.0353 0x1840 [ 8E7FD07D2C82ACBCA52C4100C20F6542, FB2CD88557ABB5EBE6555CD4E41BF4BDC6FE6BCF26288338F2FB034B966FCBD3 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
20:39:30.0431 0x1840 wcncsvc - ok
20:39:30.0447 0x1840 [ 9C776ED423CD03F8ABD54C2557E34416, 282C1208977070EC0280D5ABA0E03A847AEAEE31F35CDAA3C7A02D8477614EB1 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
20:39:30.0525 0x1840 WcsPlugInService - ok
20:39:30.0540 0x1840 [ C8BA574B3BA6AE88741AC86B1FE3C1DC, B2422CDE3A6A27B52D270D24298FF69D91D389C68456EC1805BA30AA59BAB839 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
20:39:30.0556 0x1840 WdBoot - ok
20:39:30.0650 0x1840 [ 927AD29D7F91B9A0C5294932374DA15E, ABB2722EF4153771D15683B5CE603D2B7D8A585357F64A3DC26114F37BE2906E ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
20:39:30.0712 0x1840 Wdf01000 - ok
20:39:30.0759 0x1840 [ C5BB7C612B4C852836BEA39593BA5F46, 1E2B123F34500C2A8E983AAAF7F14E409B88DC396A655F19F3E7F15D0C51A762 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
20:39:30.0790 0x1840 WdFilter - ok
20:39:30.0822 0x1840 [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
20:39:30.0900 0x1840 WdiServiceHost - ok
20:39:30.0900 0x1840 [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
20:39:30.0931 0x1840 WdiSystemHost - ok
20:39:30.0978 0x1840 [ 9B2039C5673EEBF1D4E34ABC0AFB88C7, BBC85546BD86B9027426DAF148194CFE992B80FF89311B28BE0BD82C88630E8C ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
20:39:31.0040 0x1840 wdiwifi - ok
20:39:31.0072 0x1840 [ BD193A7BD34B2E829FAF56306FEE3B09, ADD746D198E21242CEFA01840952B792074EFC473113CD3E7F1ABBA6A4E26AF6 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:39:31.0087 0x1840 WdNisDrv - ok
20:39:31.0119 0x1840 WdNisSvc - ok
20:39:31.0181 0x1840 [ 6A3B5013D5C7840E8CABD63DD021C112, 371CCEEAC7816CFE79ACA8A218CDA16469D9567CB63CC9D18C55FF047011EF25 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:39:31.0259 0x1840 WebClient - ok
20:39:31.0290 0x1840 [ EED4043BC3C2D00067411730EE118354, 5E268DA4DB78C06D8F181E9408B4769F8A12C38DA52C1E986EE0CEE1101E9485 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
20:39:31.0337 0x1840 Wecsvc - ok
20:39:31.0353 0x1840 [ 6ECD7A49AFC6533821BEEA1876CEB21D, 2E972245F56F589EF1AB9DABB9214B9DE6E290878735476323A3357D8CDFC71F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
20:39:31.0400 0x1840 WEPHOSTSVC - ok
20:39:31.0447 0x1840 [ 09B434867028AF4895A87959EA668686, 26A7DB82E42DCBF3A77092D58AC6392754FD7C538B9EAAEFA88E9AF81DFE8E96 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
20:39:31.0556 0x1840 wercplsupport - ok
20:39:31.0572 0x1840 [ DE4E417B867841EE55114E588098B8D5, 878708C93FC1D919E2B9E1C5F94A0EAFC5F28BDAA58D3F29DEEDC8EC3F72D9ED ] WerSvc C:\WINDOWS\System32\WerSvc.dll
20:39:31.0619 0x1840 WerSvc - ok
20:39:31.0619 0x1840 wfpcapture - ok
20:39:31.0666 0x1840 [ DBF5255B759212E5217A2748567A0B5C, 5E81A9289EC39702179038B686A35FADF9974651E74222F3354B4CBE919887B0 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
20:39:31.0712 0x1840 WFPLWFS - ok
20:39:31.0744 0x1840 [ 4CD8826BB8320741842A9E53E48AF2BC, 97B22D9DCD0FD31D3A801946173369B0E70B1850576682C8A8180874A61CAD1A ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
20:39:31.0791 0x1840 WiaRpc - ok
20:39:31.0837 0x1840 [ 4375BCBA419D19695CF566082CEF27D3, 6F86FA14B41A03F2BA51B8702F3D59B85FD488405601FA177495E4B7C576850D ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
20:39:31.0853 0x1840 WIMMount - ok
20:39:31.0853 0x1840 WinDefend - ok
20:39:31.0884 0x1840 [ 037BC6DE5F58D4A74A5BB0C12DCECDCA, 92921A2615A41C434BADEB33594DABC166FC9418FBD311A3B2022410B14BFDAC ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
20:39:31.0900 0x1840 WindowsTrustedRT - ok
20:39:31.0916 0x1840 [ 70BCD70BD53F2FE660ED94B025A043EB, B23B96DCAB30C62CB1651B3A2292155AEE8217CE3120574F5158D5E7DA09DE56 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:39:31.0931 0x1840 WindowsTrustedRTProxy - ok
20:39:31.0994 0x1840 [ 8921ECEC2C7D1B1333D77325C60D3AEA, 67C6B6A92B34D99165B5591D0730322C31E967E599BA44924249BF5AD505C132 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:39:32.0400 0x1840 WinHttpAutoProxySvc - ok
20:39:32.0447 0x1840 [ 7792AE5403BF8975B6460DFC3428D129, D88F77E973D58C2CA629CC9249877A34ABF31CA1DC2A570666921A8A0DC8DEC7 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
20:39:32.0478 0x1840 WinMad - ok
20:39:32.0556 0x1840 [ 73B5230F03DC7002A70F11EA1B0BAA37, DFE8BBE52B58589686E402ACED51021E298A491F907EBA5689DF9DAFC3002BA5 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:39:32.0619 0x1840 Winmgmt - ok
20:39:32.0728 0x1840 [ 2FE85D6AFF90F56A78743CC93B9CA684, B515765C4EE64E7EC16BD6AF037C084CCA6E81180AEF59E18F260406ABE6DF58 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:39:32.0916 0x1840 WinRM - ok
20:39:32.0963 0x1840 [ 811F30EB6EE8318C4171CB95AE30B9BD, 765F6BEA3D35D523B5D7ED7356EC0C97A48066A5C4D77C1E6EDAC6F220153385 ] WINUSB C:\WINDOWS\System32\drivers\WinUsb.sys
20:39:32.0978 0x1840 WINUSB - ok
20:39:33.0009 0x1840 [ DF00381AB8665D48DE3FF794BC6760AB, 749AC7048601061A34BFF507B574AF028FC662C0A98692E7331E667D105EC09D ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
20:39:33.0025 0x1840 WinVerbs - ok
20:39:33.0103 0x1840 [ 3C096082A9232B7CEE4653B9C9031769, CFD4C7D0874097ED70735FD99206F21C12749B7956C4B5D4287F160EC6A21DCC ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
20:39:33.0291 0x1840 WlanSvc - ok
20:39:33.0384 0x1840 [ 0968D575D9108497A6DC37749D4A6C4F, 8BFEDBE642DA0FD8AC1E60180C192527F3D36E43089090A7BB6D8B27AB6E4F7F ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
20:39:33.0603 0x1840 wlidsvc - ok
20:39:33.0650 0x1840 [ 623ED8E10DFEEAB7AE2CD11A0451DB79, 7DDE15F22FD24556D4765F6CFD0F8E2F27370A89A962919646DE2613B33D43D6 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
20:39:33.0666 0x1840 WmiAcpi - ok
20:39:33.0728 0x1840 [ B2BB87531C4127ED4120E9BF5566827F, 1DDC0F00F215D77D3698F81B56D4488F384E9D017267840EDFA4846742B99B6A ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:39:33.0775 0x1840 wmiApSrv - ok
20:39:33.0806 0x1840 WMPNetworkSvc - ok
20:39:33.0853 0x1840 [ 78CA1FF6FE37EEFAFF99DD1C956AF60A, 883C7890C83BAB3B846A0C969D7B67031BD2EF65FA58A0620DD0CD1655C5B2C5 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
20:39:33.0869 0x1840 Wof - ok
20:39:33.0978 0x1840 [ C7503A49364DB2AF7A7DE177B233081F, 85DC6D8B5631E51FCF395A884F58571A96C8C55C38CA9ABEBD9C75BABAD21E38 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
20:39:34.0241 0x1840 workfolderssvc - ok
20:39:34.0303 0x1840 [ 388F2A3C771B8BEE76FD1AAF9614D08E, C064EC6136CC20C4EE19C86E91CA071974933BB52C9EF8521DF4AFD060FED4A2 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
20:39:34.0329 0x1840 wpcfltr - ok
20:39:34.0374 0x1840 [ A6FCFE1F691B4A4D266F5D487FADB9FE, 2135D0C13C1295A2F76885E380CD72CB71CEB8E0D9F1C183A35935B27737D423 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
20:39:34.0463 0x1840 WPDBusEnum - ok
20:39:34.0513 0x1840 [ 37DCE976B3935380F2F6E39ABB6BF40D, B14E875F6D6503DF0DB6D9D2363316073AEEF394D830EA2270A0DCDA56E1CEC4 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:39:34.0531 0x1840 WpdUpFltr - ok
20:39:34.0550 0x1840 [ 80F0154FD4293E562D54E97811E03499, EDE920F7F95EFBE542FE3CE066B6F7CDE3B9A37DDF3411DC86EACE9EEF294C1D ] WpnService C:\WINDOWS\system32\WpnService.dll
20:39:34.0644 0x1840 WpnService - ok
20:39:34.0688 0x1840 [ 3CD22DD5A790CF7C24D65455E565EA83, 49DB06DF6F38940E7F8691C16586A78BB20E702FD48A34E50987C06B08BDF4DB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:39:34.0732 0x1840 ws2ifsl - ok
20:39:34.0765 0x1840 [ EBA916109A176714E6A7BD152387F13C, 7B38B1708B83271ADA8D1CEC7F5F0A75C7F2572185C0961EFC749D5DF16A03F0 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
20:39:34.0812 0x1840 wscsvc - ok
20:39:34.0812 0x1840 WSearch - ok
20:39:34.0956 0x1840 [ 9EB85802AB625970E05879D15DE56335, B7DCE5E1924A5CEE76CC07FF3B8CEDBBD0DDBB4C4ED0A3BFB8D1ABCAD7C0AA23 ] WSService C:\WINDOWS\System32\WSService.dll
20:39:35.0128 0x1840 WSService - ok
20:39:35.0234 0x1840 [ B70FF53144AC4B3C7D98BFB7D7C239BD, 996F6253F24C6D734B777988CDE03CD3A32FFBAD6D7A198F1C590B762CD8DC0E ] wuauserv C:\WINDOWS\system32\wuaueng.dll
20:39:35.0469 0x1840 wuauserv - ok
20:39:35.0532 0x1840 [ 835F60262E7E310080EA05F6752BF248, 3010B731DF3D52B56EA16FD29B66F5D3AB9412E49CA4C547BAAECA3225C5DC40 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
20:39:35.0563 0x1840 WudfPf - ok
20:39:35.0579 0x1840 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
20:39:35.0626 0x1840 WUDFRd - ok
20:39:35.0657 0x1840 [ 44CF3130AEC8914705487C4AEF756A19, 30B09E32DEC02141F9B99ED012E441056C1663A72E4130EF4221ECC0ED87BF4B ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
20:39:35.0704 0x1840 wudfsvc - ok
20:39:35.0747 0x1840 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:39:35.0778 0x1840 WUDFWpdFs - ok
20:39:35.0790 0x1840 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
20:39:35.0816 0x1840 WUDFWpdMtp - ok
20:39:35.0879 0x1840 [ D23F211E1AA0787EFEC373D172D4A1C2, 6CCAB272D121C9946B2CF6B19F50E09946F0187713D54BFBD371B5C017367204 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
20:39:36.0098 0x1840 WwanSvc - ok
20:39:36.0176 0x1840 [ 9BDC2AFCEF4CF1C630D728DE1DBD495A, 5CE19974380CCEC46C181315B349E9A7CE757E19118EC5978A2293D63268BA66 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
20:39:36.0291 0x1840 XblAuthManager - ok
20:39:36.0341 0x1840 [ 3EDB6162310EA223890C2DF44C68358B, 12053291809CA9C38A30EA4B2DE7115F535531F0925220C63B0312979F9CC707 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
20:39:36.0472 0x1840 XblGameSave - ok
20:39:36.0525 0x1840 [ 30021D1E0407B71E8D5D4F8DAE4E656A, EE2E366A1CC033C068176C7E9F876FFA0EF86A15A482B6964E170DE863CFF542 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
20:39:36.0620 0x1840 xboxgip - ok
20:39:36.0681 0x1840 [ 729B70C81F207541BC6A4ABAE3A8D594, 31F9BC41169D28B397C0D988C367C32FA9A95289E68AB8F38061DA478752A765 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
20:39:36.0837 0x1840 XboxNetApiSvc - ok
20:39:36.0868 0x1840 [ 6851673B90D8CB332439E0339F81A6B6, 4E95F1A63E6DD58BB5BD6FC1D9784837D5E6F5BCF870C7ECC92DCA1AF20B6A4C ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
20:39:36.0915 0x1840 xinputhid - ok
20:39:36.0915 0x1840 ================ Scan global ===============================
20:39:36.0978 0x1840 [ C6BC6E49A7F76AA2BBA58CD08196755F, D02B6B285899E966D19323566A4780D51303D00E66674D7FF4B61991430A69A6 ] C:\WINDOWS\system32\basesrv.dll
20:39:37.0040 0x1840 [ 70EC9717DC3A1CDF79C703A145E0E5B7, D5ABF42063DFF799FD4099D8A347256CC79B89582B987B3DEE240AFA5BA421BE ] C:\WINDOWS\system32\winsrv.dll
20:39:37.0118 0x1840 [ F435AFA375ACBAEE44324DD464EDCC11, 815DE470439AE5D96348BEBF971A14FBDCA1D36F31CA0D25F69E5F41817D43D5 ] C:\WINDOWS\system32\sxssrv.dll
20:39:37.0165 0x1840 [ BB3D8E1C108F7244613FF3993291A922, 1642AF23F200D46F54239C3BA743F1D5ADDC6A32D5F6481264D0C1D7F3E9D533 ] C:\WINDOWS\system32\services.exe
20:39:37.0181 0x1840 [ Global ] - ok
20:39:37.0181 0x1840 ================ Scan MBR ==================================
20:39:37.0196 0x1840 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:39:37.0306 0x1840 \Device\Harddisk0\DR0 - ok
20:39:37.0306 0x1840 ================ Scan VBR ==================================
20:39:37.0306 0x1840 [ 1C8A4DC048C94AF2302AAD38CB658559 ] \Device\Harddisk0\DR0\Partition1
20:39:37.0337 0x1840 \Device\Harddisk0\DR0\Partition1 - ok
20:39:37.0353 0x1840 [ 1BF683286A8F7448F7E9186EA2A681A1 ] \Device\Harddisk0\DR0\Partition2
20:39:37.0368 0x1840 \Device\Harddisk0\DR0\Partition2 - ok
20:39:37.0384 0x1840 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
20:39:37.0384 0x1840 \Device\Harddisk0\DR0\Partition3 - ok
20:39:37.0399 0x1840 [ F4202E3EE433B2ADC0752BAE8610BBB7 ] \Device\Harddisk0\DR0\Partition4
20:39:37.0415 0x1840 \Device\Harddisk0\DR0\Partition4 - ok
20:39:37.0446 0x1840 [ D109F31E51EF40AA02DCD67E78B45DAA ] \Device\Harddisk0\DR0\Partition5
20:39:37.0478 0x1840 \Device\Harddisk0\DR0\Partition5 - ok
20:39:37.0509 0x1840 [ 246A74307F1F79E8277EBA66215D7C47 ] \Device\Harddisk0\DR0\Partition6
20:39:37.0524 0x1840 \Device\Harddisk0\DR0\Partition6 - ok
20:39:37.0524 0x1840 ================ Scan generic autorun ======================
20:39:38.0025 0x1840 [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:39:38.0415 0x1840 RtHDVCpl - ok
20:39:38.0478 0x1840 [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:39:38.0525 0x1840 RtHDVBg_Dolby - ok
20:39:38.0618 0x1840 [ 5B8C67DB07E2483E7EEC49B6E3E2961E, CBEE6169C0EA83A2EB695A6E91A3AAC1FF265A16BEFBEDE984AA5F8EA1162080 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:39:38.0665 0x1840 AdobeAAMUpdater-1.0 - ok
20:39:38.0665 0x1840 SynTPEnh - ok
20:39:38.0712 0x1840 [ 1BF113E377E570DB915EE7D228E594D6, FF4D198D412CA21C49E0A3E6FE52EAD69786B305429095B5BD25CB4FAFD33B51 ] C:\Program Files\iTunes\iTunesHelper.exe
20:39:38.0728 0x1840 iTunesHelper - ok
20:39:38.0884 0x1840 [ C46229075C0CE88B2BB71AC5664601CE, 0B8CAD993148AF73EA07D375AA9A1EAA1EADC409DF3E21ECBACF91204D191125 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
20:39:39.0009 0x1840 Norton Online Backup - ok
20:39:39.0103 0x1840 [ 27CFFB1E41A2BE2A25957A679BD84E10, 521DC8F3439EAA780AE0DA68B0FC6E671963AF76E165590EA83D2F6896B1C941 ] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
20:39:39.0165 0x1840 AdobeCS5ServiceManager - detected UnsignedFile.Multi.Generic ( 1 )
20:39:41.0494 0x1840 Detect skipped due to KSN trusted
20:39:41.0494 0x1840 AdobeCS5ServiceManager - ok
20:39:41.0540 0x1840 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:39:41.0637 0x1840 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:39:41.0637 0x1840 Detect skipped due to KSN trusted
20:39:41.0637 0x1840 SwitchBoard - ok
20:39:41.0677 0x1840 [ 2199723879C9F75A709680E2935C052F, DDD5B5CC86463284D9137372CB8541D1258AC020EA811F1AD3735809F314B086 ] C:\Program Files (x86)\PDF24\pdf24.exe
20:39:41.0693 0x1840 PDFPrint - ok
20:39:41.0752 0x1840 [ 99A8E89C5D93E067DDFEBE6F0CB837CE, AE15EF3BF6307870040CA48D6F96E3179BA222C6255C002FA853441484C8FE28 ] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
20:39:41.0763 0x1840 PSUAMain - ok
20:39:41.0823 0x1840 [ 793D7221E5EC69EA615349A13B702B8C, 1545C9634A6599FE4B35419B1B40932797FE2E7DF0B5F27D6698810CC075CF86 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:39:41.0850 0x1840 SunJavaUpdateSched - ok
20:39:42.0200 0x1840 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:39:42.0528 0x1840 OneDriveSetup - ok
20:39:42.0778 0x1840 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:39:43.0060 0x1840 OneDriveSetup - ok
20:39:43.0122 0x1840 [ 400EE3DA80EC50DFFB192FFF0B1775BC, A85F985273CE04E80FB3C5BBEDEB04629FA7DB46C348104EDF1BD5C0B112F772 ] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
20:39:43.0153 0x1840 WinPatrol - ok
20:39:43.0185 0x1840 GoogleDriveSync - ok
20:39:43.0372 0x1840 [ 9F2ECA252720B25E8FEC1CAB2984B98D, 476EE2929901CD43F15869B763376393AA0942A3B934532055E037C6DCE3CD2D ] C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:39:43.0403 0x1840 OneDrive - ok
20:39:43.0497 0x1840 [ C6FF00DA1605982E616C03BE809FFE2D, 4D9C86B9FF2FA291DC320677D28DF00C26834409F7AD94D6C07D2233ED746B19 ] C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
20:39:43.0528 0x1840 Google Update - ok
20:39:43.0606 0x1840 [ 7A2870C2A8283B3630BF7670D0362B94, A36AA6F2A78DF3E66ACA484E9E33D0CB01207FF52A0A8C006424493A5C489C48 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
20:39:43.0638 0x1840 GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26 - ok
20:39:43.0685 0x1880 Object required for P2P: [ 0968D575D9108497A6DC37749D4A6C4F ] wlidsvc
20:39:43.0700 0x1840 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
20:39:43.0747 0x1840 Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 - ok
20:39:43.0778 0x1840 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
20:39:43.0810 0x1840 Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 - ok
20:39:43.0825 0x1840 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
20:39:43.0856 0x1840 Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok
20:39:43.0872 0x1840 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
20:39:43.0903 0x1840 Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 - ok
20:39:43.0903 0x1840 Waiting for KSN requests completion. In queue: 42
20:39:44.0920 0x1840 Waiting for KSN requests completion. In queue: 42
20:39:45.0935 0x1840 Waiting for KSN requests completion. In queue: 42
20:39:46.0107 0x1880 Object send P2P result: true
20:39:46.0217 0x26e0 Object required for P2P: [ 793D7221E5EC69EA615349A13B702B8C ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:39:46.0935 0x1840 Waiting for KSN requests completion. In queue: 11
20:39:47.0942 0x1840 Waiting for KSN requests completion. In queue: 11
20:39:48.0648 0x26e0 Object send P2P result: true
20:39:49.0029 0x1840 AV detected via SS2: Panda Free Antivirus, C:\Program Files (x86)\Panda Security\Panda Security Protection\PAV3WSC.exe ( 6.0.0.0 ), 0x71000 ( enabled : updated )
20:39:49.0058 0x1840 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated )
20:39:49.0071 0x1840 FW detected via SS2: Panda Firewall, C:\Program Files (x86)\Panda Security\Panda Security Protection\PAV3WSC.exe ( 6.0.0.0 ), 0x72010 ( disabled )
20:39:49.0177 0x1840 Win FW state via NFP2: enabled ( trusted )
20:39:51.0586 0x1840 ============================================================
20:39:51.0586 0x1840 Scan finished
20:39:51.0586 0x1840 ============================================================
20:39:51.0602 0x13b4 Detected object count: 0
20:39:51.0602 0x13b4 Actual detected object count: 0
|
|
02.12.2015, 16:41
| #5 |
| /// the machine /// TB-Ausbilder | Laptop mit Windows 10 hängt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.12.2015, 21:23
| #6 |
| | Laptop mit Windows 10 hängtCode:
ATTFilter # AdwCleaner v5.023 - Bericht erstellt am 02/12/2015 um 20:46:49
# Aktualisiert am 30/11/2015 von Xplode
# Datenbank : 2015-11-30.1 [Server]
# Betriebssystem : Windows 10 Home (x64)
# Benutzername : Sebastian - CHEMICALWORLD
# Gestartet von : C:\Users\Sebastian\Desktop\AdwCleaner_5.023.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Users\Sebastian\AppData\Local\YSearchUtil
[-] Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : npdicihegicnhaangkdmcgbjceoemeoo
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1119 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by Sebastian (Administrator) on 02.12.2015 at 20:55:57,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 3
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26 (Registry Value)
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A63E47FD-E6C3-49DE-BFAB-C9F5B99EFED5} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2015 at 21:04:37,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von Sebastian (Administrator) auf CHEMICALWORLD (02-12-2015 21:17:35) Gestartet von C:\Users\Sebastian\Desktop Geladene Profile: Sebastian (Verfügbare Profile: Sebastian) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\nacl64.exe (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Farbar) C:\Users\Sebastian\Desktop\FRST64 (1).exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-27] (Adobe Systems Incorporated) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-07-29] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-24] (BillP Studios) HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [Google Update] => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc.) HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\RunOnce: [Uninstall C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-08-17] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{1724859f-46f9-4f12-a3e2-cf0bb1297a22}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1137542381-2127988082-735095979-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.skygo.sky.de/sport/live-planer/alle/liveplanner/sportsection/123.html HKU\S-1-5-21-1137542381-2127988082-735095979-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001 -> DefaultScope {A63E47FD-E6C3-49DE-BFAB-C9F5B99EFED5} URL = SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001 -> {B06F9FF8-F6EF-42B8-B6CC-85BB1240B0B1} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-29] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-29] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904 FF Homepage: hxxps://de.yahoo.com/?type=orcl_hpset FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC) FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904\searchplugins\yahoo-ysp.xml [2015-11-29] FF Extension: New Tab by Yahoo - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [ist nicht signiert] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (Google Cast) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-21] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25] CHR Extension: (Cloud Internet Explorer by IE-On-Chrome) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\enbepfpjlejecgbmaijolhgjmpkiimcd [2015-11-10] CHR Extension: (Google Play Musik) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-19] CHR Extension: (Google Docs Offline) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Store) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07] CHR HKU\S-1-5-21-1137542381-2127988082-735095979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sebastian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-25] CHR HKU\S-1-5-21-1137542381-2127988082-735095979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden> ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-06] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-12] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2013-02-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-18] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-29] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-15] (Sony Mobile Communications) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-02] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.) S1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-29] (Synaptics Incorporated) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert] S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-02 21:17 - 2015-12-02 21:18 - 00026547 _____ C:\Users\Sebastian\Desktop\FRST.txt 2015-12-02 21:16 - 2015-12-02 21:17 - 02350080 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64 (1).exe 2015-12-02 21:16 - 2015-12-02 21:16 - 02350080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64 (1).exe 2015-12-02 21:11 - 2015-12-02 21:11 - 00016148 _____ C:\WINDOWS\system32\CHEMICALWORLD_Sebastian_HistoryPrediction.bin 2015-12-02 21:04 - 2015-12-02 21:04 - 00000943 _____ C:\Users\Sebastian\Desktop\JRT.txt 2015-12-02 20:55 - 2015-12-02 20:55 - 01599336 _____ (Malwarebytes) C:\Users\Sebastian\Downloads\JRT.exe 2015-12-02 20:55 - 2015-12-02 20:55 - 01599336 _____ (Malwarebytes) C:\Users\Sebastian\Desktop\JRT.exe 2015-12-02 20:36 - 2015-12-02 20:46 - 00000000 ____D C:\96510fbd0fbef193b6d646e675c482 2015-12-02 20:30 - 2015-12-02 20:46 - 00000000 ____D C:\AdwCleaner 2015-12-02 20:28 - 2015-12-02 20:28 - 01736704 _____ C:\Users\Sebastian\Downloads\AdwCleaner_5.023.exe 2015-12-02 20:28 - 2015-12-02 20:28 - 01736704 _____ C:\Users\Sebastian\Desktop\AdwCleaner_5.023.exe 2015-12-02 20:26 - 2015-12-02 20:26 - 00000000 ___HD C:\OneDriveTemp 2015-12-01 20:36 - 2015-12-01 20:55 - 00272372 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_20.36.34_log.txt 2015-12-01 20:36 - 2015-12-01 20:36 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Sebastian\Desktop\tdsskiller.exe 2015-12-01 20:34 - 2015-12-01 20:34 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Sebastian\Downloads\tdsskiller.exe 2015-12-01 19:37 - 2015-12-01 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-01 19:34 - 2015-12-01 20:33 - 00000000 ____D C:\Users\Sebastian\Desktop\mbar 2015-12-01 19:33 - 2015-12-01 19:34 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sebastian\Downloads\mbar-1.09.3.1001.exe 2015-11-30 20:30 - 2015-11-30 20:36 - 00059396 _____ C:\Users\Sebastian\Downloads\Addition.txt 2015-11-30 20:28 - 2015-12-02 21:17 - 00000000 ____D C:\FRST 2015-11-30 20:28 - 2015-11-30 20:36 - 00057544 _____ C:\Users\Sebastian\Downloads\FRST.txt 2015-11-30 20:14 - 2015-11-30 20:24 - 02350080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2015-11-30 20:08 - 2015-12-02 21:05 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-30 20:08 - 2015-12-01 19:34 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-11-30 20:08 - 2015-11-30 20:08 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-30 20:08 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-11-30 20:07 - 2015-11-30 20:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-11-30 20:07 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-11-20 14:49 - 2015-11-20 14:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-11-20 14:07 - 2015-11-25 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2015-11-20 05:13 - 2015-11-20 05:13 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Android 2015-11-19 22:32 - 2015-11-19 22:32 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Mega Limited 2015-11-19 12:10 - 2015-11-19 12:13 - 00000000 ____D C:\WINDOWS\Panther 2015-11-19 12:10 - 2015-11-19 12:10 - 00000000 ___HD C:\$WINDOWS.~BT 2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\Program Files\iTunes 2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\Program Files\iPod 2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-11-13 15:16 - 2015-11-13 15:16 - 00561697 _____ C:\Users\Sebastian\Downloads\Mitgliedsantrag interaktiv.pdf 2015-11-13 15:16 - 2015-11-13 15:16 - 00037488 _____ C:\Users\Sebastian\Downloads\Mitgliedsantrag_Merkblatt_11-2014.pdf 2015-11-13 15:16 - 2015-11-13 15:16 - 00032378 _____ C:\Users\Sebastian\Downloads\Beitragseinzugsermächtigung.pdf 2015-11-11 11:19 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-11-11 11:19 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-11-11 11:19 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-11-11 11:19 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-11 11:19 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-11-11 11:19 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-11-11 11:19 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-11-11 11:19 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-11-11 11:19 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-11 11:19 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-11 11:19 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-11 11:19 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-11-11 11:19 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-11-11 11:19 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-11-11 11:19 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2015-11-11 11:19 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-11-11 11:19 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-11-11 11:19 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-11-11 11:19 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-11-11 11:19 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2015-11-11 11:19 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2015-11-11 11:19 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-11-11 11:19 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-11-11 11:19 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-11-11 11:19 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2015-11-11 11:19 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-11-11 11:19 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-11-11 11:19 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-11-11 11:19 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-11-11 11:19 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-11-11 11:19 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-11-11 11:19 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-11-11 11:19 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-11-11 11:19 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2015-11-11 11:19 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-11-11 11:19 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-11-11 11:19 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-11-11 11:19 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2015-11-11 11:19 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2015-11-11 11:19 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-11-11 11:19 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-11-11 11:19 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-11-11 11:19 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-11-11 11:19 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-11-11 11:19 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-11-11 11:19 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-11-11 11:19 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-11-11 11:19 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-11 11:19 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-11-11 11:19 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-11-11 11:19 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-11-11 11:19 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2015-11-11 11:18 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-11-10 14:41 - 2015-11-10 14:41 - 00005378 _____ C:\Users\Sebastian\Downloads\Antrag-Presseausweis-15.1048204.pdf 2015-11-10 14:33 - 2015-11-10 14:33 - 00035840 _____ C:\Users\Sebastian\Downloads\Formular Passierscheinausgabe 2016 (2).xls 2015-11-10 14:31 - 2015-11-10 14:31 - 00035840 _____ C:\Users\Sebastian\Downloads\Formular Passierscheinausgabe 2016.xls 2015-11-10 14:31 - 2015-11-10 14:31 - 00035840 _____ C:\Users\Sebastian\Downloads\Formular Passierscheinausgabe 2016 (1).xls 2015-11-09 19:26 - 2015-11-09 19:26 - 10096216 _____ (Google Inc.) C:\Users\Sebastian\Downloads\WidevineMediaOptimizerChrome (1).exe 2015-11-09 18:48 - 2015-11-09 18:48 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IDM 2015-11-09 18:48 - 2015-11-09 18:48 - 00000000 ____D C:\ProgramData\IDM 2015-11-09 18:47 - 2015-11-09 18:47 - 10096216 _____ (Google Inc.) C:\Users\Sebastian\Downloads\WidevineMediaOptimizerChrome.exe 2015-11-03 21:29 - 2015-11-03 21:29 - 00000000 ___DL C:\Users\Sebastian\AppData\LocalLow\PlayReady 2015-11-03 20:36 - 2015-11-03 20:36 - 00000000 ____D C:\Users\Sebastian\AppData\Local\CEF 2015-11-03 19:40 - 2015-11-27 19:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-02 20:57 - 2014-03-28 18:04 - 00000000 __RDO C:\Users\Sebastian\SkyDrive 2015-12-02 20:52 - 2014-06-27 19:24 - 00000000 __SHD C:\Users\Sebastian\IntelGraphicsProfiles 2015-12-02 20:52 - 2013-11-19 11:23 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-02 20:49 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-02 20:49 - 2015-07-10 10:05 - 03932160 ___SH C:\WINDOWS\system32\config\BBI 2015-12-02 20:44 - 2015-08-04 20:27 - 00001164 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA.job 2015-12-02 20:41 - 2013-11-19 11:23 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-02 20:36 - 2013-11-19 16:28 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-02 20:36 - 2013-11-19 16:28 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-02 20:27 - 2013-11-23 18:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52BAE3CE-E0CD-4712-AE6A-27340BC859C5} 2015-12-01 22:22 - 2015-10-31 14:59 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-01 21:37 - 2015-07-31 00:24 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Deployment 2015-12-01 20:57 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-01 19:28 - 2015-07-29 22:08 - 00000000 ____D C:\Users\Sebastian 2015-12-01 19:27 - 2014-06-27 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-11-30 20:58 - 2014-09-15 13:15 - 00000000 ____D C:\ProgramData\Sony Mobile 2015-11-30 20:35 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-11-30 20:08 - 2014-01-22 20:54 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Malwarebytes 2015-11-30 19:59 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-11-29 15:17 - 2014-09-21 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-11-29 15:17 - 2013-07-03 13:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-29 14:52 - 2014-11-20 21:44 - 00000000 ____D C:\ProgramData\Oracle 2015-11-29 14:52 - 2014-11-20 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-29 14:52 - 2014-11-20 21:44 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-29 14:51 - 2014-11-20 21:45 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-11-23 20:23 - 2015-06-11 17:40 - 00000000 ____D C:\Users\Sebastian\Documents\Elisa 2015-11-22 13:37 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-11-21 23:33 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-11-20 13:21 - 2015-07-29 22:34 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-20 13:21 - 2015-07-10 17:34 - 00772342 _____ C:\WINDOWS\system32\perfh007.dat 2015-11-20 13:21 - 2015-07-10 17:34 - 00154170 _____ C:\WINDOWS\system32\perfc007.dat 2015-11-19 22:54 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-11-16 12:04 - 2014-06-27 16:40 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-11-13 16:41 - 2013-11-25 22:03 - 00000000 ____D C:\Users\Sebastian\Documents\Job 2015-11-11 12:04 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-11 12:04 - 2013-11-19 11:25 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-11-11 11:22 - 2015-10-31 14:59 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-11-03 21:27 - 2014-06-03 20:26 - 00000000 __SHD C:\Users\Sebastian\AppData\LocalLow\EmieUserList 2015-11-03 21:27 - 2014-06-03 20:26 - 00000000 __SHD C:\Users\Sebastian\AppData\LocalLow\EmieSiteList 2015-11-03 21:27 - 2014-06-03 20:26 - 00000000 __SHD C:\Users\Sebastian\AppData\Local\EmieUserList 2015-11-03 21:27 - 2014-06-03 20:26 - 00000000 __SHD C:\Users\Sebastian\AppData\Local\EmieSiteList 2015-11-03 20:35 - 2014-06-03 11:30 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Adobe 2015-11-03 19:41 - 2015-07-31 00:36 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-11-03 19:40 - 2014-05-24 01:28 - 00000000 ____D C:\ProgramData\Adobe 2015-11-03 19:40 - 2014-05-24 01:27 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-03 19:20 - 2015-10-04 18:01 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-11-03 19:20 - 2015-10-04 18:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-03 11:13 - 2015-07-29 23:01 - 00002413 _____ C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-02-02 23:12 - 2015-02-02 23:12 - 0448512 _____ (OldTimer Tools) C:\Program Files\TFC.exe 2015-07-25 16:45 - 2015-07-25 16:45 - 0000132 _____ () C:\Users\Sebastian\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen 2014-07-11 13:12 - 2014-07-11 13:12 - 0007609 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg 2015-07-29 22:04 - 2015-07-29 22:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Sebastian\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\Sebastian\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Sebastian\AppData\Local\Temp\proxy_vole4945012496934543345.dll C:\Users\Sebastian\AppData\Local\Temp\sqlite3.dll C:\Users\Sebastian\AppData\Local\Temp\ytb.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-28 20:57 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015
durchgeführt von Sebastian (2015-12-02 21:19:29)
Gestartet von C:\Users\Sebastian\Desktop
Windows 10 Home (X64) (2015-07-29 21:52:30)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1137542381-2127988082-735095979-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1137542381-2127988082-735095979-503 - Limited - Disabled)
Gast (S-1-5-21-1137542381-2127988082-735095979-501 - Limited - Disabled)
Sebastian (S-1-5-21-1137542381-2127988082-735095979-1001 - Administrator - Enabled) => C:\Users\Sebastian
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.2002 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2001 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.2004.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2002 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 486539548.4759644.48.2147344384 - Audible, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
calibre (HKLM-x32\...\{59E75C53-7980-45AD-ADAA-733198B4BF7F}) (Version: 2.0.0 - Kovid Goyal)
ChromecastApp (HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HID Monitor (HKLM-x32\...\{31923C55-8208-4D0A-8AD6-3AE099A1A741}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.107.06300 (HKLM-x32\...\{12CEF785-A93B-15F6-1604-79E51E920A06}) (Version: 2.12.107.06300 - Sony)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.1.0 - Panda Security)
Panda Free Antivirus (Version: 7.82.00.0000 - Panda Security) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.313.1 - Tracker Software Products Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony PC Companion 2.10.297 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.297 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Ultimate EPubsoft DRM Removal 8.5.5 (HKLM-x32\...\{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}) (Version: 8.5.5 - EPUBSOFT)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.0.2014.0 - BillP Studios)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
==================== Wiederherstellungspunkte =========================
16-11-2015 13:54:40 Windows Update
19-11-2015 23:12:41 Wiederherstellungsvorgang
25-11-2015 19:55:02 Removed Microsoft Silverlight
25-11-2015 19:57:13 Removed Bonjour
28-11-2015 22:17:50 Windows Update
02-12-2015 20:34:56 Windows Update
02-12-2015 20:56:03 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-05-30 22:12 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {050239EC-8061-4E36-99DB-05AC33ED6B74} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {12961FFE-54D0-41E5-BC08-48897D3A836F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {16D1098A-A8E1-4D46-82CC-E730C469FA18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {3CBA2C9B-C5BC-4F5B-BA98-CCA145CA91E8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6246029B-44B2-4BF1-9B36-9E4CC6B00739} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {6726422F-B0C6-4477-8DFF-58823636C76D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-12-06] (Acer Incorporated)
Task: {675C8EFE-4164-414E-870C-6DBA51E5045E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {6E2A6D95-6070-4912-BE17-5EF3B32D9648} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {703D4BF8-023E-405A-96EB-1C7C784E071C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {719F5CCF-26AA-458F-B5D3-2CC48E95B950} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {72D20222-5DA7-4D33-8EFE-49D9A0F07E0E} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {84305704-F602-49C3-A7E2-493475BC5D1D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-08-11] (Microsoft Corporation)
Task: {88FC726F-3744-468A-8B40-BF858D4A06E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {99BA225D-5B57-4301-A543-170D52CB0F01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A40C7446-846C-4275-A192-8857F1D9FE32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {B15B1300-AFC3-47FD-9C55-818E96A1D639} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B7ACEEB9-B854-4B7A-B2B2-18870C40C8D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001Core => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {C02348C5-9990-45CB-B7E0-BD37582CB368} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {C18259EF-56A6-4257-9A5C-4DB31FB8BDC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C55D4163-FC3E-4E14-9DCB-A3917A807EC3} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C9A4AB39-5C6D-4F75-9380-297BF02BEA16} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {D8A6A533-E1E9-4CF4-BA49-9C93820EBF5A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {DA52E2F0-8665-452A-A9AE-B3840B11DA98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DBD484D3-3F4B-480F-90D9-AD4C63CF9B8C} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {DD15A4B5-F0EB-414A-B778-BD8454D37CE1} - System32\Tasks\{30535103-F6E1-4BFD-ACE7-6E9B0CE64FB2} => pcalua.exe -a C:\Users\Sebastian\Downloads\ID_CS2_GR_NonRet.exe -d C:\Users\Sebastian\Downloads
Task: {DF47DEFA-AEDB-4AF1-A6B1-480BCCAB4938} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {E2893CCF-B1FB-46D7-98E7-802A4DF2A031} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-02] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001Core.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-29 22:52 - 2015-07-29 22:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 13:12 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 15:59 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 15:59 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-09 13:01 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-10-01 15:58 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 15:59 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 15:58 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 15:58 - 2015-09-17 06:49 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-10-01 15:58 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 15:59 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-29 22:52 - 2015-07-29 22:52 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-07-29 22:52 - 2015-07-29 22:52 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node
2015-07-10 12:00 - 2015-07-10 17:45 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00961536 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00204288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00074240 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.networking\bin\NodeRT_Windows_Networking.node
2015-07-10 12:00 - 2015-07-10 17:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-29 22:52 - 2015-07-29 22:52 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-07-29 22:52 - 2015-07-29 22:52 - 00124416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2015-10-01 15:58 - 2015-09-17 06:43 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-01 15:59 - 2015-09-17 06:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-01 15:58 - 2015-09-17 06:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-11-21 08:20 - 2015-11-21 08:20 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-11-21 08:20 - 2015-11-21 08:20 - 11526656 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 11:43 - 2015-11-20 11:43 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-11-26 20:11 - 2015-11-26 20:11 - 03494400 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2013-09-09 12:22 - 2013-02-18 06:38 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-09 13:01 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-12-02 20:24 - 2015-11-24 09:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-02 20:24 - 2015-11-24 09:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\100sexlinks.com -> 100sexlinks.com
Da befinden sich 5317 mehr Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\caspar-david-friedrich-der-monch-am-meer-der-monch-am-meer.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0214c"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "Sony PC Companion"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{08B0DADE-F5AF-4FEE-B222-9D1F9CA1674B}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{A7713674-9AE4-487E-8F3C-1A3F09616C34}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{258C9A66-D65B-4D04-A981-738F5CC9F89F}] => (Allow) LPort=1900
FirewallRules: [{0740175D-3B68-4615-B172-48C84D00FCA5}] => (Allow) LPort=2869
FirewallRules: [{57E6E213-6364-405E-9E81-76E51EF48813}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{92913F68-4B4C-4404-B861-516763E14686}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{A413FD5D-F951-4A8E-BB42-7B2AF6BBC4C3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{09C5739E-59BB-4408-85F1-E26FF932A56D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{44F53036-DE68-4DE8-964C-C1FAFB6B2465}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{FE8C8649-AE5C-4207-A161-E3AEC91AF5C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A2A356C-2EBC-436E-A331-2E6CC873A535}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D852A01-39BB-420B-BEA9-0E5E38A192AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B295BAD-4ED5-4863-BA03-0EAC677C2828}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{8B04EE6A-8393-4E5D-BBBE-D050B72ED6FC}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{BA4A3EC9-7077-4C58-8DAC-3CB249D8D053}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B7A69F55-1493-4218-A936-5CCA34D03996}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{37DC4800-C06B-4743-923C-94E0B77432F3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{9A344EC6-E90E-41DE-A4C9-1EB0959C6988}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{F70DB652-DC66-4D1E-8A40-1C45E3973E4B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{73B8392B-261E-494D-9551-AE844FEE4F2F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{CB1EFA0A-2F27-486E-B514-B141CA0988A6}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{E9EFEFF8-3840-458F-88C8-D027F205B63A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{81B8F512-CB08-43AA-BB94-05DBEA67730E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{AFB42729-9013-4D3A-B7A9-2AFD0F5860DA}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{7C9F8659-8C4D-4737-B83A-B848581025AE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{E6ED67D8-0DBF-414B-8473-32D783B15C38}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{72707831-8D9D-41DE-BB1D-332DF3ACF85B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{A473CBE5-B1AA-4EA9-BA43-B6BFD64830F3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{0BF695B0-12FC-47B4-AA1B-3144DF34F430}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{A5C31CF7-785E-47F3-92AC-35FF11F716BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{B7E3DC7D-72D9-4644-B799-EEB8E26BAA78}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{E2CC49C7-A7C1-4BE8-979B-F80A6E243718}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{D8722001-B5A4-4715-A7D0-E688495CB149}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{881AE928-4763-4083-90D8-809C3C8D8F64}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{80EB33EF-6788-4B99-8DBA-6C998025484F}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{E8126C62-560B-4A4D-A824-D4F52F11177C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{35767A33-008A-49A5-B0AB-897DA70412A3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{603BFC61-9037-4D31-99EC-4B01DE0D0869}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3F68929C-5858-4540-90DA-8557A4125B3B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{E5B36476-F663-452B-83DD-69C40D709C8B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{BCAB0193-AE02-43A3-8A80-94FB94C64FAC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{79D3AD6A-BD2F-46A7-A415-BA8CB006A79C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{1CCC6D7A-2B94-4BFE-877B-69CED4127195}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BAA03EBE-447E-4C44-A694-8F8A9434B341}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{400948F9-77AF-4AAA-B863-C5A77C749149}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{B75B4F8A-948A-4379-9BB8-BA3A17855C10}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{CC1F09E0-432C-4C9C-B2F8-46B22B9E9CF9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{9C900CF0-FBB9-4507-8D69-0C1C989BE6B4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{20C7BE15-1AF4-4E89-B7B7-A671C706224C}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2214EC07-082B-4563-A108-C9CA3F42BB84}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{8BB7153F-9B33-4239-B396-1C0840D6D2D2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{4A960E85-0FFE-4B7B-887F-F2D2ADFBA016}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{09C1FB59-BC6D-4EC8-BD97-15E42EF2078E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{1727CECE-4023-4B8F-9CED-F0D56419FD52}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{3D209863-22AA-40E8-BEDD-C88E388F4477}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{1CD6182F-78CC-45F8-8259-2884DEBCDBF6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{D5833126-7A6E-4319-8316-CDFBE0621595}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46112966-A5C5-4386-9C6A-135C03D9908E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E578D48A-2C74-48D1-A615-736FDC4AA123}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F9A82A7C-E546-4DAF-A537-34A2BE64409A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/02/2015 08:56:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (12/02/2015 08:35:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (12/01/2015 08:09:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CHEMICALWORLD)
Description: Das Paket „Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (11/30/2015 09:01:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHEMICALWORLD)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/30/2015 08:58:02 PM) (Source: YSearchUtilSvc) (EventID: 0) (User: )
Description: YSearchUtilSvc error: Der Vorgang wurde erfolgreich beendet. (0x0)Could not open service (1060)
Error: (11/29/2015 08:53:43 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1240) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (11/29/2015 08:53:43 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1240) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (11/29/2015 08:53:33 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1240) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (11/29/2015 08:53:33 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1240) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (11/29/2015 08:53:23 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1240) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Systemfehler:
=============
Error: (12/02/2015 08:53:43 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/02/2015 08:53:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/02/2015 08:53:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/02/2015 08:50:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/02/2015 08:48:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/02/2015 08:48:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/02/2015 08:48:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/02/2015 08:48:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/02/2015 08:47:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (12/02/2015 08:47:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706be fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1, 10 und Windows Server 2012, 2012 R2 x64 Edition - November 2015 (KB890830)
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU 2127U @ 1.90GHz
Prozentuale Nutzung des RAM: 54%
Installierter physikalischer RAM: 3971.27 MB
Verfügbarer physikalischer RAM: 1814.08 MB
Summe virtueller Speicher: 4739.27 MB
Verfügbarer virtueller Speicher: 2386.8 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:449.11 GB) (Free:228.63 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 29EE9349)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
03.12.2015, 15:50
| #7 |
| /// the machine /// TB-Ausbilder | Laptop mit Windows 10 hängtESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2015, 00:50
| #8 |
| | Laptop mit Windows 10 hängt Leider gibts ein Problem: Habe Eset laufen lassen, das hat sechs Trojaner gefunden. Leider gabs nach dem Suchlauf wohl ein Windows-Systemupdate. Als ich eben wieder an meinen Laptop wollte, musste ich ihn neu starten und es kamen dann diese üblichen Windows Startmeldungen, wie als wenn man einen Laptop neu einrichtet. Ging dann alles automatisch, Windows ist hochgefahren, nur sind jetzt die Symbole auf meiner Taskleiste weg, bzw nicht mehr sichtbar. Kann auch nichts neues drauf ziehen. Und wenn ich Chrome beispielsweise minimiere, ist das Fenster danach paraktisch weg, weil ichs über die scheinbar leere Taskleiste nicht mehr öffnen kann. Habe dann jetzt trotzdem irgendwie die noch die anderen Scans ausführen können. Hier die Logfiles: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=73713ffbed0f744c8326d814b714ca2a
# end=init
# utc_time=2015-12-03 10:23:39
# local_time=2015-12-03 11:23:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27032
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=73713ffbed0f744c8326d814b714ca2a
# end=updated
# utc_time=2015-12-03 10:31:49
# local_time=2015-12-03 11:31:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=73713ffbed0f744c8326d814b714ca2a
# end=restart
# utc_time=2015-12-04 08:00:07
# local_time=2015-12-04 09:00:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# compatibility_mode_1='Panda Free Antivirus'
# compatibility_mode=1557 16777213 87 100 4055119 235411981 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12669932 22089473 0 0
# scanned=133801
# found=7
# cleaned=0
# scan_time=34098
sh=84320EE6A5C04D503A70AB990B13605213C90E28 ft=1 fh=cb7326537a6c95aa vn="Variante von Android/Exploit.Lotoor.EW Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1137542381-2127988082-735095979-1001\$RHS7BOR.exe"
sh=7409EB1DEB8CFD42D98587492C38BEB47E805B68 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1137542381-2127988082-735095979-1001\$RO38NMW.apk"
sh=C01917EA39FB01AA4C6BFF5E181C1E8D69DC8815 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1137542381-2127988082-735095979-1001\$RA3G7OZ\files\libexploit.so"
sh=C01917EA39FB01AA4C6BFF5E181C1E8D69DC8815 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1137542381-2127988082-735095979-1001\$RHVFB6B\libexploit.so"
sh=7409EB1DEB8CFD42D98587492C38BEB47E805B68 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1137542381-2127988082-735095979-1001\$RHVFB6B\towelroot_v3.apk"
sh=16E2E4E68F197DF16CBB4A3C15337F000573B115 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.EW Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1137542381-2127988082-735095979-1001\$RUX4NFQ\custom\root\run_root_shell\run_root_shell"
sh=90A440A11B158CACC211196FF49670F6F38EB760 ft=1 fh=8b2ddc3358c7903c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.013 --- 11/28/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Panda Free Antivirus Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 66 Adobe Flash Player 19.0.0.245 Mozilla Firefox 41.0.2 Firefox out of Date! Google Chrome (46.0.2490.86) Google Chrome (47.0.2526.73) Google Chrome (Plugins...) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von Sebastian (Administrator) auf CHEMICALWORLD (05-12-2015 00:31:45) Gestartet von C:\Users\Sebastian\Desktop Geladene Profile: Sebastian (Verfügbare Profile: Sebastian) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\nacl64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Sebastian\Desktop\FRST64 (2).exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-27] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-07-29] (Synaptics Incorporated) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-24] (BillP Studios) HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\Run: [Google Update] => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc.) HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sebastian\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-08-17] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{1724859f-46f9-4f12-a3e2-cf0bb1297a22}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1137542381-2127988082-735095979-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.skygo.sky.de/sport/live-planer/alle/liveplanner/sportsection/123.html HKU\S-1-5-21-1137542381-2127988082-735095979-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001 -> DefaultScope {A63E47FD-E6C3-49DE-BFAB-C9F5B99EFED5} URL = SearchScopes: HKU\S-1-5-21-1137542381-2127988082-735095979-1001 -> {B06F9FF8-F6EF-42B8-B6CC-85BB1240B0B1} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-29] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-29] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904 FF Homepage: hxxps://de.yahoo.com/?type=orcl_hpset FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1137542381-2127988082-735095979-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC) FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904\searchplugins\yahoo-ysp.xml [2015-11-29] FF Extension: New Tab by Yahoo - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\c0ri7imr.default-1445468894904\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [ist nicht signiert] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (Google Cast) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-21] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25] CHR Extension: (Cloud Internet Explorer by IE-On-Chrome) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\enbepfpjlejecgbmaijolhgjmpkiimcd [2015-11-10] CHR Extension: (Google Play Musik) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-03] CHR Extension: (Google Docs Offline) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Store) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07] CHR HKU\S-1-5-21-1137542381-2127988082-735095979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sebastian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-25] CHR HKU\S-1-5-21-1137542381-2127988082-735095979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden> ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-06] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-12] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2013-02-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-18] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-29] (Synaptics Incorporated) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-05] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.) S1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-29] (Synaptics Incorporated) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert] S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-05 00:31 - 2015-12-05 00:31 - 02350080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64 (2).exe 2015-12-05 00:31 - 2015-12-05 00:31 - 02350080 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64 (2).exe 2015-12-05 00:29 - 2015-12-05 00:29 - 00852771 _____ C:\Users\Sebastian\Desktop\SecurityCheck.exe 2015-12-05 00:28 - 2015-12-05 00:28 - 00852771 _____ C:\Users\Sebastian\Downloads\SecurityCheck.exe 2015-12-05 00:25 - 2015-12-05 00:26 - 00001863 _____ C:\Users\Sebastian\Desktop\chrome.exe - Verknüpfung.lnk 2015-12-04 23:44 - 2015-12-04 23:44 - 00000000 ____D C:\Users\Sebastian\AppData\Local\ActiveSync 2015-12-04 23:41 - 2015-12-04 23:41 - 00000020 ___SH C:\Users\Sebastian\ntuser.ini 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Vorlagen 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Startmenü 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Eigene Dateien 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2015-12-04 10:17 - 2015-12-04 10:17 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-12-04 10:05 - 2015-12-04 10:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2015-12-04 09:52 - 2015-12-04 09:52 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-04 09:43 - 2015-12-04 09:56 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2015-12-04 09:40 - 2015-12-04 23:58 - 00000000 ____D C:\Users\Sebastian 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Vorlagen 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Startmenü 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Netzwerkumgebung 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Lokale Einstellungen 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Eigene Dateien 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Druckumgebung 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Documents\Eigene Videos 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Documents\Eigene Musik 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Documents\Eigene Bilder 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\AppData\Local\Verlauf 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\AppData\Local\Anwendungsdaten 2015-12-04 09:40 - 2015-12-04 09:40 - 00000000 _SHDL C:\Users\Sebastian\Anwendungsdaten 2015-12-04 09:37 - 2015-12-04 09:37 - 00646947 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip 2015-12-04 09:37 - 2015-12-04 09:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2015-12-04 09:37 - 2015-12-04 09:37 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2015-12-04 09:37 - 2015-12-04 09:37 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2015-12-04 09:37 - 2015-12-04 09:37 - 00000000 ____D C:\Program Files\Realtek 2015-12-04 09:37 - 2015-12-04 09:37 - 00000000 ____D C:\Program Files\Common Files\Atheros 2015-12-04 09:36 - 2015-12-04 09:44 - 00000000 ____D C:\Program Files\Intel 2015-12-04 09:36 - 2015-12-04 09:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-12-04 09:36 - 2015-12-04 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2015-12-04 09:36 - 2015-12-04 09:36 - 00000000 ____D C:\Program Files\Synaptics 2015-12-04 09:36 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2015-12-04 09:36 - 2015-10-12 10:42 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2015-12-04 09:36 - 2015-10-12 10:42 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2015-12-04 09:32 - 2015-12-04 09:57 - 04825648 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-04 09:31 - 2015-12-04 23:44 - 00000000 ___DC C:\WINDOWS\Panther 2015-12-04 09:26 - 2015-12-04 09:26 - 00000000 ____D C:\Windows.old 2015-12-04 09:25 - 2015-12-04 09:25 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 22394880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 13380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 12124672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 03670832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2015-12-04 09:25 - 2015-12-04 09:25 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2015-12-04 09:25 - 2015-12-04 09:25 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-04 09:25 - 2015-12-04 09:25 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-04 09:25 - 2015-12-04 09:25 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2015-12-04 09:25 - 2015-12-04 09:25 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2015-12-04 09:25 - 2015-12-04 09:25 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys 2015-12-04 09:25 - 2015-12-04 09:25 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe 2015-12-04 09:25 - 2015-12-04 09:25 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2015-12-04 09:25 - 2015-12-04 09:25 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-12-04 09:22 - 2015-12-04 09:22 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2015-12-04 09:19 - 2015-12-04 09:19 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2015-12-04 09:19 - 2015-12-04 09:19 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-12-04 09:19 - 2015-12-04 09:19 - 00000000 ____D C:\Program Files\MSBuild 2015-12-04 09:19 - 2015-12-04 09:19 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-12-04 09:19 - 2015-12-04 09:19 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-12-04 09:18 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-12-04 09:18 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-12-04 09:18 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-12-04 09:18 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-12-04 09:18 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-12-04 09:18 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-12-03 23:22 - 2015-12-03 23:22 - 00000000 ____D C:\Program Files (x86)\ESET 2015-12-03 23:20 - 2015-12-03 23:22 - 02870984 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_deu.exe 2015-12-02 21:19 - 2015-12-02 21:22 - 00049109 _____ C:\Users\Sebastian\Desktop\Addition.txt 2015-12-02 21:17 - 2015-12-05 00:32 - 00025760 _____ C:\Users\Sebastian\Desktop\FRST.txt 2015-12-02 21:16 - 2015-12-02 21:17 - 02350080 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64 (1).exe 2015-12-02 21:16 - 2015-12-02 21:16 - 02350080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64 (1).exe 2015-12-02 21:04 - 2015-12-02 21:04 - 00000943 _____ C:\Users\Sebastian\Desktop\JRT.txt 2015-12-02 20:55 - 2015-12-02 20:55 - 01599336 _____ (Malwarebytes) C:\Users\Sebastian\Downloads\JRT.exe 2015-12-02 20:55 - 2015-12-02 20:55 - 01599336 _____ (Malwarebytes) C:\Users\Sebastian\Desktop\JRT.exe 2015-12-02 20:36 - 2015-12-02 20:46 - 00000000 ____D C:\96510fbd0fbef193b6d646e675c482 2015-12-02 20:30 - 2015-12-02 20:46 - 00000000 ____D C:\AdwCleaner 2015-12-02 20:28 - 2015-12-02 20:28 - 01736704 _____ C:\Users\Sebastian\Downloads\AdwCleaner_5.023.exe 2015-12-02 20:28 - 2015-12-02 20:28 - 01736704 _____ C:\Users\Sebastian\Desktop\AdwCleaner_5.023.exe 2015-12-01 20:36 - 2015-12-01 20:55 - 00272372 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_20.36.34_log.txt 2015-12-01 20:36 - 2015-12-01 20:36 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Sebastian\Desktop\tdsskiller.exe 2015-12-01 20:34 - 2015-12-01 20:34 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Sebastian\Downloads\tdsskiller.exe 2015-12-01 19:37 - 2015-12-01 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-01 19:34 - 2015-12-01 20:33 - 00000000 ____D C:\Users\Sebastian\Desktop\mbar 2015-12-01 19:33 - 2015-12-01 19:34 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sebastian\Downloads\mbar-1.09.3.1001.exe 2015-11-30 20:30 - 2015-11-30 20:36 - 00059396 _____ C:\Users\Sebastian\Downloads\Addition.txt 2015-11-30 20:28 - 2015-12-05 00:31 - 00000000 ____D C:\FRST 2015-11-30 20:28 - 2015-11-30 20:36 - 00057544 _____ C:\Users\Sebastian\Downloads\FRST.txt 2015-11-30 20:14 - 2015-11-30 20:24 - 02350080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2015-11-30 20:08 - 2015-12-05 00:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-30 20:08 - 2015-12-01 19:34 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-11-30 20:08 - 2015-11-30 20:08 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-30 20:08 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-11-30 20:07 - 2015-11-30 20:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-11-30 20:07 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-11-20 14:49 - 2015-11-20 14:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-11-20 14:07 - 2015-12-04 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2015-11-20 05:13 - 2015-11-20 05:13 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Android 2015-11-19 22:32 - 2015-11-19 22:32 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Mega Limited 2015-11-16 12:04 - 2015-12-04 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\Program Files\iTunes 2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\Program Files\iPod 2015-11-16 12:04 - 2015-11-16 12:04 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-11-13 15:16 - 2015-11-13 15:16 - 00561697 _____ C:\Users\Sebastian\Downloads\Mitgliedsantrag interaktiv.pdf 2015-11-13 15:16 - 2015-11-13 15:16 - 00037488 _____ C:\Users\Sebastian\Downloads\Mitgliedsantrag_Merkblatt_11-2014.pdf 2015-11-13 15:16 - 2015-11-13 15:16 - 00032378 _____ C:\Users\Sebastian\Downloads\Beitragseinzugsermächtigung.pdf 2015-11-10 14:41 - 2015-11-10 14:41 - 00005378 _____ C:\Users\Sebastian\Downloads\Antrag-Presseausweis-15.1048204.pdf 2015-11-10 14:33 - 2015-11-10 14:33 - 00035840 _____ C:\Users\Sebastian\Downloads\Formular Passierscheinausgabe 2016 (2).xls 2015-11-10 14:31 - 2015-11-10 14:31 - 00035840 _____ C:\Users\Sebastian\Downloads\Formular Passierscheinausgabe 2016.xls 2015-11-10 14:31 - 2015-11-10 14:31 - 00035840 _____ C:\Users\Sebastian\Downloads\Formular Passierscheinausgabe 2016 (1).xls 2015-11-09 19:26 - 2015-11-09 19:26 - 10096216 _____ (Google Inc.) C:\Users\Sebastian\Downloads\WidevineMediaOptimizerChrome (1).exe 2015-11-09 18:48 - 2015-11-09 18:48 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IDM 2015-11-09 18:48 - 2015-11-09 18:48 - 00000000 ____D C:\ProgramData\IDM 2015-11-09 18:47 - 2015-11-09 18:47 - 10096216 _____ (Google Inc.) C:\Users\Sebastian\Downloads\WidevineMediaOptimizerChrome.exe ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-05 00:22 - 2015-10-31 14:59 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-05 00:00 - 2013-11-23 18:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52BAE3CE-E0CD-4712-AE6A-27340BC859C5} 2015-12-04 23:50 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-04 23:45 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog 2015-12-04 23:45 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-12-04 23:45 - 2013-11-19 10:39 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Packages 2015-12-04 23:44 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-12-04 23:44 - 2013-11-19 11:23 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-04 23:43 - 2014-06-27 19:24 - 00000000 __SHD C:\Users\Sebastian\IntelGraphicsProfiles 2015-12-04 23:43 - 2013-11-19 16:23 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-04 23:42 - 2014-06-27 22:32 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-12-04 10:41 - 2015-08-04 20:27 - 00001164 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA.job 2015-12-04 10:39 - 2013-11-19 11:23 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-04 10:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2015-12-04 10:18 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2015-12-04 10:17 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT 2015-12-04 10:16 - 2013-11-19 21:14 - 00043818 _____ C:\WINDOWS\diagwrn.xml 2015-12-04 10:16 - 2013-11-19 21:14 - 00043818 _____ C:\WINDOWS\diagerr.xml 2015-12-04 10:13 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2015-12-04 10:13 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration 2015-12-04 10:05 - 2015-10-31 14:59 - 00003098 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-12-04 10:05 - 2015-10-30 19:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-04 10:05 - 2015-10-30 19:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-04 10:05 - 2015-10-17 13:38 - 00002588 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2015-12-04 10:05 - 2015-08-04 20:27 - 00003928 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA 2015-12-04 10:05 - 2015-08-04 20:27 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001Core 2015-12-04 10:05 - 2015-07-31 00:36 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-12-04 10:05 - 2015-07-29 22:34 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-04 10:05 - 2014-05-24 01:39 - 00002094 _____ C:\WINDOWS\System32\Tasks\{30535103-F6E1-4BFD-ACE7-6E9B0CE64FB2} 2015-12-04 10:05 - 2014-02-16 17:28 - 00002592 _____ C:\WINDOWS\System32\Tasks\AcerCloud 2015-12-04 10:05 - 2013-11-19 21:27 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat 2015-12-04 10:05 - 2013-11-19 11:23 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-04 10:05 - 2013-11-19 11:23 - 00003434 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-04 10:05 - 2013-11-19 10:53 - 00002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1137542381-2127988082-735095979-1001 2015-12-04 10:05 - 2013-09-09 12:53 - 00002248 _____ C:\WINDOWS\System32\Tasks\Power Management 2015-12-04 10:05 - 2013-09-09 12:36 - 00001848 _____ C:\WINDOWS\System32\Tasks\Dolby Selector 2015-12-04 10:05 - 2013-09-09 12:25 - 00002876 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1137542381-2127988082-735095979-500 2015-12-04 10:05 - 2013-07-03 13:14 - 00003752 _____ C:\WINDOWS\System32\Tasks\ALUAgent 2015-12-04 10:05 - 2013-07-03 13:14 - 00002778 _____ C:\WINDOWS\System32\Tasks\ALU 2015-12-04 10:05 - 2013-07-03 13:14 - 00002238 _____ C:\WINDOWS\System32\Tasks\Launch Manager 2015-12-04 10:04 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-04 10:04 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-04 09:56 - 2015-10-30 19:44 - 00000000 ____D C:\WINDOWS\ShellNew 2015-12-04 09:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help 2015-12-04 09:56 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-04 09:56 - 2015-10-30 07:28 - 04980736 ___SH C:\WINDOWS\system32\config\BBI 2015-12-04 09:56 - 2015-10-30 07:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM 2015-12-04 09:56 - 2015-10-30 07:28 - 00000000 ____D C:\Windows 2015-12-04 09:56 - 2015-09-30 10:42 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast 2015-12-04 09:56 - 2015-04-08 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus 2015-12-04 09:56 - 2015-04-01 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2015-12-04 09:56 - 2015-03-31 20:30 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-04 09:56 - 2015-03-31 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-04 09:56 - 2014-11-20 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-04 09:56 - 2014-11-04 14:35 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps 2015-12-04 09:56 - 2014-10-24 18:20 - 00000000 ____D C:\WINDOWS\de 2015-12-04 09:56 - 2014-09-10 14:14 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ 2015-12-04 09:56 - 2014-08-22 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-12-04 09:56 - 2014-06-28 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-12-04 09:56 - 2014-06-27 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-12-04 09:56 - 2014-06-19 10:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2015-12-04 09:56 - 2014-06-19 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2015-12-04 09:56 - 2014-06-19 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5 2015-12-04 09:56 - 2014-04-01 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager 2015-12-04 09:56 - 2014-02-09 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2015-12-04 09:56 - 2013-11-19 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-12-04 09:56 - 2013-11-19 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-12-04 09:56 - 2013-07-03 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2015-12-04 09:56 - 2013-07-03 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-12-04 09:53 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated 2015-12-04 09:48 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep 2015-12-04 09:48 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz 2015-12-04 09:48 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2015-12-04 09:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-12-04 09:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool 2015-12-04 09:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-04 09:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-04 09:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod 2015-12-04 09:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\IME 2015-12-04 09:47 - 2013-11-19 16:28 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-04 09:47 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared 2015-12-04 09:47 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2015-12-04 09:45 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\DigitalLocker 2015-12-04 09:45 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-12-04 09:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-12-04 09:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod 2015-12-04 09:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS 2015-12-04 09:44 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate 2015-12-04 09:44 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-04 09:44 - 2014-09-21 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-12-04 09:44 - 2014-08-22 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT 2015-12-04 09:44 - 2013-09-09 12:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-12-04 09:44 - 2013-07-03 13:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-12-04 09:39 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-12-04 09:32 - 2015-10-30 19:55 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2015-12-04 09:31 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2015-12-04 09:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-12-04 09:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-12-04 09:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning 2015-12-04 09:26 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-04 09:26 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-12-04 09:26 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-12-04 09:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2015-12-04 09:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-12-04 09:01 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-04 09:00 - 2014-03-28 18:04 - 00000000 __RDO C:\Users\Sebastian\SkyDrive 2015-12-02 20:36 - 2013-11-19 16:28 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-30 20:58 - 2014-09-15 13:15 - 00000000 ____D C:\ProgramData\Sony Mobile 2015-11-30 20:08 - 2014-01-22 20:54 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Malwarebytes 2015-11-29 15:17 - 2013-07-03 13:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-29 14:52 - 2014-11-20 21:44 - 00000000 ____D C:\ProgramData\Oracle 2015-11-29 14:52 - 2014-11-20 21:44 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-29 14:51 - 2014-11-20 21:45 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-11-27 19:55 - 2015-11-03 19:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-23 20:23 - 2015-06-11 17:40 - 00000000 ____D C:\Users\Sebastian\Documents\Elisa 2015-11-16 12:04 - 2014-06-27 16:40 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-11-13 16:41 - 2013-11-25 22:03 - 00000000 ____D C:\Users\Sebastian\Documents\Job 2015-11-11 12:04 - 2013-11-19 11:25 - 00000000 ____D C:\ProgramData\Microsoft Help ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-02-02 23:12 - 2015-02-02 23:12 - 0448512 _____ (OldTimer Tools) C:\Program Files\TFC.exe 2015-07-25 16:45 - 2015-07-25 16:45 - 0000132 _____ () C:\Users\Sebastian\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen 2014-07-11 13:12 - 2014-07-11 13:12 - 0007609 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg 2015-12-04 09:37 - 2015-12-04 09:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-04 09:31 ==================== Ende von FRST.txt ============================ |
|
05.12.2015, 01:01
| #9 |
| | Laptop mit Windows 10 hängt Und hier noch die Addition.txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015
durchgeführt von Sebastian (2015-12-05 00:33:25)
Gestartet von C:\Users\Sebastian\Desktop
Windows 10 Home (X64) (2015-12-04 09:18:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1137542381-2127988082-735095979-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1137542381-2127988082-735095979-503 - Limited - Disabled)
Gast (S-1-5-21-1137542381-2127988082-735095979-501 - Limited - Disabled)
Sebastian (S-1-5-21-1137542381-2127988082-735095979-1001 - Administrator - Enabled) => C:\Users\Sebastian
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.2002 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2001 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.2004.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2002 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 486539548.4759644.48.2147344384 - Audible, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
calibre (HKLM-x32\...\{59E75C53-7980-45AD-ADAA-733198B4BF7F}) (Version: 2.0.0 - Kovid Goyal)
ChromecastApp (HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HID Monitor (HKLM-x32\...\{31923C55-8208-4D0A-8AD6-3AE099A1A741}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.107.06300 (HKLM-x32\...\{12CEF785-A93B-15F6-1604-79E51E920A06}) (Version: 2.12.107.06300 - Sony)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.1.0 - Panda Security)
Panda Free Antivirus (Version: 7.82.00.0000 - Panda Security) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.313.1 - Tracker Software Products Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony PC Companion 2.10.297 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.297 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Ultimate EPubsoft DRM Removal 8.5.5 (HKLM-x32\...\{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}) (Version: 8.5.5 - EPUBSOFT)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.0.2014.0 - BillP Studios)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1137542381-2127988082-735095979-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => Keine Datei
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-05-30 22:12 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {050239EC-8061-4E36-99DB-05AC33ED6B74} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {12961FFE-54D0-41E5-BC08-48897D3A836F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {16D1098A-A8E1-4D46-82CC-E730C469FA18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {36FE77A1-8764-49C4-9764-896F9C947EA8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-02] (Microsoft Corporation)
Task: {3CBA2C9B-C5BC-4F5B-BA98-CCA145CA91E8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6246029B-44B2-4BF1-9B36-9E4CC6B00739} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {6726422F-B0C6-4477-8DFF-58823636C76D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-12-06] (Acer Incorporated)
Task: {675C8EFE-4164-414E-870C-6DBA51E5045E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {6E2A6D95-6070-4912-BE17-5EF3B32D9648} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {703D4BF8-023E-405A-96EB-1C7C784E071C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {719F5CCF-26AA-458F-B5D3-2CC48E95B950} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {72D20222-5DA7-4D33-8EFE-49D9A0F07E0E} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {84305704-F602-49C3-A7E2-493475BC5D1D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-10-30] (Microsoft Corporation)
Task: {88FC726F-3744-468A-8B40-BF858D4A06E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {99BA225D-5B57-4301-A543-170D52CB0F01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A40C7446-846C-4275-A192-8857F1D9FE32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {B15B1300-AFC3-47FD-9C55-818E96A1D639} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B7ACEEB9-B854-4B7A-B2B2-18870C40C8D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001Core => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {C02348C5-9990-45CB-B7E0-BD37582CB368} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {C18259EF-56A6-4257-9A5C-4DB31FB8BDC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C55D4163-FC3E-4E14-9DCB-A3917A807EC3} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C9A4AB39-5C6D-4F75-9380-297BF02BEA16} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {D8A6A533-E1E9-4CF4-BA49-9C93820EBF5A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {DA52E2F0-8665-452A-A9AE-B3840B11DA98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DBD484D3-3F4B-480F-90D9-AD4C63CF9B8C} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {DD15A4B5-F0EB-414A-B778-BD8454D37CE1} - System32\Tasks\{30535103-F6E1-4BFD-ACE7-6E9B0CE64FB2} => pcalua.exe -a C:\Users\Sebastian\Downloads\ID_CS2_GR_NonRet.exe -d C:\Users\Sebastian\Downloads
Task: {DF47DEFA-AEDB-4AF1-A6B1-480BCCAB4938} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001Core.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1137542381-2127988082-735095979-1001UA.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-04 09:25 - 2015-12-04 09:25 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-04 09:25 - 2015-12-04 09:25 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-04 09:25 - 2015-12-04 09:25 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-04 09:25 - 2015-12-04 09:25 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-04 09:25 - 2015-12-04 09:25 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-12-04 09:25 - 2015-12-04 09:25 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-12-04 09:25 - 2015-12-04 09:25 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-04 09:25 - 2015-12-04 09:25 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 08:18 - 2015-10-30 19:44 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2013-09-09 12:22 - 2013-02-18 06:38 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-09 13:01 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-12-02 20:24 - 2015-11-24 09:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-02 20:24 - 2015-11-24 09:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\100sexlinks.com -> 100sexlinks.com
Da befinden sich 5317 mehr Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\caspar-david-friedrich-der-monch-am-meer-der-monch-am-meer.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0214c"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1137542381-2127988082-735095979-1001\...\StartupApproved\Run: => "Sony PC Companion"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F9A82A7C-E546-4DAF-A537-34A2BE64409A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E578D48A-2C74-48D1-A615-736FDC4AA123}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{46112966-A5C5-4386-9C6A-135C03D9908E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5833126-7A6E-4319-8316-CDFBE0621595}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CD6182F-78CC-45F8-8259-2884DEBCDBF6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{3D209863-22AA-40E8-BEDD-C88E388F4477}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{1727CECE-4023-4B8F-9CED-F0D56419FD52}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{09C1FB59-BC6D-4EC8-BD97-15E42EF2078E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{4A960E85-0FFE-4B7B-887F-F2D2ADFBA016}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{8BB7153F-9B33-4239-B396-1C0840D6D2D2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{2214EC07-082B-4563-A108-C9CA3F42BB84}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{20C7BE15-1AF4-4E89-B7B7-A671C706224C}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9C900CF0-FBB9-4507-8D69-0C1C989BE6B4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{CC1F09E0-432C-4C9C-B2F8-46B22B9E9CF9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B75B4F8A-948A-4379-9BB8-BA3A17855C10}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{400948F9-77AF-4AAA-B863-C5A77C749149}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{BAA03EBE-447E-4C44-A694-8F8A9434B341}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{1CCC6D7A-2B94-4BFE-877B-69CED4127195}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{79D3AD6A-BD2F-46A7-A415-BA8CB006A79C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BCAB0193-AE02-43A3-8A80-94FB94C64FAC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{E5B36476-F663-452B-83DD-69C40D709C8B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{3F68929C-5858-4540-90DA-8557A4125B3B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{603BFC61-9037-4D31-99EC-4B01DE0D0869}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{35767A33-008A-49A5-B0AB-897DA70412A3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E8126C62-560B-4A4D-A824-D4F52F11177C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{80EB33EF-6788-4B99-8DBA-6C998025484F}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{881AE928-4763-4083-90D8-809C3C8D8F64}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{D8722001-B5A4-4715-A7D0-E688495CB149}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{E2CC49C7-A7C1-4BE8-979B-F80A6E243718}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{B7E3DC7D-72D9-4644-B799-EEB8E26BAA78}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{A5C31CF7-785E-47F3-92AC-35FF11F716BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{0BF695B0-12FC-47B4-AA1B-3144DF34F430}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{A473CBE5-B1AA-4EA9-BA43-B6BFD64830F3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{72707831-8D9D-41DE-BB1D-332DF3ACF85B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{E6ED67D8-0DBF-414B-8473-32D783B15C38}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{7C9F8659-8C4D-4737-B83A-B848581025AE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{AFB42729-9013-4D3A-B7A9-2AFD0F5860DA}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{81B8F512-CB08-43AA-BB94-05DBEA67730E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{E9EFEFF8-3840-458F-88C8-D027F205B63A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{CB1EFA0A-2F27-486E-B514-B141CA0988A6}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{73B8392B-261E-494D-9551-AE844FEE4F2F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{F70DB652-DC66-4D1E-8A40-1C45E3973E4B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{9A344EC6-E90E-41DE-A4C9-1EB0959C6988}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{37DC4800-C06B-4743-923C-94E0B77432F3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B7A69F55-1493-4218-A936-5CCA34D03996}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{BA4A3EC9-7077-4C58-8DAC-3CB249D8D053}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8B04EE6A-8393-4E5D-BBBE-D050B72ED6FC}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7B295BAD-4ED5-4863-BA03-0EAC677C2828}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D852A01-39BB-420B-BEA9-0E5E38A192AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A2A356C-2EBC-436E-A331-2E6CC873A535}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE8C8649-AE5C-4207-A161-E3AEC91AF5C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{44F53036-DE68-4DE8-964C-C1FAFB6B2465}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{09C5739E-59BB-4408-85F1-E26FF932A56D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{A413FD5D-F951-4A8E-BB42-7B2AF6BBC4C3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{92913F68-4B4C-4404-B861-516763E14686}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{57E6E213-6364-405E-9E81-76E51EF48813}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0740175D-3B68-4615-B172-48C84D00FCA5}] => (Allow) LPort=2869
FirewallRules: [{258C9A66-D65B-4D04-A981-738F5CC9F89F}] => (Allow) LPort=1900
FirewallRules: [{A7713674-9AE4-487E-8F3C-1A3F09616C34}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{08B0DADE-F5AF-4FEE-B222-9D1F9CA1674B}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/05/2015 00:24:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (12/05/2015 00:00:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CHEMICALWORLD)
Description: Das Paket „Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (12/04/2015 11:57:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.3010.0, Zeitstempel: 0x513fcd49
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.0, Zeitstempel: 0x5632d1de
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x1244
Startzeit der fehlerhaften Anwendung: 0xupdater.exe0
Pfad der fehlerhaften Anwendung: updater.exe1
Pfad des fehlerhaften Moduls: updater.exe2
Berichtskennung: updater.exe3
Vollständiger Name des fehlerhaften Pakets: updater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: updater.exe5
Error: (12/04/2015 11:57:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei updater.Report.AddFPToResult(updater.Result)
bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
bei updater.DownloadMgr.DownloadFile(System.String, System.String)
bei updater.DownloadMgr.Worker(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
Error: (12/04/2015 10:05:40 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
Error: (12/04/2015 10:00:07 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
Error: (12/04/2015 10:00:06 AM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: 0x8007085A
Error: (12/04/2015 10:00:04 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
Systemfehler:
=============
Error: (12/04/2015 11:42:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/04/2015 11:42:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error: (12/04/2015 11:03:07 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (12/04/2015 10:17:12 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (12/04/2015 10:16:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/04/2015 10:16:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Defender-Dienst erreicht.
Error: (12/04/2015 10:15:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (12/04/2015 10:15:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (12/04/2015 10:15:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (12/04/2015 10:13:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
CodeIntegrity:
===================================
Date: 2015-12-04 10:05:02.637
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-04 10:01:48.065
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-04 09:34:10.161
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU 2127U @ 1.90GHz
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 3971.27 MB
Verfügbarer physikalischer RAM: 1953.13 MB
Summe virtueller Speicher: 5379.27 MB
Verfügbarer virtueller Speicher: 3105.05 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:449.11 GB) (Free:223.8 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 29EE9349)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
05.12.2015, 22:21
| #10 |
| /// the machine /// TB-Ausbilder | Laptop mit Windows 10 hängt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Sonst noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.12.2015, 00:54
| #11 |
| | Laptop mit Windows 10 hängt Mir fällt nach ein bisschen rumprobieren nichts auf, schein ok zu laufen. Sind die von ESET gefundenen Trojaner jetzt weg? Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015
durchgeführt von Sebastian (2015-12-08 23:12:37) Run:1
Gestartet von C:\Users\Sebastian\Desktop
Geladene Profile: Sebastian & (Verfügbare Profile: Sebastian)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\$Recycle.Bin
Emptytemp:
*****************
C:\$Recycle.Bin => erfolgreich verschoben
EmptyTemp: => 1.2 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 23:16:24 ====
|
|
10.12.2015, 13:48
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop mit Windows 10 hängt Ich spring für schrauber ein. Die Funde mit ESET hat schrauber über FRST weggefixt. Da ist noch ein Fund in Panda wegen einer Toolbar gewesen. Wir empfehlen MSE oder Emsisoft zur verwenden.http://www.trojaner-board.de/166031-...-produkte.html Was ist an Problemen noch offen? Zitat:
Firefox muss umgehend aktualisiert werden.
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
10.12.2015, 19:46
| #13 |
| | Laptop mit Windows 10 hängt Danke. Firefox nutze ich eigentlich nie - dann am besten deinstallieren oder behalten und updaten? Java habe ich nach dieser https://www.java.com/de/download/help/uninstall_java.xml Anleitung deinstalliert. |
|
10.12.2015, 23:46
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop mit Windows 10 hängt Windows-Grundregel: Ungenutzte Software sollte man immer deinstallieren. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
11.12.2015, 15:56
| #15 |
| | Laptop mit Windows 10 hängt OK, habs deinstaliert. Nein, aktuell keine Probleme und habe nochmal MBAM durchlaufen lassen, das findet nichts. |
|
| Themen zu Laptop mit Windows 10 hängt |
| antivirus, desktop, device driver, dnsapi.dll, downloader, firefox, flash player, google, home, homepage, hängt, installation, langsam, launch, maus, mozilla, npdicihegicnhaangkdmcgbjceoemeoo, onedrive, problem, proxy, realtek, registry, scan, security, software, svchost.exe, symantec, windows, wlan, xperia, zeitlupe, zugriff verweigert |
