Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows reagiert oft nicht. Fund durch Avira

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.04.2016, 14:51   #1
StefanHe
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Moin,

da mein Laptop (zwar betagt, aber durchaus nützlich) beim zocken, aber auch beim surfen, oft nicht mehr reagiert, habe ich Avira drüber laufen lassen und die Funde in Quarantäne geschoben.

Trotzdem reagiert der Laptop oft nicht und ich möchte gerne wieder ein sauberes System haben.

Leider reagiert Avira aktuell nicht, sonst hätte ich gerne die Funde gepostet.
Ich hoffe hier (mal wieder) auf Hilfe.

Vielen Dank

Alt 23.04.2016, 20:57   #2
M-K-D-B
/// TB-Ausbilder
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 23.04.2016, 21:14   #3
StefanHe
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Hi Matthias,
danke für die Hilfe.


Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-23 22:05:01)
Gestartet von C:\Users\Staples\Desktop
Windows 10 Home (X64) (2015-08-02 01:20:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1502668225-1892257724-3303000117-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1502668225-1892257724-3303000117-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1502668225-1892257724-3303000117-503 - Limited - Disabled)
Gast (S-1-5-21-1502668225-1892257724-3303000117-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502668225-1892257724-3303000117-1002 - Limited - Enabled)
Staples (S-1-5-21-1502668225-1892257724-3303000117-1000 - Administrator - Enabled) => C:\Users\Staples

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM\...\Steam App 30) (Version:  - Valve)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Haushaltsbuch 5.0 (HKLM-x32\...\{0E6C1531-9546-4153-9D88-689519385319}) (Version: 5.0 - Euchler Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{E7A3B455-76AD-423A-AE5E-F431C69BF2B0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.3.0 (HKLM-x32\...\{6B824BBF-D53C-4B61-BD66-D84734F145F8}) (Version: 1.3.0 - The Mumble Developers)
Music Manager (HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\MusicManager) (Version:  - Google, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - Ihr Firmenname)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warkeys 1.21.0.0b (HKLM-x32\...\Warkeys) (Version: 1.21.0.0b - )
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {2A7B3111-CA95-4031-AEBE-F8E78F591055} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {2D34A571-4CEC-421F-9378-CFB7FBCD5780} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {34AE0563-2C0C-441F-B688-908CC3065303} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {34BF107D-76F5-45AD-A9DD-3313F342FAE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {374703C8-047E-458E-A707-64ED95105CB7} - \HDvid Codec V1-updater -> Keine Datei <==== ACHTUNG
Task: {37522DE3-CD46-4659-A0FA-9ACA2B27868A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {388D3AC4-01BA-4663-9003-C0F3B7DDCF9A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {38F102F6-73BF-4552-A978-F529AEB166D0} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {3914F8FB-D065-44BA-ADFB-A266017A2A98} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {3D1F5DB5-186F-4BDE-87AD-C24E5576C1B2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3D46462C-CD47-4D47-B630-A827F78431E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {452475D1-F5A5-4BD8-9CCE-824B69FBFA48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA} - \ConfigFree Startup Programs -> Keine Datei <==== ACHTUNG
Task: {53BD5C85-07E8-4A3B-975B-CF63B0078021} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {54FC8C20-F3B3-405F-B5D3-2C297BCBBB95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {55A71768-B655-420A-B641-74DC7784B873} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {567F5A78-2F13-44C0-8F13-EFD9C5A76050} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {57CFA2A7-4180-456B-BF8A-A1CAC6D0FF5F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {5EC10D66-F719-4668-86C7-4CE76079A0C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {600A2786-3EDA-4639-B8CF-19A96B5D463D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated)
Task: {6F9C441D-CCCA-4CE0-8F2C-E9C5111740C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {71459263-08A6-43E0-B086-911E2AA8F233} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {76B30A95-2680-42E6-BC07-2AF24B1A6DF5} - \HDvid Codec V1-enabler -> Keine Datei <==== ACHTUNG
Task: {7998CF8D-D393-41ED-8499-9424214EAD15} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8350377D-88D4-4A82-8581-C3E3F5D702E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8AF38B8A-F573-4FD1-97FA-34C76E69408F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {94D7DAC8-D08B-4E54-AA90-4E816D264D74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {A0E8D8A4-582C-4A2F-90CC-FF163157F9ED} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {AA6B7129-EF76-4BCC-A791-2011AD059DF1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC9AFF9F-874B-4DC6-9A2E-37AE14FDBEC6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B02C24DE-42E0-45C3-8DCB-74F600BF51FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B28A4DF6-2185-42D2-B0A7-E0B90985A4F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B430142D-9787-4A1B-A30D-853E4F5EA53C} - \HDvid Codec V1-codedownloader -> Keine Datei <==== ACHTUNG
Task: {B45B70A8-461A-4044-88D2-DAAE989E045A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C1F73BFD-54A2-4477-9E0C-9757930AD47E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C2F99E66-9961-453E-AE82-927BB96932A5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C9E936DA-9486-4A23-8FF0-225CEA97CB40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {CA3E81D8-FC27-43E9-B52B-E784F76687EE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CF2FA2FF-1A46-4DE6-A460-C662304D48B7} - System32\Tasks\{428DD254-78FD-48CF-AFB3-2C3E7F513096} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="2M02-K09C-4652-C94K-5T44-HAM6-KX7M-078A-3X3C-L9TT-2W5U-821H-1C12-9810-A291-0000"
Task: {D98728C8-1886-465A-8839-A6CA5519CD38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {DB99FD54-021F-4A44-BD01-3FEB47A1DD02} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DBBE0970-979F-4DAD-BEBD-1871B5B13953} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E450177C-00C7-42B1-B73D-9D3E38CA19D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EBB5871C-28D0-44B3-81EE-11DC19349E85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {ECBB05AA-0B80-470E-9367-AE7504FB3970} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-31] (Adobe Systems Incorporated)
Task: {F107F1CF-52E4-4871-959E-200C438020FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FD9D15E4-1BE1-4205-A2A6-8D415DA064B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-08-02 02:52 - 2015-08-02 02:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-02 02:52 - 2015-08-02 02:52 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2010-04-06 14:53 - 2010-04-06 14:53 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00959176 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-11 22:14 - 2015-08-03 03:30 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-11 22:14 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-11 22:14 - 2015-08-03 03:08 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-11 22:14 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00679624 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [125]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys [1792]
AlternateDataStreams: C:\Users\Staples\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\Verlauf:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Documents\desktop.ini:gs5sys [3074]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-07-29 09:43 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Staples\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\startupfolder: C:^Users^Staples^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Battle.net.lnk => C:\Windows\pss\Battle.net.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GameXN GO => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3CA2Q7BT060F:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: MusicManager => "C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{DAB9098E-BCC6-43EA-914C-180FB28B1190}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [TCP Query User{251DD3FB-685E-4277-A791-97947ED3BBDC}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [{463D4E6D-28F7-4D94-A1EF-2AE3B45CC574}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{AE158F70-72C1-46F9-BA84-33C2EA6B3B3A}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{1DF298B3-BCA9-4322-BF0D-7E7A8D0411B3}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [{6BE7CCFD-90A5-47A6-98C0-D94F8828BEFE}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [UDP Query User{43046A62-F0A0-4B78-BC6D-73F1B01E7651}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{87291E13-B742-4A4A-AED6-D08F55710435}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [{BFE6636C-05E2-496D-83EB-354A37E72F72}] => (Allow) E:\FSetup.exe
FirewallRules: [{2F6F6651-43F1-45FE-8A9C-14AE9E829319}] => (Allow) E:\FSetup.exe
FirewallRules: [UDP Query User{E0D19048-7F9B-4F6A-91B7-1590A722B9B4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{78FCE144-CD62-460B-AA88-D6AC01C7055B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5A874BB2-6927-4F44-AE2F-4E3EA3A92D8D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F3921869-22F6-48EA-8FA0-2065F05EEE26}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C309552C-6031-4C74-8CFE-268AFE41FC91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F516593-A61A-4EBB-8DC7-9D4BD3A6339A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CAD7E71-0BD5-4A7C-9DBB-A1066D3C6A25}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{6DC5F174-9CCB-4632-AF90-D738CD1E5594}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{076E4404-43AE-4B3E-91B4-D17DA167A4E9}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{79128DD4-E18B-4A1D-A061-2F0ACB0A4CBE}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{A5C16E36-0195-4CE1-AB02-693C5900B83E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAE76957-0503-40B0-B2F3-8B0C9CBCBD4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33236DBE-44A0-48ED-91AF-01B34211077E}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D07EA77B-DED6-4010-99C5-BFA6E53C158F}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BCC5A689-B1ED-412A-B131-C003122C2F5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D90623C6-113B-469F-B20E-6667CFCCBBE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CF2A2CE-FC1A-4BA6-B8D6-CA8ED53E2855}] => (Allow) LPort=1900
FirewallRules: [{BDA74D07-EE95-44EB-BCA8-DAE09A7C4185}] => (Allow) LPort=7900
FirewallRules: [{3FF958D2-792D-4E41-945D-DFF5316E9344}] => (Allow) LPort=24234
FirewallRules: [{52C311B7-95FA-42CF-A667-B353CFF3CE01}] => (Allow) LPort=7679
FirewallRules: [{1564CB85-C992-4B74-B414-6CB4ED63B1FF}] => (Allow) LPort=7676
FirewallRules: [{05B80B2B-64CA-4120-AED3-FDC1C63268F8}] => (Allow) LPort=8643
FirewallRules: [{94C5872C-096D-45FE-A386-A704F37CCD41}] => (Allow) LPort=8743
FirewallRules: [{85D1FCA6-5AAE-40ED-BC8A-661A80BB825C}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0CDCC238-9293-4960-A01E-ADBC24DE2426}] => (Allow) LPort=5357
FirewallRules: [{E6C70617-CBAC-4EAE-8821-ED72246690C8}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{7A11A418-B75D-4C52-96DA-9CA4B8DD999A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{E81E2219-DCB7-40E3-9C0B-65EE6AB363AF}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{4B2CDB83-6F00-4483-9EC4-5DDEA19FA0AB}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{820B410A-B60B-46BC-B15D-A930CEC2752A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{1A50E5AF-C87D-4180-9BDD-1356CD48961F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{262DE6E1-3D09-4960-B0BD-452E77ED4E4B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{1886E3CF-BBAA-45BA-BDBF-DF68C5649FDA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{622BAA4C-8B46-4565-B206-E2786189BFCA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6389EC2A-ABC7-46A4-B4B6-79C2FEC0B024}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{16313845-2B0C-4CF9-A3A4-19C03180546F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{DD06D80F-7ACB-4661-8F85-699B83430D5A}] => (Allow) LPort=1900
FirewallRules: [{D6471186-80C3-43C1-84E3-742026E8539C}] => (Allow) LPort=2869
FirewallRules: [{70392273-5556-4955-B447-E97E32091F68}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{84DDAC82-808E-4E2D-9789-A52F53C0D4DC}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [TCP Query User{50C46697-1E82-4C15-9E29-B1A32888100E}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [UDP Query User{E5048485-2062-4C31-AC52-00DCEC838ACB}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [TCP Query User{23A89A76-ED93-43B5-8B46-17A9B4C72C2F}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [{974C9DC9-9006-4816-8119-CA81896AAA61}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{17EB269A-3379-47DF-B6B9-9499EA3D64DD}] => (Allow) svchost.exe
FirewallRules: [{AC3A1281-9F11-429D-ADFD-D6D233994896}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{485D1D0E-997B-4638-B1CF-57A62F63A6FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04E04B5C-DE15-460A-914A-A5B081BD09C2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9BE9D350-3FA7-420B-AAD5-56F5F27AB135}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DEF5B45F-AF3C-4AB4-891C-F2C91B263928}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{05C1E0E9-3DEA-440C-BD56-17C383E892B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E52537E4-F94C-4C42-B831-1F656622A8CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7BF7CD7-6A47-4FC6-AFFF-7A8DB6844C2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A860695-8579-416A-A287-40C07810B5BE}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [UDP Query User{6B00BD4E-D83B-4199-BF07-A93E703B642B}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [TCP Query User{6081101E-1662-45E3-97DC-A46F1856706C}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [UDP Query User{92F466A6-9A25-459E-82D3-C6D2B2AC43C1}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [TCP Query User{839A40D7-5698-45A5-AEC4-E880FC49092E}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{BB8B1D12-AAE0-4DE7-98E5-ED54A144FDB6}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{5A85E686-28AD-40A9-AD95-0AB1053FAB9C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{9056D4F4-F01C-40EA-B5C0-325981AD555C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{075F0F34-0735-46B8-8665-55A38DCBB6F4}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [UDP Query User{C75B5420-C5D6-4C49-A150-E68C2BB76418}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [TCP Query User{31F80D6F-AEF1-4457-819E-786C7090118D}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{C0F385F3-870D-4B35-AAB2-F5D43D48C33C}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{EE979479-45C4-459C-887E-C2E698DF3D85}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E04E306A-36DD-459B-ABEC-3D2B65388F3A}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{D5BBB418-E1FF-4F0D-808F-03F8C93F1389}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4781C4DA-2B16-4012-875F-A5E91EA891F3}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{F4E51C64-B712-4C49-8607-2D1F80E314F6}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [UDP Query User{1E67D163-DC92-4131-9178-206AA862968B}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [TCP Query User{91008239-45AF-45C7-876E-C2CC8F1AECD9}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe
FirewallRules: [UDP Query User{08768379-FEF5-42D1-BB62-FDB41C2153A0}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Stefan Hellma (Galaxy 
Description: GT-I9505
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Samsung Electronics Co., Ltd.
Service: WUDFWpdMtp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/23/2016 09:23:32 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (04/23/2016 09:23:32 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (04/23/2016 09:23:22 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (04/23/2016 09:23:22 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (04/23/2016 09:23:11 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (04/23/2016 09:23:11 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (04/23/2016 09:23:01 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (04/23/2016 09:23:01 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (04/23/2016 09:22:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (04/23/2016 09:22:51 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.


Systemfehler:
=============
Error: (04/23/2016 09:58:20 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (04/23/2016 09:58:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/23/2016 09:21:17 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (04/23/2016 09:05:08 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/23/2016 07:11:03 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x100000004ba46. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/23/2016 07:07:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde nicht richtig gestartet.

Error: (04/23/2016 07:07:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde nicht richtig gestartet.

Error: (04/23/2016 07:04:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/23/2016 07:04:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.

Error: (04/23/2016 07:04:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


CodeIntegrity:
===================================
  Date: 2016-03-17 00:34:13.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-14 08:44:09.391
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 22:12:58.712
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-06 16:59:53.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 23:08:44.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-28 21:20:12.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-26 16:56:32.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-23 20:21:56.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-23 09:00:54.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-23 09:00:54.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 3954.67 MB
Verfügbarer physikalischer RAM: 2064.35 MB
Summe virtueller Speicher: 7922.67 MB
Verfügbarer virtueller Speicher: 5840.73 MB

==================== Laufwerke ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:41.92 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:145.24 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40D49AEE)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Staples (Administrator) auf STAPLES-TOSH (23-04-2016 22:03:27)
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples (Verfügbare Profile: Staples & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [Google Update] => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [MusicManager] => C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk [2016-02-29]
ShortcutTarget: Warkeys Update.lnk -> C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
BootExecute: autocheck autochk /p \??\C:autocheck autochk /m /P \Device\HarddiskVolume2autocheck autochk /m /f \Device\HarddiskVolume2autocheck autochk * 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{214a7604-97a2-44e4-9116-57a232caae45}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e151f280-f994-498c-b104-4491eea55f73}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {4FEE286E-218C-4BF0-B386-BA499B29169B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {D1F998F5-B874-47D1-BDDD-B50E44A73288} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857
FF DefaultSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-31] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\searchplugins\bildde.xml [2015-12-13]
FF Extension: Adblock Plus - C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]

Chrome: 
=======
CHR Profile: C:\Users\Staples\AppData\Local\Google\Chrome\User Data\default

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-08-02] (Broadcom Corporation.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-17] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-08-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 MWAC; \??\C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-08-20] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-08-02] (Toshiba Corporation)
U5 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [212072 2009-09-24] (TOSHIBA CORPORATION)
U5 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50664 2009-06-19] (TOSHIBA Corporation)
U5 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94336 2009-06-19] (TOSHIBA Corporation.)
U5 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63856 2009-08-05] (TOSHIBA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-23 22:03 - 2016-04-23 22:04 - 00020981 _____ C:\Users\Staples\Desktop\FRST.txt
2016-04-23 22:03 - 2016-04-23 22:03 - 00000000 ____D C:\FRST
2016-04-23 22:02 - 2016-04-23 22:03 - 02375680 _____ (Farbar) C:\Users\Staples\Desktop\FRST64.exe
2016-04-23 21:58 - 2016-04-23 21:58 - 00016148 _____ C:\WINDOWS\system32\STAPLES-TOSH_Staples_HistoryPrediction.bin
2016-04-20 12:03 - 2016-04-20 12:03 - 00000000 _____ C:\WINDOWS\SysWOW64\shoE1C4.tmp
2016-04-19 00:09 - 2016-04-19 00:09 - 00000000 ____D C:\Users\Staples\Documents\Diablo II
2016-04-19 00:07 - 2016-04-19 00:09 - 00000717 _____ C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2016-04-19 00:07 - 2016-04-19 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-04-18 23:25 - 2016-04-18 23:25 - 02771704 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_deDE.exe
2016-04-18 23:12 - 2016-04-18 23:13 - 02689174 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
2016-04-15 20:41 - 2016-04-15 20:41 - 00000017 _____ C:\WINDOWS\SysWOW64\shortcut_ex.dat
2016-04-12 21:11 - 2016-04-15 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-08 21:43 - 2016-04-08 21:43 - 00016622 _____ C:\Users\Staples\Desktop\Sobri.odt
2016-04-03 07:37 - 2016-04-03 07:37 - 00275040 _____ C:\WINDOWS\Minidump\040316-38109-01.dmp
2016-03-28 21:07 - 2016-03-28 21:07 - 00000218 _____ C:\Users\Staples\Desktop\Day of Defeat.url
2016-03-28 20:14 - 2016-03-28 20:14 - 00000000 ____D C:\Users\Staples\AppData\Local\Steam

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-23 22:01 - 2014-01-18 21:26 - 00000000 ____D C:\Users\Staples\AppData\Local\Battle.net
2016-04-23 21:39 - 2014-08-04 23:59 - 00001154 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job
2016-04-23 21:32 - 2016-01-10 22:13 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-23 20:39 - 2014-08-04 23:59 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job
2016-04-23 19:32 - 2016-01-10 22:13 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-23 19:20 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-23 19:18 - 2014-01-18 21:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-23 19:03 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-23 16:28 - 2015-10-30 21:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-23 16:12 - 2015-12-12 21:58 - 00000000 ____D C:\WINDOWS\Panther
2016-04-23 16:06 - 2014-01-18 21:34 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-23 15:52 - 2014-07-22 18:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-23 15:44 - 2014-08-15 21:33 - 00049536 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\agremove.exe
2016-04-23 15:42 - 2015-08-02 01:59 - 00017920 _____ C:\WINDOWS\system32\rpcnetp.exe
2016-04-23 10:42 - 2014-12-08 22:53 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-04-23 09:31 - 2010-10-31 01:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE5EF183-990B-42DC-8793-FA5A454ADFA0}
2016-04-23 06:24 - 2015-08-02 02:11 - 00000000 ____D C:\Users\Staples
2016-04-22 21:51 - 2015-08-02 03:25 - 00002400 _____ C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-22 21:51 - 2015-08-02 03:25 - 00000000 ___RD C:\Users\Staples\OneDrive
2016-04-22 21:04 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-22 20:04 - 2015-08-02 02:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-22 15:46 - 2015-09-03 20:13 - 00001218 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-22 15:46 - 2015-08-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-20 12:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-19 00:14 - 2011-09-22 17:56 - 00000618 _____ C:\BnetLog.txt
2016-04-19 00:09 - 2010-10-29 17:20 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-04-17 22:22 - 2014-01-18 21:17 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Mumble
2016-04-16 22:27 - 2010-11-01 16:50 - 00000000 ____D C:\Users\Staples\AppData\Roaming\TS3Client
2016-04-15 20:39 - 2013-12-27 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 23:02 - 2013-08-15 01:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 22:56 - 2010-10-31 19:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-11 17:51 - 2015-08-02 02:09 - 00007412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-11 17:51 - 2015-07-10 18:34 - 01165958 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-11 17:51 - 2015-07-10 18:34 - 00279796 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-08 21:43 - 2014-07-05 10:58 - 00000000 ____D C:\Users\Staples\Desktop\JTP
2016-04-06 20:32 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 07:37 - 2015-08-02 17:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-31 22:57 - 2012-12-25 11:58 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-31 20:28 - 2012-12-25 11:58 - 00003876 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-30 20:47 - 2014-12-27 00:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-03-28 21:07 - 2014-07-22 19:35 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-25 22:17 - 2016-03-21 00:26 - 00000000 ____D C:\Users\Staples\Desktop\Tomb Raider II

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-10-31 19:55 - 2010-10-31 19:55 - 0000095 _____ () C:\Users\Staples\AppData\Local\fusioncache.dat
2014-08-01 23:59 - 2014-08-01 23:59 - 0016958 _____ () C:\Users\Staples\AppData\Local\gem.ico
2014-08-01 23:59 - 2014-08-01 23:59 - 0127112 _____ () C:\Users\Staples\AppData\Local\mybet.ico
2014-03-29 01:34 - 2014-11-18 20:59 - 0007607 _____ () C:\Users\Staples\AppData\Local\Resmon.ResmonCfg
2014-06-17 15:35 - 2014-06-17 15:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-02 12:45 - 2010-11-02 12:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-12-07 00:47 - 2015-12-07 00:47 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Einige Dateien in TEMP:
====================
C:\Users\Staples\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-18 23:41

==================== Ende von FRST.txt ============================
         
__________________

Geändert von StefanHe (23.04.2016 um 21:20 Uhr)

Alt 23.04.2016, 21:17   #4
StefanHe
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Code:
ATTFilter
22:15:24.0248 0x145c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:15:26.0529 0x145c  ============================================================
22:15:26.0529 0x145c  Current date / time: 2016/04/23 22:15:26.0529
22:15:26.0529 0x145c  SystemInfo:
22:15:26.0529 0x145c  
22:15:26.0529 0x145c  OS Version: 10.0.10240 ServicePack: 0.0
22:15:26.0529 0x145c  Product type: Workstation
22:15:26.0529 0x145c  ComputerName: STAPLES-TOSH
22:15:26.0529 0x145c  UserName: Staples
22:15:26.0529 0x145c  Windows directory: C:\WINDOWS
22:15:26.0529 0x145c  System windows directory: C:\WINDOWS
22:15:26.0529 0x145c  Running under WOW64
22:15:26.0529 0x145c  Processor architecture: Intel x64
22:15:26.0529 0x145c  Number of processors: 4
22:15:26.0529 0x145c  Page size: 0x1000
22:15:26.0529 0x145c  Boot type: Normal boot
22:15:26.0529 0x145c  ============================================================
22:15:26.0576 0x145c  KLMD registered as C:\WINDOWS\system32\drivers\41952443.sys
22:15:26.0857 0x145c  System UUID: {88AB3D5C-8AA2-5A06-C7E5-DEA68E409D3C}
22:15:27.0389 0x145c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:27.0389 0x145c  ============================================================
22:15:27.0389 0x145c  \Device\Harddisk0\DR0:
22:15:27.0389 0x145c  MBR partitions:
22:15:27.0389 0x145c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D1C3000
22:15:27.0389 0x145c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D28B800, BlocksNum 0x1D0FA800
22:15:27.0389 0x145c  ============================================================
22:15:27.0420 0x145c  C: <-> \Device\Harddisk0\DR0\Partition1
22:15:27.0467 0x145c  D: <-> \Device\Harddisk0\DR0\Partition2
22:15:27.0467 0x145c  ============================================================
22:15:27.0467 0x145c  Initialize success
22:15:27.0467 0x145c  ============================================================
22:15:32.0795 0x1b6c  ============================================================
22:15:32.0795 0x1b6c  Scan started
22:15:32.0795 0x1b6c  Mode: Manual; SigCheck; TDLFS; 
22:15:32.0795 0x1b6c  ============================================================
22:15:32.0795 0x1b6c  KSN ping started
22:15:35.0092 0x1b6c  KSN ping finished: true
22:15:35.0779 0x1b6c  ================ Scan system memory ========================
22:15:35.0779 0x1b6c  System memory - ok
22:15:35.0795 0x1b6c  ================ Scan services =============================
22:15:36.0014 0x1b6c  [ 22CE801AD25C51E2553F41A076BB0CB2, 0520216417F1619FB642734EC937C59D5E79A24306C1E9B793C82FAE077851E6 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
22:15:36.0061 0x1b6c  1394ohci - ok
22:15:36.0092 0x1b6c  [ 2C49A2441EBB24C6ACFB524C1459115F, 0ABACB6F21C41C0297994E61F1BFABB3905AF6B569D0446FE8E174EB9225B8EF ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
22:15:36.0108 0x1b6c  3ware - ok
22:15:36.0170 0x1b6c  [ B87D3D07FE6F15328C6860D542F0E2BD, 46CF069EDD7DBFB4DB800BABA3081DAB363DD2CFD724AFF5916D3419F62A3574 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
22:15:36.0201 0x1b6c  ACPI - ok
22:15:36.0233 0x1b6c  [ 1E3C4EDBB7F3F668B7205E351010BB79, A3CA12F72836C4F77B671264828B370B9EBA9CD71110E2C0514994760B6B12FF ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
22:15:36.0248 0x1b6c  acpiex - ok
22:15:36.0264 0x1b6c  [ 13B1C26AEDCB40082CDD97506F968129, 883442206B4C60AA493E84CC3037B6C1568441E1F43D2B1FCBFD8D87D135D511 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
22:15:36.0279 0x1b6c  acpipagr - ok
22:15:36.0311 0x1b6c  [ B3D64FF927D611721DA73A61BF3A18B3, 96B51AFDC3078B5088AAF66F0CF3E07D2FCBBC84A19D309A25DF0A5C6CECB958 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
22:15:36.0326 0x1b6c  AcpiPmi - ok
22:15:36.0358 0x1b6c  [ 19F793B2203D94AC1F8AEDB08B494E2E, DC98CCF9935E1F1C32FA88575A9A678B74916EFF48E39A64CF1FF92232F64A52 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
22:15:36.0373 0x1b6c  acpitime - ok
22:15:36.0467 0x1b6c  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:15:36.0467 0x1b6c  AdobeARMservice - ok
22:15:36.0639 0x1b6c  [ A9D55370A0CBADD1E1E2B4796ACD26DF, 9FD0C2B1206321B34D97FF3D01C5C811022DA76DA667DB6ECCF2746437A706A2 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:15:36.0654 0x1b6c  AdobeFlashPlayerUpdateSvc - ok
22:15:36.0764 0x1b6c  [ 2A24E10C1A1DE0E0035E353EED494A1C, CBBFA86578BE74CAADDCA923D65E3BFFC57BC17B887936ADE5C6952530546A22 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:15:36.0795 0x1b6c  ADP80XX - ok
22:15:36.0858 0x1b6c  [ 6C12C7E01A4F64E0AA9C88AF66955CC9, 81A413702909341F8694823EC83FBA0089523D7EC927B80E55E0779BB83AD263 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
22:15:36.0873 0x1b6c  AFD - ok
22:15:36.0920 0x1b6c  [ EF09D07626820F7F89519514C17FE768, C3EC1DC163CD5946270ED876CD414889BBF2C586A8AF5DC7825FA5D77001E827 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
22:15:36.0936 0x1b6c  agp440 - ok
22:15:36.0967 0x1b6c  [ 8A289EF0721F95267BF2404BABEE146D, E263D258F03DF3BB405D49AE7230C37E7EB8F392FDEE48059C7C1E3709520D35 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:15:36.0998 0x1b6c  ahcache - ok
22:15:37.0030 0x1b6c  [ C301499987AF909258774AE9DC5778BB, 3ED539C999847116AE9DB9C8C5A34AB09703BAE3018E1EAF6DBC779BB6736F32 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
22:15:37.0045 0x1b6c  AJRouter - ok
22:15:37.0092 0x1b6c  [ DD69535D379F9E40AD0D6002887AAA99, 579DD18CE2B264B4058C6069B8AEE6FD9FE6A882B7DA19E300DFE40B37A4E5BE ] ALG             C:\WINDOWS\System32\alg.exe
22:15:37.0108 0x1b6c  ALG - ok
22:15:37.0155 0x1b6c  [ BBADD85854BFB5D43C60B7AC8EEA3DBA, 968C043ABEA46F5C79525863B3FE2681AC0FA4202036C9EFD20B408DECF407E2 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
22:15:37.0186 0x1b6c  AMD External Events Utility - ok
22:15:37.0201 0x1b6c  [ 6763084E8322A4876D1613854640F914, 89EEEB47517A9964FA799821E5E45BDD6009EBDC628D6DADE6A7F03DE7CDA6CD ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
22:15:37.0217 0x1b6c  AmdK8 - ok
22:15:37.0248 0x1b6c  amdkmdag - ok
22:15:37.0295 0x1b6c  [ 17BA5C907E14947574CBB788F4CEB85F, EAA3DBF436637C58666A91905E388287FC54334EBB2589A00727EB09AC4870E3 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
22:15:37.0326 0x1b6c  amdkmdap - ok
22:15:37.0358 0x1b6c  [ DE29D8AB57AD67D4940CAB4A48B3E230, 4E92AFCD9107573DAB8E65AC6318E4B8851DCCBE17E135DFF8CF5733210B52E6 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
22:15:37.0373 0x1b6c  AmdPPM - ok
22:15:37.0405 0x1b6c  [ 4C1F9BBAF5CCD76D4642F3B92B97B454, 514CCAA8B586B1019658BE101046386EB727AD48D7913AEF9A168763E91F0DE5 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
22:15:37.0420 0x1b6c  amdsata - ok
22:15:37.0451 0x1b6c  [ F8195C1A15955180DD663E7FF4C2F6DD, F3C0C6B38FB9478217EE25EBDBDF7A18F01B97655BC38373E70E71171705D5E9 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
22:15:37.0467 0x1b6c  amdsbs - ok
22:15:37.0483 0x1b6c  [ DD2F5BBCFAC4D8E48DB1A95A7EEBFF08, 619E3106072C6F785144D785C4AFB4C607CAF7ED29AAA4A1411BE262E62B7ADE ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
22:15:37.0498 0x1b6c  amdxata - ok
22:15:37.0670 0x1b6c  [ 37CD9EB03B36D8329F96BA921470DB54, 0CD3BFBA51F84D83E3B208D2BED7CE8E91B447B2037014663EC7CB8E5A925201 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
22:15:37.0717 0x1b6c  AntiVirMailService - ok
22:15:37.0780 0x1b6c  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
22:15:37.0795 0x1b6c  AntiVirSchedulerService - ok
22:15:37.0858 0x1b6c  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
22:15:37.0873 0x1b6c  AntiVirService - ok
22:15:37.0951 0x1b6c  [ 1F5CC3C23E10290A3FF9CAA74AA30D07, A4F1F3465A5E0A914EE5A4FEF4A6B639956BA04B7145EF68820BC2A15DEE4162 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
22:15:37.0998 0x1b6c  AntiVirWebService - ok
22:15:38.0061 0x1b6c  [ E4AFE476D9F758514A8A571DF6A24372, A37055A2CDB577CC8B76D4B020924A6C68D94166C1C9A64F7C0E9E16692709FC ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
22:15:38.0076 0x1b6c  AppHostSvc - ok
22:15:38.0108 0x1b6c  [ 46AAF119090573A80D603745582229ED, 8D7C4AED66DD32A104965DC23D17C0815CD1BE2E3D52375C1A63863664EE174F ] AppID           C:\WINDOWS\system32\drivers\appid.sys
22:15:38.0123 0x1b6c  AppID - ok
22:15:38.0155 0x1b6c  [ 24315B385F515D6D5476757EAFD62633, CE645397BF43CC54B864A0E4FCB86F76C10B9C2D2482E85DBBE15EF7BF045F17 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
22:15:38.0186 0x1b6c  AppIDSvc - ok
22:15:38.0201 0x1b6c  [ 2CE396457D5C18F034D243EC7E159010, DDF588A568DF5EAE058DF315535BD746760363E2242EF8C705F8DCBA2D5DA4A7 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
22:15:38.0217 0x1b6c  Appinfo - ok
22:15:38.0248 0x1b6c  [ A8AC0B8ED134888731D1A1BCEF930FA1, 917D2C99CB28C5F20BA386148B6A93541AEF900A9A99D310D732B501322945E5 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
22:15:38.0280 0x1b6c  AppReadiness - ok
22:15:38.0373 0x1b6c  [ 685EBF5E358AC2CA03AB404AE084F5B1, 7398D524207ECD35ADF891DD83BC57C111CC74EA3AAB6D11F9A3B195C400A70B ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
22:15:38.0467 0x1b6c  AppXSvc - ok
22:15:38.0498 0x1b6c  [ 0756EECAC010BE449D07502DF27E7701, 6A895CA80050D021DB5E130102F626027339A22673B7C15C51A375C0401F03D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
22:15:38.0514 0x1b6c  arcsas - ok
22:15:38.0608 0x1b6c  [ BD63768F58666341BE007DAA21B3A063, 1D6112E97042E19E4D916AA22F8AEB7FCC2F36CA45F55049D77042DAF3B8847C ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:15:38.0623 0x1b6c  aspnet_state - ok
22:15:38.0670 0x1b6c  [ A5792F971EFE86B7F56EE7299ED1082B, 82DCD15E2C9D8A3EA663941C9CE73020FEEF2F91354D0BB51E8A142AA1E30217 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
22:15:38.0686 0x1b6c  AsyncMac - ok
22:15:38.0701 0x1b6c  [ 8921DF6060DB5C7700AA48CB12E9EA08, 8F18841B454CDE4926C50B23F818D00ECE0AE884DB198E396445CB44CB39B2C4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
22:15:38.0701 0x1b6c  atapi - ok
22:15:38.0748 0x1b6c  [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
22:15:38.0764 0x1b6c  AtiHDAudioService - ok
22:15:38.0811 0x1b6c  [ 240FF83DD79546B26F187FAB20F83864, C4DC0159016B4A4630357131E614814C068D07BEA94AAF6393E882A78C9FCA1E ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:15:38.0842 0x1b6c  AudioEndpointBuilder - ok
22:15:38.0905 0x1b6c  [ 5D6D5DA39A402AE7B05047781699ABDE, E3E4A7BA6E92190F9D9D6AD9AE084E293D2E271089CA78503AD72D7F39492459 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
22:15:38.0967 0x1b6c  Audiosrv - ok
22:15:38.0998 0x1b6c  [ 5CF5E80616F74B769AABCF76FEA791D1, CA56643D41DB4E139FE85098DCD67187AAC126CE2414276364A97334E15F9F53 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:15:38.0998 0x1b6c  avgntflt - ok
22:15:39.0030 0x1b6c  [ 8AC3D6C2E2B0B22E918817A96DA4875E, AE6FB86A09373918DD7FA7E19DA9B2915AAAE6DDF5939245F44B5512E3710E1B ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:15:39.0045 0x1b6c  avipbb - ok
22:15:39.0123 0x1b6c  [ 8B86696A7030DDBD85B64621BD5B9C44, 9C22C8C5AC39A7138A669A6C4CA9753A6D2F21CFDFB8A1F1A34CB0AFC9DA9F0D ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
22:15:39.0139 0x1b6c  Avira.ServiceHost - ok
22:15:39.0170 0x1b6c  [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:15:39.0186 0x1b6c  avkmgr - ok
22:15:39.0233 0x1b6c  [ 02488D56FE0DB002CE3B1E120A0ED889, 487067731C2CA1BA8A1CF1C403C2342C153E6BE0CE9B003D914D9647059EFDBD ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
22:15:39.0233 0x1b6c  avnetflt - ok
22:15:39.0264 0x1b6c  [ 2F7F80543129210CA75995D0DCA488E8, 353E598FF26FA363C02A2B44BA8D7D1ED97B8AC8C69F1B5C5D521BD0D5D5AB94 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
22:15:39.0295 0x1b6c  AxInstSV - ok
22:15:39.0342 0x1b6c  [ 00D64E82900E4EC9062805ED87C2D75A, 577110F9A7C6C2C4CF86FFF4F60E23F61623ED325FC950033900A5102754A677 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
22:15:39.0358 0x1b6c  b06bdrv - ok
22:15:39.0389 0x1b6c  [ 5164A66EC1565711A7B4CF2F143B4979, DA29F0FB63F3EB2BF92D51FEB4BB7D2B964553D2F634556325953927464CB3A5 ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:15:39.0420 0x1b6c  BasicDisplay - ok
22:15:39.0436 0x1b6c  [ F4C58BBF2972BD84C73F6A14CA35AC4E, B7A226EB861B63ACF4BF9B5A331ACA6FFC9B787DCCAA7697EEFC4F634508A6D5 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
22:15:39.0451 0x1b6c  BasicRender - ok
22:15:39.0498 0x1b6c  [ F8FE7E12F8151E0A17C23CF840599F9A, 5D1AA3A5DAC08B521A7BE775F32434AFF1F5F19B69CD16D2D94B0D399E61C371 ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
22:15:39.0514 0x1b6c  bcbtums - ok
22:15:39.0780 0x1b6c  [ 0D18E63714387277DDBBAE762F7C4317, D7AD836BE80756E0A99B753B502AFA4CECAD15747052D17D4060D6553F939F6C ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys
22:15:40.0045 0x1b6c  BCM43XX - ok
22:15:40.0217 0x1b6c  [ ACB44407FF63C3A5A22AB5782F209604, 86BE221F07EB49D2149710CCCE4F0C24677560FEFD41F093C6D2BA0C962CF5C3 ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
22:15:40.0280 0x1b6c  BcmBtRSupport - ok
22:15:40.0311 0x1b6c  [ 25349D0B334E528667980948ED107D89, 70EF9D3B8DCAC6E9720C6F3EBC77392FADC182A6925F9024FE30A21321E0137F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
22:15:40.0326 0x1b6c  bcmfn2 - ok
22:15:40.0358 0x1b6c  [ DF78B56EEE6004DEE8CE57763128075E, 5758CAF4B0182F3F2E2508B3BB58B0271F2689808D09675B2753FE373D1D77D2 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
22:15:40.0389 0x1b6c  BDESVC - ok
22:15:40.0436 0x1b6c  [ 1E8A9267F8886803AAE02982FC1B5BC4, 655DF84E037BD6E582A6BA89737A4388956219171AF7253D126E54A23F16BE59 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:15:40.0451 0x1b6c  Beep - ok
22:15:40.0498 0x1b6c  [ 7FAFFFC4C59F5010D6E7CEA152076B92, 945FD6C04E109D4E5A4164BAA9A8120EC85AB809555AAD83E61B9F179F976FD7 ] BFE             C:\WINDOWS\System32\bfe.dll
22:15:40.0514 0x0154  Object required for P2P: [ 37CD9EB03B36D8329F96BA921470DB54 ] AntiVirMailService
22:15:40.0545 0x1b6c  BFE - ok
22:15:40.0608 0x1b6c  [ BD60F5633F6BD617D9ECCA3FFDC0D37E, 2F0DECAEB7096CD628387263381E123C883F483BD87F7F2BA6DEFBB5A184BAA3 ] BITS            C:\WINDOWS\System32\qmgr.dll
22:15:40.0702 0x1b6c  BITS - ok
22:15:40.0733 0x1b6c  [ C9FD65687EF89715999C582D3E568812, 42BA59A78A47C510CB2AFDC6C6080B33F9F611F84FEE5262DFF16D7633C50EB1 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
22:15:40.0764 0x1b6c  bowser - ok
22:15:40.0811 0x1b6c  [ EB4F4B88DF20C7B134F33A64EFD56BED, 7C32485FDDEEA23760DF24FC9576FBA11330C5BBA9053869FDAA9AD8A16B1610 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:15:40.0858 0x1b6c  BrokerInfrastructure - ok
22:15:40.0889 0x1b6c  [ 2AAD720B32904B97EDD8C3211344F79E, 41B1AEA5FAA48033B2581E18D68EFC986C3D65B383847E250C054CE3133A893C ] Browser         C:\WINDOWS\System32\browser.dll
22:15:40.0920 0x1b6c  Browser - ok
22:15:40.0952 0x1b6c  [ F8DD3B0EAC1EF1D087AE47E5819540AC, 866C951B52E3202AC89552AEA72A45123367199335578F03815E2ED55DA2FDAE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:15:40.0967 0x1b6c  BthAvrcpTg - ok
22:15:41.0108 0x1b6c  [ 74C9D52F3F594529465E18B2BFF80487, F1ECD8B730AD8B90673735FD6D2D9F6F0754F8BAB7135B16A41128145D5F9377 ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:15:41.0139 0x1b6c  BthEnum - ok
22:15:41.0170 0x1b6c  [ 647E2A425AD43637EAA01096A58B7089, 8F76D024FEBCBA1AC54363133DE1E0DD5B9D696E5E688EFEBC3B79F7F1B9C568 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
22:15:41.0202 0x1b6c  BthHFEnum - ok
22:15:41.0248 0x1b6c  [ B95040CAD3434D9EE003065363A0FAFF, D441E0676EA1AE1ABC305732024311CA59715E6763B3D7ADB728DEEFC403E182 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
22:15:41.0264 0x1b6c  bthhfhid - ok
22:15:41.0311 0x1b6c  [ F334BF7B0737CEB3B6822631EAD55A87, 4E5AEB1F8E109BA01A5D1CDE2E3C677FF07F2AFE8B195CB5F82AA28816D2060E ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
22:15:41.0342 0x1b6c  BthHFSrv - ok
22:15:41.0373 0x1b6c  [ 29AEE352AED4FCD2191436D263D75347, 3D21262EA26BF423BFA4A9146E53F8B036B2A1157DBE91A11C5603AF7A670B6F ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
22:15:41.0389 0x1b6c  BTHMODEM - ok
22:15:41.0420 0x1b6c  [ 38C97371F058E889F730BF35530732F4, 7CD16DF9C51D40CF80392E6DF444D6F5546B0E8B6A6DAC6DFD70BB45E014FA27 ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
22:15:41.0436 0x1b6c  BthPan - ok
22:15:41.0483 0x1b6c  [ 91DC04363515659BD7D5752664E0CEB1, F5A865E563969E2AD1FE69AA8FF5FD18489F2BE4C17EB2DA6FC3C1CE6945364B ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
22:15:41.0530 0x1b6c  BTHPORT - ok
22:15:41.0577 0x1b6c  [ 26DD0127A05B333E36316E6EA9A6AAE2, A2DC4483FF5639EE8DD315AB2989865CA6A6992C578FD7F7D31698A015355941 ] bthserv         C:\WINDOWS\system32\bthserv.dll
22:15:41.0608 0x1b6c  bthserv - ok
22:15:41.0702 0x1b6c  [ 5866AE46EEF644E6DE5C95942AE419D7, 0726C0845D2BA4247AB26ACF05006F6FA96015158CD49795801BB906DA80C007 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
22:15:41.0717 0x1b6c  BTHUSB - ok
22:15:41.0748 0x1b6c  [ BC279FCEE9FC8CBF991D5DE539771AA9, 5DE007672BFBFA78C44CC08251F495420402AFF4AD01541AA84AD37BD4A58190 ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
22:15:41.0764 0x1b6c  btwampfl - ok
22:15:41.0780 0x1b6c  [ F34AD5A9F944D91BD285D1C29EEECB2B, 2EDA8C481B7F7F49AC8399485AE7C2D182568EE2E62394DC78C9A821ADAEA5EC ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
22:15:41.0795 0x1b6c  buttonconverter - ok
22:15:41.0811 0x1b6c  [ A10A1E05A943B10ECE5D57D131B7404D, 71BB816B6841001A4305DF1814926B639265E91895CA5D06284B0970E40CE386 ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
22:15:41.0827 0x1b6c  CapImg - ok
22:15:41.0842 0x1b6c  [ F2829DC6D292DCAC5029893BB2E9FEE3, AF2A25722D3BE37BABD1F6668786AAF39E9D6CA18CE8E845E63266E218C64526 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:15:41.0858 0x1b6c  cdfs - ok
22:15:41.0905 0x1b6c  [ F3A9E38AE23AD4015764AF89E4AE3519, 57ED6AC834177E128720FEC5B5793F35C7C36474E2D787F182B6730933222CC9 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
22:15:41.0920 0x1b6c  CDPSvc - ok
22:15:41.0952 0x1b6c  [ CA160E02F35A61C6F5C681FB4669C519, E6BC66156EE226F16804C4FDC8A60EB15CE6212EAFB9FB841FAC899979E140E2 ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
22:15:41.0967 0x1b6c  cdrom - ok
22:15:41.0998 0x1b6c  [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
22:15:42.0030 0x1b6c  CertPropSvc - ok
22:15:42.0045 0x1b6c  [ 60D7D304DF75DFF6A46CF633F583B592, 4141D8D1C6FE829C02053DA91AC6B0628BDEB3322CAAD4AD958190F9D173340E ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
22:15:42.0061 0x1b6c  circlass - ok
22:15:42.0077 0x1b6c  [ FF9D4BCE19E5D36CB3A845A3286DA6C3, A0E2C38D629359EEC6F8EEC6F92A3E571AEF018BAF259F395DC497ED4827460B ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
22:15:42.0092 0x1b6c  CLFS - ok
22:15:42.0155 0x1b6c  [ 5C4648673693724C8D4A1A92E1AA06E6, 5D548241715687BFA52E40B867EF73CB45D01B7F9A9B7F00B92BF2B4C97BE1D0 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
22:15:42.0186 0x1b6c  ClipSVC - ok
22:15:42.0233 0x1b6c  [ 8EBA63416EC166EBA6EF6D34A505D8C8, 5EB0236ABEA2277B71D9F009DA71934C618606B20BBEC07B8595195E40C12A2B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
22:15:42.0249 0x1b6c  CmBatt - ok
22:15:42.0295 0x1b6c  [ 3B64DA873CEA5BEC42570BFF1054A014, 3649B25855CB9BE5BA3B3FEE4221575381FB2D488B8B050B5DD0088386AA0F7B ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
22:15:42.0327 0x1b6c  CNG - ok
22:15:42.0358 0x1b6c  [ 5EEA0856000F81B3D709BC81B3AA1EF2, C04E4E31D3FC38102BA410D312F58AF848920EE37004A5C306D79229C9B6079A ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
22:15:42.0373 0x1b6c  cnghwassist - ok
22:15:42.0452 0x1b6c  [ 74CD3BF688E2B408227FE012A2F2D8ED, CC01AC79CEB9DC94FA5675D66F048928C9968B8944E34F5482A73C14B70EE8A8 ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
22:15:42.0467 0x1b6c  CompositeBus - ok
22:15:42.0483 0x1b6c  COMSysApp - ok
22:15:42.0514 0x1b6c  [ D38774D1D383A2CDB9A4F64B7206913B, 6CDDC46D1D431342F00CA537FC327B23B8AA4D513CEEEE61F3E19C77975DF9C8 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
22:15:42.0530 0x1b6c  condrv - ok
22:15:42.0592 0x1b6c  [ 5C2C63BC5CE4A753C16CED512F91A04D, 4ACFA702B4CD7E30525D9595533E6B8EACBFF7F38EE7A05E8AC087BB229AD9D4 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
22:15:42.0623 0x1b6c  CoreMessagingRegistrar - ok
22:15:42.0670 0x1b6c  [ 35DB06AACD8AD5999161DA71FF0E16F0, 22AD27811AAD14666ACEF4115447B0CFAA70D1E73923059FB2A9B4C3CBE500A6 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
22:15:42.0686 0x1b6c  CryptSvc - ok
22:15:42.0827 0x1b6c  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:15:42.0858 0x1b6c  cvhsvc - ok
22:15:42.0889 0x1b6c  [ F038EAF73AAB72A4A89185A5A7B9FD75, 8213A60B3BEAFC1C554C5D049DFE3C6E44CEFE639EDD6A335AC18A9DAEDA2D4B ] dam             C:\WINDOWS\system32\drivers\dam.sys
22:15:42.0905 0x1b6c  dam - ok
22:15:42.0952 0x0154  Object send P2P result: true
22:15:42.0967 0x1b6c  [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:15:43.0014 0x1b6c  DcomLaunch - ok
22:15:43.0045 0x15c4  Object required for P2P: [ 5CF5E80616F74B769AABCF76FEA791D1 ] avgntflt
22:15:43.0061 0x1b6c  [ 0605AB12BF1856DF21AB708F28EA91CF, 3A6A7F8F84044DC1EA490A007E6DBC52203BA237ECF1B845961D9BB95E9BF8C8 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
22:15:43.0077 0x1b6c  DcpSvc - ok
22:15:43.0139 0x1b6c  [ BABB7BB5AD3CECFF466E6080F43CFC58, 1B8FF66557EC4C749156ED6DACC4D61D5DC4E25DD58F6DB3713C356214B80FDA ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
22:15:43.0170 0x1b6c  defragsvc - ok
22:15:43.0217 0x1b6c  [ 63C9464B165D31ACC46B6B089AB36B41, DE38DE4E6331D07630B63224F8014C27368C29791EDB58CC5DAE7CBACD37160A ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:15:43.0248 0x1b6c  DeviceAssociationService - ok
22:15:43.0295 0x1b6c  [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
22:15:43.0311 0x1b6c  DeviceInstall - ok
22:15:43.0327 0x1b6c  [ CF3895DD260ADE05BC91D8FBE0A82907, D7D8A29E873BE5C3832C9264F0165F6CD50D42ED0E04B0FCF07F054793092334 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
22:15:43.0358 0x1b6c  DevQueryBroker - ok
22:15:43.0405 0x1b6c  [ 25435407D97419627F4B10653433BF2B, 5429B0DB7C5302E9A6AF92C046637183D4147D4A206963ABEA3A611214D6AB04 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
22:15:43.0420 0x1b6c  Dfsc - ok
22:15:43.0452 0x1b6c  [ 85137571AEC8AC757D497B9DD30D544D, 6E15C9FB4010B26A8E5AFD4E85F7362B2616EB8503ACCE28EC31AC1E7D18566F ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
22:15:43.0467 0x1b6c  dg_ssudbus - ok
22:15:43.0530 0x1b6c  [ E59C209F1F633C1AEAF151B2CA46BBAA, 6A4DA927418B56A228CC8D9DFA3351B2B53A9328F5C56C10F0C7B19974B2ED89 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
22:15:43.0561 0x1b6c  Dhcp - ok
22:15:43.0624 0x1b6c  [ 95AA7877FD4161BFBC8493F9279B1901, F6B7DF75D763A89901BD12454BEF92D161B392F721B8568505073929D9F419BD ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
22:15:43.0639 0x1b6c  diagnosticshub.standardcollector.service - ok
22:15:43.0717 0x1b6c  [ F96AADEF864DA2E52C45DE1498B18753, 19FF8EA929D21E4C223E5F9383DCE83E15E6815D5356A343DD6D9EACF29F1560 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
22:15:43.0780 0x1b6c  DiagTrack - ok
22:15:43.0811 0x1b6c  [ FDCD449AE9E75D7690593D16ADAF4DB4, 3366C4BDB031EB525F85850E903C46802A2AC762C0772C6F6E543DDA4AF1E9D5 ] disk            C:\WINDOWS\system32\drivers\disk.sys
22:15:43.0827 0x1b6c  disk - ok
22:15:43.0873 0x1b6c  [ 8E481EDF066552D551613EC9FE7D179F, 96E955CA82B4CDEC00ED08003FDC8DD61E685F421912EDBF7B0DA740048416F9 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
22:15:43.0889 0x1b6c  DmEnrollmentSvc - ok
22:15:43.0936 0x1b6c  [ F10A8F6D036CEDD14A5471782C52F041, E0DA3C4F76DBBEAED549375E57819F8825B33A118F7674D417D294054863F648 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
22:15:43.0952 0x1b6c  dmvsc - ok
22:15:43.0999 0x1b6c  [ 7228733177F673B4D51BD1AA082D47C1, DBE155CDCFAA7C32407A207F637F252FA0CE30F1DE7E7DBEC42DB37FADB5BFA7 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
22:15:44.0014 0x1b6c  dmwappushservice - ok
22:15:44.0061 0x1b6c  [ 592E41B3C11CA12203D3708AD8FC3D37, 6C69D5D603FBF038C069EDDCE29F7C6A60CAAE58B985AB218E1497F2BA934D42 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:15:44.0092 0x1b6c  Dnscache - ok
22:15:44.0124 0x1b6c  [ 6184C7A2F12625C108AEFD3A43429967, 689153F319BB1013FF60F71317E8380A6945EEE8141EDBDD6B185A966E23BB93 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:15:44.0155 0x1b6c  dot3svc - ok
22:15:44.0186 0x1b6c  [ A616D8297C1BEA690BBC796736A7A78D, 9365470F4609606410AD79D98E1E77D815DC7C5AA924FB639FCF713EE8EDEA76 ] DPS             C:\WINDOWS\system32\dps.dll
22:15:44.0217 0x1b6c  DPS - ok
22:15:44.0342 0x1b6c  [ 45771610FF181434073B5A0A00F20F8D, 6A17DB09AA6D021F000F7315317235E1FCF41FD58EA7DF81A7C9F5A6DE999984 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:15:44.0342 0x1b6c  drmkaud - ok
22:15:44.0389 0x1b6c  [ 00D9A948FB7344C62CEBED88E50EE39A, EF33FE7FB34DE571F3956C1F7AC8EFAA25BFD9F3AFA3ECD25DD34C5890873245 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
22:15:44.0420 0x1b6c  DsmSvc - ok
22:15:44.0452 0x1b6c  [ F2328181D289CE83E9979733EAB6742A, 73B1CDA6ED8C42B36126909F1335B72126A5DDC6FC7CE8BA2CA274A2B92E82FD ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
22:15:44.0483 0x1b6c  DsSvc - ok
22:15:44.0577 0x1b6c  [ 310334DAF2C455744703E2D582942DF3, C25C42B4C5BA3456DCB2C24546D7E38A9F5321992B81138A8BDCE021C4BE6D13 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:15:44.0655 0x1b6c  DXGKrnl - ok
22:15:44.0686 0x1b6c  [ 6E36BDBB46DF7F865D0DD30663AE3891, 98967B01EA450AD4D5FE8085F710359C022D783B839A51BD4A266718156B01EB ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
22:15:44.0702 0x1b6c  Eaphost - ok
22:15:44.0858 0x1b6c  [ 3070013B01EDA42C7EB67D731340C396, C083CA05650750876E70CB6AB51D5C047C06098C2ED86B083A74C97830247BFC ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
22:15:44.0952 0x1b6c  ebdrv - ok
22:15:45.0014 0x1b6c  [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] EFS             C:\WINDOWS\System32\lsass.exe
22:15:45.0030 0x1b6c  EFS - ok
22:15:45.0061 0x1b6c  [ 59EE187E333EE9914DD9BEA5F4E0D85D, E34BB8075E38FC6AEC056323C6E3B5B4E7041EE6F4D51699B706DEEA18BDB911 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
22:15:45.0077 0x1b6c  EhStorClass - ok
22:15:45.0108 0x1b6c  [ 9297F1CC486F24BDFD2874156AC5430F, 1AF8689ADE4E658FC9418F7886B6C19F7D005EAB2AEF9B0E14FC81C61A74CECF ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:15:45.0124 0x1b6c  EhStorTcgDrv - ok
22:15:45.0155 0x1b6c  [ 9E8FF6B95FD420FA9E40BE548E5C8D92, 8825B81418335D03CFAADB792C1466023C459BE489ACACBD6686FFB544F22D30 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
22:15:45.0186 0x1b6c  embeddedmode - ok
22:15:45.0202 0x1b6c  [ DC2F91EAE9A28FA8C6610A9B7701B70D, 480DB509BF944AAC3617594F1245B4603069DE39186BC1FA7EDB8E0536B05E79 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
22:15:45.0249 0x1b6c  EntAppSvc - ok
22:15:45.0264 0x1b6c  [ F7FCCA6300485EF60CEA6D991D6C8C78, 24080D80CF1FD678DF4C9CAE70F65F8D9232F5F6A6F2B73A77B5E3C91E6505F3 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
22:15:45.0280 0x1b6c  ErrDev - ok
22:15:45.0342 0x1b6c  [ 2093F65AA84478E28C8E9D05BC413845, 086D4E0D4B993F4041AA8A9DCBEEDB53BD05B88E2BEFB218837FB10FACDF4233 ] EventSystem     C:\WINDOWS\system32\es.dll
22:15:45.0374 0x1b6c  EventSystem - ok
22:15:45.0436 0x1b6c  [ DCCDC3F35F0618692117DF90800A4284, B636B2A39AE89A9C2CDE17EC52DA669DA8AA9E2B04CA5CA19926DA8009655244 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
22:15:45.0452 0x1b6c  exfat - ok
22:15:45.0467 0x15c4  Object send P2P result: true
22:15:45.0467 0x15c4  Object required for P2P: [ 8B86696A7030DDBD85B64621BD5B9C44 ] Avira.ServiceHost
22:15:45.0483 0x1b6c  [ 435FC0D25ADFD1A2FBA8C98BD4D79E23, F89D02518923D5AAB4A63686F26EE6118584AA9641D2C0B5B1AE4A728D5C06A4 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
22:15:45.0499 0x1b6c  fastfat - ok
22:15:45.0561 0x1b6c  [ 046FC9CF53A91E2FBA498CA7B0C3B028, BCFB06DF53065706DD6287E8C47BF5047F8A1E33981E1881E6ED7510337F5BC8 ] Fax             C:\WINDOWS\system32\fxssvc.exe
22:15:45.0608 0x1b6c  Fax - ok
22:15:45.0639 0x1b6c  [ 4E4B7D935DBF522B2F23D3573596181D, 9D0EC9F65920EE0FFFB2D49C58E4D5151C8CEEB7AA82543D226E4B84EEE4B3F0 ] fcvsc           C:\WINDOWS\System32\drivers\fcvsc.sys
22:15:45.0655 0x1b6c  fcvsc - ok
22:15:45.0702 0x1b6c  [ 583EB1C7690E361213BBD0472155128B, 5F5871490A6DAC4A824F4428941AC86FBFA9AA349B99B5D9544E5D62EB459FA8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
22:15:45.0717 0x1b6c  fdc - ok
22:15:45.0749 0x1b6c  [ 94B1A46EDD335F0C54C7BDAFC43348E6, 58073D58D0BE7389C2A4736AFE108835E5AE9C9950FF630644F585C99B964043 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
22:15:45.0764 0x1b6c  fdPHost - ok
22:15:45.0780 0x1b6c  [ BC855BB7DFE06F27F78E0EB2A8CCB70D, D16C3DAB99C16B077BA5DA5E9E0646B0B9237B00ABAE867D9F81A2D072D583B1 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
22:15:45.0795 0x1b6c  FDResPub - ok
22:15:45.0811 0x1b6c  [ F1125F20D56F28DDCD1A6F3E81EB4F5F, A6620ECCB15FAA70E4A43ADA4CE82CF97D708B6FA07F3FAED276359E7F92FD0F ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
22:15:45.0842 0x1b6c  fhsvc - ok
22:15:45.0858 0x1b6c  [ CDFD81CACE0E11596A3BB61EC4CF6467, 569FA86A215B054131AA9AFEECFEE7FD7143DCFFE275B84196004AEA538B2476 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
22:15:45.0874 0x1b6c  FileCrypt - ok
22:15:45.0889 0x1b6c  [ 3F02FEDAE894CBF4BAADDF8C8E1D53A8, DA32ABB1CDA867B8456C46F8581FA7F3A8D8B89D9F6E7422F51941D5FFA15B13 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
22:15:45.0905 0x1b6c  FileInfo - ok
22:15:45.0920 0x1b6c  [ 2824933386E30DE5BA089DF539CE19A3, 7B33E514576C68B444AE99CBA1360EBFAE8A46EEE5C01F4EE4CF471A712AB148 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
22:15:45.0936 0x1b6c  Filetrace - ok
22:15:45.0967 0x1b6c  [ 6A598249640F8BEDD79EC73917E1664F, A675238EA19E6632CDEB4EEFF7CF509EAAEF76AD8DFD247664E5607555D9CEE1 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
22:15:45.0983 0x1b6c  flpydisk - ok
22:15:46.0014 0x1b6c  [ 44B6A6832134DF651E887E941478CA35, FCF4EB726D00F5A17DD66C81CFDA49427281C94CF9CA2008397D591AEA61AE05 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:15:46.0045 0x1b6c  FltMgr - ok
22:15:46.0139 0x1b6c  [ C197284A9D565A38497733AF2BDFA111, C6615AF0D366C2DD6D431B073901EED02D49AA3F252230735DBB52A90BCFA833 ] FontCache       C:\WINDOWS\system32\FntCache.dll
22:15:46.0233 0x1b6c  FontCache - ok
22:15:46.0296 0x1b6c  [ 109AACC7FB0170535F71491F673AFD38, 212B6761ABBAC29993DA0A47C3DDE8074EA9E5A8FFA8FF6EAB95AC69D8FDD5A0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:46.0311 0x1b6c  FontCache3.0.0.0 - ok
22:15:46.0327 0x1b6c  [ 3F3B9E8CECD5604BC7746EF3A852EB67, 51AF62A9563379266C0C873E82F55427900032DFD7AC3EBDCDF77F8F8DE91A5D ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
22:15:46.0342 0x1b6c  FsDepends - ok
22:15:46.0358 0x1b6c  [ A60583221C7BB7CEC35C63285A297BE1, 3C842FBEAD1FA2BD8D37B2B0E8EDF77F4F50508C56FB25DFA81DE9679090D51D ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:15:46.0374 0x1b6c  Fs_Rec - ok
22:15:46.0420 0x1b6c  [ 58013A50225174EEF1410E37795D7908, F8E557CA4110ABB203192DEAF59D91A5FEF2A5EA394637276DAB7F4D2E7BFA39 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:15:46.0452 0x1b6c  fvevol - ok
22:15:46.0483 0x1b6c  [ 0DAAE3EFCE00133AB3E383A36C47CDAF, 9145665F4F0575F951803AAFAA1A7DC0FAA35430CAE7D90E902074D60D6F4C62 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
22:15:46.0499 0x1b6c  gagp30kx - ok
22:15:46.0530 0x1b6c  [ F59155B95D01C08F9ED774B626B504A1, EF0FCF35AD9CD5E5D695F0C064244D2B327E7FB10FD7CBB0586253EC75562918 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
22:15:46.0545 0x1b6c  gencounter - ok
22:15:46.0561 0x1b6c  [ AE24452F55C6F1784CBD7489D0CDDB02, 4E13C51CBF30A8662B1180AC74E968CFC428B6EA7931F09357E7D120063D4823 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
22:15:46.0592 0x1b6c  genericusbfn - ok
22:15:46.0624 0x1b6c  [ 96F0D3A583A91B634EE2AC2507356EDC, 43D2575F33D28F61C13D2DCF358BFA9DCEAE276C83152DBE7AE2020A66929CD9 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:15:46.0639 0x1b6c  GPIOClx0101 - ok
22:15:46.0733 0x1b6c  [ E50CE978F571B900D9A7E2F1C5BCC070, EA14873A5F1B700D7CDBE55B9D214DC457262866A90D80B3E8325A8EB7932CE7 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
22:15:46.0796 0x1b6c  gpsvc - ok
22:15:46.0827 0x1b6c  [ BA2455D93BD57989A04FE4094AA6F941, B579FB367C063EA30C034381148410D49D38E183A5A4D51D2334A81DAEE95CEC ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
22:15:46.0842 0x1b6c  GpuEnergyDrv - ok
22:15:46.0905 0x1b6c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:46.0920 0x1b6c  gupdate - ok
22:15:46.0920 0x1b6c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:46.0936 0x1b6c  gupdatem - ok
22:15:46.0967 0x1b6c  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:15:46.0983 0x1b6c  gusvc - ok
22:15:47.0014 0x1b6c  [ C277A49F8A8295840DEBC9240B75A282, 8B2BA0E6A8300323765D95ECD843105B0FC4B80B85EE2220E677C4E9A760C9D8 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
22:15:47.0030 0x1b6c  HDAudBus - ok
22:15:47.0077 0x1b6c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\WINDOWS\System32\drivers\HECIx64.sys
22:15:47.0077 0x1b6c  HECIx64 - ok
22:15:47.0108 0x1b6c  [ D5A57EF4822A0388352FFF9F5CD53495, 509F365386859157E9078821FAA56D2A3C0BA296CA129E0D42453428A14687A5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
22:15:47.0124 0x1b6c  HidBatt - ok
22:15:47.0155 0x1b6c  [ 39575B53EB80C77FF2A3F1449D00B7F5, 37E66B38BACE00AFEF7093F990A234399D8451A9D2C2C8CBECAB69C664E63EA6 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
22:15:47.0186 0x1b6c  HidBth - ok
22:15:47.0202 0x1b6c  [ 35C3B602664116E737FF729F9A7156AD, 7A3C5CAD716E819CC53405971F3ACD135BCF023EC2228C1095E2116BCC384E62 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
22:15:47.0217 0x1b6c  hidi2c - ok
22:15:47.0233 0x1b6c  [ C4ABE526BBF2A18E8AF70177FBAD9C6E, 4DA06B563A08AC15D949F4599F73F172B3BFCB5D23B34240D1E2114438A11929 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
22:15:47.0249 0x1b6c  hidinterrupt - ok
22:15:47.0264 0x1b6c  [ 348416C7D7EB05BC3099FE2F2B27985C, F30E8682E9DD731A1AD7328FB8A48A2BB7D6E52780AE1FDE839D26E84B4FA7B5 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
22:15:47.0280 0x1b6c  HidIr - ok
22:15:47.0327 0x1b6c  [ 5576DF399CF2D3B63608F7F282151249, 04939E79B8B8035547CE6FFE9001252CA810BAD46D8DB75FF5C13EB10EEB5C57 ] hidserv         C:\WINDOWS\system32\hidserv.dll
22:15:47.0342 0x1b6c  hidserv - ok
22:15:47.0342 0x1b6c  [ 01F732724AF6EFE69886DA95A4E51820, E048A480F9396418BDE9659596E7EDA5FF97D3CE029D186048609B47575BEAE1 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
22:15:47.0374 0x1b6c  HidUsb - ok
22:15:47.0421 0x1b6c  [ 7433A8D28EE11A661C7A45AF28BA7987, 8A73DB423924E84CD3629BF6C7298CD093D2437B73B3F4520D39330923DDA2D6 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:15:47.0452 0x1b6c  HomeGroupListener - ok
22:15:47.0499 0x1b6c  [ 3FDBFBE5AE639996EB8D482C16BA7EA9, 7E48304818AABB4C5B0CB7FD32D96D6F90F4180AB0F668A2FE653A7097A40673 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:15:47.0530 0x1b6c  HomeGroupProvider - ok
22:15:47.0577 0x1b6c  [ 3844CE7DD23530CAD59D8CABA57CCB05, A44BB60686A0E98FF370D9DED5B32C3F34F0352ACFA3B3052BA4023922B53DB7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
22:15:47.0592 0x1b6c  HpSAMD - ok
22:15:47.0624 0x1b6c  [ CA6EADBB8731CA27BDA4037BF290AC14, 31EC9397D55D4EEC416AD722134E2D6B5D14E46D2150CB94889C4BFDAACBF421 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
22:15:47.0671 0x1b6c  HTTP - ok
22:15:47.0717 0x1b6c  [ 8841D927EB1F7FFC8B1805BC0CF190ED, B063E686380EEF582CF736E33751812F0041C593C7F30EE97D13DEDC9B246AB5 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
22:15:47.0733 0x1b6c  hwpolicy - ok
22:15:47.0749 0x1b6c  [ 53436C3835E80F4421652A67F44D6313, 8731091945A839713348DF3060A4C96033874E2B3DC7E099BEEC8C65B07F98CF ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
22:15:47.0764 0x1b6c  hyperkbd - ok
22:15:47.0796 0x1b6c  [ B2DC6C2F313EBB967B556B4E73A75451, B1816A0AE15705F0325F167EA76166779607D6086EC36A4A960E3BA47B4EBC4B ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:15:47.0811 0x1b6c  HyperVideo - ok
22:15:47.0842 0x1b6c  [ D4CDEE4A62BDFFF6E8558A9552148EA7, 55306786CB45082AE374937EBA256FF9CD640BB2E8C19DC6C704489D4743F5CC ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
22:15:47.0858 0x1b6c  i8042prt - ok
22:15:47.0874 0x1b6c  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:15:47.0874 0x1b6c  iaLPSSi_GPIO - ok
22:15:47.0889 0x15c4  Object send P2P result: true
22:15:47.0905 0x1b6c  [ F1DF87463AC308047B089E9F0456B4C8, DFFF3C63D3124C2B879B888104042406FE326D4E7C8C1881A269BD4287B9CD33 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:15:47.0921 0x1b6c  iaLPSSi_I2C - ok
22:15:47.0967 0x1b6c  [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
22:15:47.0983 0x1b6c  iaStor - ok
22:15:48.0046 0x1b6c  [ 9FDD4763A115D04F565C38183DE4646F, A8B0653E7C5F5B3CB2A1B642F502269FB1BB1E35DBB1CBABDBDADF92C9815727 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
22:15:48.0061 0x1b6c  iaStorAV - ok
22:15:48.0092 0x1b6c  [ 4E69EE8F8E5DA036535D433C544AF9E2, 2ADE9B97CE1C19FF984D8BB99CF31415872C2D9628864BD78C0E44D21CC94EE3 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
22:15:48.0124 0x1b6c  iaStorV - ok
22:15:48.0139 0x1b6c  [ 15C59DF20F74A0C2C764B991FED7F4A5, 6E9804775E815F32A4D73C346E627D64A3096525E78FAE3B6E43CFECAE270428 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
22:15:48.0171 0x1b6c  ibbus - ok
22:15:48.0202 0x1b6c  [ 2268D73AECBE7E5953E2C6169238CCB4, CB07A720047DB2187E6E17BD26408D9F375715D2174CCE4BFB40465831088072 ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
22:15:48.0233 0x1b6c  icssvc - ok
22:15:48.0233 0x1b6c  IEEtwCollectorService - ok
22:15:48.0311 0x1b6c  [ 6F9C31435DD3E3D3BC247212EA144EBF, 05C4A0BD4BABD27783CEFEE6108C1A05911A212189233F09AF1A56BDC60F60F8 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
22:15:48.0358 0x1b6c  IKEEXT - ok
22:15:48.0405 0x1b6c  [ 4B6363CD4610BB848531BB260B15DFCC, 13A8AA9571497086341AC00797EFF212FF76EE62F9CFF758D3C08B377EC7BF04 ] Impcd           C:\WINDOWS\System32\drivers\Impcd.sys
22:15:48.0436 0x1b6c  Impcd - ok
22:15:48.0608 0x1b6c  [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
22:15:48.0780 0x1b6c  IntcAzAudAddService - ok
22:15:48.0811 0x1b6c  [ 498759139F71142888CF7EFA1ABE18C8, 9CD0CD748B143F947B4DEDE39344A8C284717CC8AC97E25827EB73CF10831419 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
22:15:48.0811 0x1b6c  intelide - ok
22:15:48.0842 0x1b6c  [ DC270DDCDDC2EF65D484A65CC5166222, A88BEAD819ABEFE28B6F9A10586ADCB0EE2A5ED9273F176E9313750609C7892F ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
22:15:48.0858 0x1b6c  intelpep - ok
22:15:48.0889 0x1b6c  [ B4D9C777762B1F7356958B9C0AA93BEB, F11B07FE939A107AB4EED4857854DF269C2D86A80C8507C8B1E95F7805975EDB ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
22:15:48.0905 0x1b6c  intelppm - ok
22:15:48.0936 0x1b6c  [ 22BD83268B80A8C89AAC0BDF46E4EB5D, E7DC0C2E4104B51EA545BA8D0CFF11FD6A15BFD8EE16E546E8FC220853402CB3 ] IoQos           C:\WINDOWS\system32\drivers\ioqos.sys
22:15:48.0952 0x1b6c  IoQos - ok
22:15:48.0967 0x1b6c  [ A49E47A6E1429123F46A7CA9C05AEFC1, FFD68CA46DFAA4954FD76145808E2C74BDC34FFD6979BB3FB6A3EE4DC33CDC78 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:15:48.0999 0x1b6c  IpFilterDriver - ok
22:15:49.0061 0x1b6c  [ 8FBA61B7CB44F136226BE3B346FC6D19, 2190A523AC948B18C2C7B6DC96ABB654DAB471AD5E5E13F79899416E91777AED ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
22:15:49.0108 0x1b6c  iphlpsvc - ok
22:15:49.0124 0x1b6c  [ E0C276985AF968CE295B8E09C121321F, 07B54165E80D4254C29A6CF00CC634E70F190EF0EB8EEF73EC14F38B841087A5 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:15:49.0171 0x1b6c  IPMIDRV - ok
22:15:49.0202 0x1b6c  [ 5D3744E6FDEC1A6FB3FA9B1DD4AF0694, 209BE9FC25C8BF8CE058B7E993B6A902B881380DADC69F5208733077DA7F4382 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
22:15:49.0217 0x1b6c  IPNAT - ok
22:15:49.0249 0x1b6c  [ B18202D72C0EF4B53CEC6F59E3E1B955, 6DA244E6485372C16CF0B38838DC90B48079A85F5D22B0F2F197C8DA37F0A293 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
22:15:49.0264 0x1b6c  IRENUM - ok
22:15:49.0296 0x1b6c  [ CD04CBCCCB4C0E4BB06B98E0F45C888A, 106B3E823C188BD14328F2BEA28559D2F637C270064B2FD214522FAC4E616F4C ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
22:15:49.0311 0x1b6c  isapnp - ok
22:15:49.0358 0x1b6c  [ 5D90E942C94B20E0F321015C0ABF3EEA, 4110551B172D4A5524DD857D7CB65FAF2594310BE7883D5641BC0DF5EF49C82C ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
22:15:49.0374 0x1b6c  iScsiPrt - ok
22:15:49.0389 0x1b6c  [ 4192DFE6CA143C0AD8AF42C51A82BECA, 31FB3A261D0D5241CC87EF7DFF8BFC1A1EACE8CEC42138918EC5958DAEE100CD ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
22:15:49.0405 0x1b6c  kbdclass - ok
22:15:49.0436 0x1b6c  [ B63C0DB341DCB46CF7AA259333A737DD, F1B43BA68707F3F99CD31AB2035F5E86CD967AE4E5393928C69861785E960872 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
22:15:49.0452 0x1b6c  kbdhid - ok
22:15:49.0468 0x1b6c  [ 53C79A7FABDAAFD11EAB31963FB2CED7, 357418645DDCEFA5546AE78EDCAE86D50928710CA7A3F65F01CF721AADA36623 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
22:15:49.0499 0x1b6c  kdnic - ok
22:15:49.0514 0x1b6c  [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] KeyIso          C:\WINDOWS\system32\lsass.exe
22:15:49.0530 0x1b6c  KeyIso - ok
22:15:49.0561 0x1b6c  [ 1E99B26BDB9B9C9BC775ED4543558560, 890870A6737B4910735D1B23F714AA73FCCD1C131D135FACBA6909F06D31B3FF ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
22:15:49.0577 0x1b6c  KSecDD - ok
22:15:49.0577 0x1b6c  [ 6198A79011C67497B324798B3D4272CE, C587F7D86837550D07918F6AACF26BF65EBAF7FF57475DC9196B4D011E83AE47 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:15:49.0592 0x1b6c  KSecPkg - ok
22:15:49.0608 0x1b6c  [ 503597D9B72DBD9998F722F12A51ACFC, 9B3585282191163AA70243BAD921ED8725A98454E0D3879E0F671E0E4F56AB4F ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
22:15:49.0624 0x1b6c  ksthunk - ok
22:15:49.0671 0x1b6c  [ ED5AE20C27F27F293C6C61AEC9881054, 4D5BE394D129BD559B0A9D237F3F59CB3D24C15ABDD97AE2E64931D6B9D14FF1 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
22:15:49.0702 0x1b6c  KtmRm - ok
22:15:49.0764 0x1b6c  [ C529DA0AD5A21878E318801B024AF8E7, A14E8ADCA33C37B1D256CB4926A19F56D2D19B94EDF314A4ED34A8B5AB62CA5A ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
22:15:49.0796 0x1b6c  LanmanServer - ok
22:15:49.0811 0x1b6c  [ D6D9F4CAFD3F1A7E30AD02E508552CD2, F0D225E5951CFE1D8349F634CC91BDD5B3F9DCF6233CCB965E99BFEAFE642265 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:15:49.0842 0x1b6c  LanmanWorkstation - ok
22:15:49.0889 0x1b6c  [ 24881F16D2829764681F5FAE7B86D7D3, 290348CFAF3165847E4B53965D22E9D417EE20FFD23293B5C1855C57E6328599 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
22:15:49.0921 0x1b6c  lfsvc - ok
22:15:49.0952 0x1b6c  [ 6ED675774BDC3735AB6DA12D29F825CF, 4317C7CF491F4E806975E7A973CFF11CFEE9E94730DDABCC67C3D693691DDDE5 ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
22:15:49.0983 0x1b6c  LicenseManager - ok
22:15:50.0014 0x1b6c  [ DB789F57CE94C827FBFF709CA5ABD29E, 4CA4DD079A63649C36F76A31C4081F11F5CF6574AC573B63EF930DB19B1D1C95 ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
22:15:50.0030 0x1b6c  lltdio - ok
22:15:50.0061 0x1b6c  [ FECBC6C4981772E5D0F517B34A5496EE, 15DB097BFB221B91E580E5CD1DD6B34A9A2C78A1A6FCE4162A855BB4AFE673E9 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
22:15:50.0092 0x1b6c  lltdsvc - ok
22:15:50.0139 0x1b6c  [ 24C87BDC66AB192FEB273BEE5FD5AA38, BFAAE1F2450DEBD1A14877C046C6EBA91014DB0B5D0FB95EC14CB714B773B3C0 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
22:15:50.0155 0x1b6c  lmhosts - ok
22:15:50.0233 0x1b6c  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:15:50.0249 0x1b6c  LMS - ok
22:15:50.0280 0x1b6c  [ 3BB39166E446D456C277C17DFEA3DAC6, 1A08E1D017BBCE91E508D876835FA7AD2DA0859A8CFE8F8F31B4F12B48E2573D ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
22:15:50.0296 0x1b6c  LSI_SAS - ok
22:15:50.0327 0x1b6c  [ 25CF625E46307A5D6674C8DFA1A289AA, 1D00EB70B6B0157013A7C15EF194F51B8596612066EF31B337D8134D6BD0BBBE ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
22:15:50.0327 0x1b6c  LSI_SAS2i - ok
22:15:50.0358 0x1b6c  [ 722C52B12EA4C198D56994934C9DDAB6, 5F4AB818251C770821BAF41C19B1C483A31CCC28EB96F2084D4092E33EAF906B ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
22:15:50.0358 0x1b6c  LSI_SAS3i - ok
22:15:50.0405 0x1b6c  [ 3371FF1D5D745C3306C6A2C4E99C25A9, DD6F0099001501BAEDDF8411FBCD930BD6472662D209199249203CB2FDAA23FB ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
22:15:50.0405 0x1b6c  LSI_SSS - ok
22:15:50.0468 0x1b6c  [ E2EEF074F5260378F9AAFBCD592319A3, DC56674A08FA03FA7AF7DD8B3CC55D8324D1CB51546092A990A935FF9AB48A3C ] LSM             C:\WINDOWS\System32\lsm.dll
22:15:50.0514 0x1b6c  LSM - ok
22:15:50.0561 0x1b6c  [ C692B9C0352315417CF49FFA664957A3, C2D4F9A936B809889F7C51FE48214A1923175913A6C5D0B72D3BA469214B5174 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
22:15:50.0592 0x1b6c  luafv - ok
22:15:50.0655 0x1b6c  [ 6A4C75FD28F60062FEA3DF3B15D956C0, 4FC58F3320D33BDACCF759A50C623A3E58E4320749E6691B397DF0C8EAAA8A6F ] MapsBroker      C:\WINDOWS\System32\moshost.dll
22:15:50.0686 0x1b6c  MapsBroker - ok
22:15:50.0733 0x1b6c  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
22:15:50.0733 0x1b6c  MBAMProtector - ok
22:15:50.0858 0x1b6c  [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
22:15:50.0905 0x1b6c  MBAMScheduler - ok
22:15:50.0967 0x1b6c  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
22:15:50.0999 0x1b6c  MBAMService - ok
22:15:51.0030 0x1b6c  [ 8F22037D3F5A6BB676525D825A1388B9, 2AAC748D46136DFA1BE45150BF0AB7707D45391CAC1F63B964D341D11B135C91 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
22:15:51.0046 0x1b6c  MBAMSwissArmy - ok
22:15:51.0077 0x1b6c  [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
22:15:51.0077 0x1b6c  MBAMWebAccessControl - ok
22:15:51.0124 0x1b6c  [ B2ED9A7A5587A128A0EFD0DBE7662E95, 63070AAFD44E3CD2A4B262DF27222B103455A4D8C2E45914502BFA03D84D32C9 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
22:15:51.0124 0x1b6c  megasas - ok
22:15:51.0155 0x1b6c  [ 083F71488E6780A67290273180256EA5, 5F43CE66F5A48850BABB70F4D219FDD002F9BC2B2F0E58E66FE2C492AA335E50 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
22:15:51.0186 0x1b6c  megasr - ok
22:15:51.0280 0x1b6c  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:15:51.0280 0x1b6c  Microsoft Office Groove Audit Service - ok
22:15:51.0343 0x1b6c  [ 5907A10D46747A2B6DBFD6A198254DC2, 6C283E9DC75C7ABFD270D6FABBF4F54628A1786E7CE2F603BF664CBB9E4FE583 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
22:15:51.0374 0x1b6c  mlx4_bus - ok
22:15:51.0405 0x1b6c  [ 91ED6F0EDF4158D63C52194F17D4F42E, ACF543978E253650C167C6C370699AEA7340EBCECF7CAB904CBDD334D1BD6928 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
22:15:51.0421 0x1b6c  MMCSS - ok
22:15:51.0436 0x1b6c  [ 2C4CC9F6ADBED5A6D131FDB97A78FF68, 04DC76E3F0959C0A9B00DF2133B075194FB7DCBD76832B9D25B0E37223D300DC ] Modem           C:\WINDOWS\system32\drivers\modem.sys
22:15:51.0452 0x1b6c  Modem - ok
22:15:51.0468 0x1b6c  [ D8DB13529C8AD6FBAF8E2F382024374F, 13025035C479E2EF76EDCB90D83BE65B4ADD9F7000AD31FEAD628D5DDFE69158 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
22:15:51.0499 0x1b6c  monitor - ok
22:15:51.0530 0x1b6c  [ 2DAAF1EE1C30F2FCF59851A64ADA0422, 08CD801E63E2862DE058CD732C3DB3D87B1A2898732365440E3F8919932E96FC ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
22:15:51.0546 0x1b6c  mouclass - ok
22:15:51.0561 0x1b6c  [ D30FE074503283829ED194BCAE6239C3, A3A127381ECC798417D01F6B8A1894EED7D71989047BC4D1D74D0E7C8394AD65 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
22:15:51.0577 0x1b6c  mouhid - ok
22:15:51.0624 0x1b6c  [ D5EC9413527B286CFEEB0294C53ABB95, B094C611F5A7E33D2F8667B2A4D6260E1D57BD135867F984EE5B674C7EE72B95 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
22:15:51.0639 0x1b6c  mountmgr - ok
22:15:51.0686 0x1b6c  [ 63282F5EB7E5BFB58FD1EC93C6ADB457, 25096C4AE319E854153C75DCEC0A67A63F6B05FDD0B49D4D373724B3BF55D665 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:15:51.0702 0x1b6c  MozillaMaintenance - ok
22:15:51.0733 0x1b6c  [ 989A1BBD9C49B107B4A47D06E6827A69, 62D90B22AE13AC84324DFD5FEBA595813AD07469B7FEC41380CE223D93020CCA ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
22:15:51.0749 0x1b6c  mpsdrv - ok
22:15:51.0811 0x1b6c  [ 51D4584BC245AF1B679CAF01669ACE23, AA0BE0D216A00113F5C07DD95CBC15C4448BF2CBD4954CF16D1E9689455447DB ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
22:15:51.0874 0x1b6c  MpsSvc - ok
22:15:51.0936 0x1b6c  [ 5B37FDC07159FE9F5F52399F7D78F60B, A0C20EB9A7918395A13A5E21917887DDC9897C475D33091B518354163CAE108A ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
22:15:51.0968 0x1b6c  MQAC - ok
22:15:51.0999 0x1b6c  [ C1E74DD1D84861D8F12FF8BC0BA11975, 5912A0455C840F5C8AD6383823C9C7DE6FF8B5CAF1B72EA181864999891EAF30 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
22:15:52.0030 0x1b6c  MRxDAV - ok
22:15:52.0077 0x1b6c  [ 1DF2C5FD2710A13B07E663A12F0E0EEA, 8EBCA9269F52A5CF602F5DE2B0C2AB2BFD82F415465DBB74C73D43F321D9FD46 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:15:52.0108 0x1b6c  mrxsmb - ok
22:15:52.0124 0x1b6c  [ 185932B1149BD707F8A13174CDAB365B, BC26CB10DD6E81A94477564444E91F76D47E685E897BD77B9C1393F0D31AB718 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:15:52.0155 0x1b6c  mrxsmb10 - ok
22:15:52.0171 0x1b6c  [ 99E24D4DBACBC569833B9A67710D65E7, 93BC765E7B6E19E83AFF783DE8080A80A1D69A406B496F1E36C47AE6E86AFB76 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:15:52.0186 0x1b6c  mrxsmb20 - ok
22:15:52.0218 0x1b6c  [ 6F8BE4FB6262012E61BBADB5444628DC, E87489207AA48106C08E4BADDD8D66D14BC9DD6AD2A4CDD880BA655932CDDE60 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
22:15:52.0249 0x1b6c  MsBridge - ok
22:15:52.0280 0x1b6c  [ 283BDF3602F442336DAF242BDD07FB98, 185F046B6AA24FFD1567F00AA70357C82002FF627E329CEF9B926645A6DDB172 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:15:52.0311 0x1b6c  MSDTC - ok
22:15:52.0327 0x1b6c  [ 7C55F1751CAC199680D4489D1EE46544, 967EC8137D321F6139C3382D19A338FD97A3023EB654747AC57C2008BE4AF677 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:15:52.0343 0x1b6c  Msfs - ok
22:15:52.0374 0x1b6c  [ 988588C16A53C2581488C15FF18934BF, F021FD31163CB5C7012CF96EF642C5E551708C835039075268F4CBED002D441D ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:15:52.0389 0x1b6c  msgpiowin32 - ok
22:15:52.0421 0x1b6c  [ 09622DBC24D0178F15DB8461BB6970DF, C0B3F9B2219AAF87E417EE9FF54C64B8AD9944E101EA79B5DC81D99E8C2ECF30 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:15:52.0436 0x1b6c  mshidkmdf - ok
22:15:52.0468 0x1b6c  [ 34BB07495C0159BE4189841E16F3BC2F, 264B5735D9A68C85BEDE363D4C0AE1FCC381B39EA884B4BAEE185EB8A873184A ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
22:15:52.0483 0x1b6c  mshidumdf - ok
22:15:52.0499 0x1b6c  [ 7BF3F0DA362C053918F5F2EC43CE39E2, AA773FA3F83C0C572160D3D0286A697DC628FF4F3655EF21D01C6D1B7BE5DF1C ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
22:15:52.0514 0x1b6c  msisadrv - ok
22:15:52.0561 0x1b6c  [ 669DA2006C0B9D882D2014617E1E88F5, 090F558818806CAEF6C81D369F8BFFE4A8240295EF37CAA7102A18F4CD20D868 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
22:15:52.0577 0x1b6c  MSiSCSI - ok
22:15:52.0577 0x1b6c  msiserver - ok
22:15:52.0608 0x1b6c  [ B2D0FD21FE67D6434769CC6F7A7883CA, B2368BD72952C6EE6DAF1AA006DF575A3019E4721BEFB108D3DF1B9E07B2BC5D ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:15:52.0624 0x1b6c  MSKSSRV - ok
22:15:52.0640 0x1b6c  [ FB3801F176376286A3F8F20FFB8CDC53, EEF89081665B9BBA93AE9F5912C40C1698E8BA8DBBCCC3BBE0BAB5A86B7E05D4 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
22:15:52.0671 0x1b6c  MsLldp - ok
22:15:52.0702 0x1b6c  [ 85EBF0A28B8B132B67C84C6CE5EBAC29, D0012CF4822A3D16F7BF61C94C5650DC1ED310A0DD1A3333465D28C73D40ECDB ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
22:15:52.0718 0x1b6c  MSMQ - ok
22:15:52.0733 0x1b6c  [ 8CBDF0E7A6CD824352F37A682A33DF7E, 4567FF4C73648FF26EA68EAE2B524B767099789086C158875C97768C77B81359 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:15:52.0749 0x1b6c  MSPCLOCK - ok
22:15:52.0765 0x1b6c  [ 33E5B6261D69ACD4948A5C64B9D8F29F, 1D32340640312372E52E59AFB5DB872E6F9DFE3AC16B56F9D928AE230DA02B8A ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:15:52.0780 0x1b6c  MSPQM - ok
22:15:52.0843 0x1b6c  [ 557DF8C0DBBBF518AC395C6EB1B179AE, B294B5A7882C0C60D91FB853FC87505B6E7638D25E360FDAE002AEBB714ED471 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
22:15:52.0858 0x1b6c  MsRPC - ok
22:15:52.0874 0x1b6c  [ 0A29AFA668F5DD50482A98ECE70C77A7, 4C1F23B062361D97B1C8D864AB227E5F398F774A99B5E60A1149A4F78D5BEC20 ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
22:15:52.0889 0x1b6c  mssmbios - ok
22:15:52.0905 0x1b6c  [ 30CE30877FD5BFADE74FA27D7829BF89, B5EA1F8C91E75722DB1E3E2172C8607FEDBF35BDC4141258A3E6D29D8B0E193B ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:15:52.0921 0x1b6c  MSTEE - ok
22:15:52.0936 0x1b6c  [ 13D88C0B8A2FA001CD72D454955A6974, 19DD5C8BBD07B64F355737436BF702FFC209D84A8855D2224D3377E233D4BB34 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
22:15:52.0952 0x1b6c  MTConfig - ok
22:15:52.0983 0x1b6c  [ 00C7F0F06A0A48B9CDB6B3AC3BE288F0, BF469A2DDF495ACB9FEE9063C6680C95BCC8686682C9EDAE6D1893D4058E8AA6 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
22:15:52.0999 0x1b6c  Mup - ok
22:15:53.0015 0x1b6c  [ 8E237527CA260C71D39ED4081BDF3419, CA52DD174C756A404B1FAD3F2A70E50085C2820BF12369259F61DA649101A179 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
22:15:53.0030 0x1b6c  mvumis - ok
22:15:53.0030 0x1b6c  MWAC - ok
22:15:53.0108 0x1b6c  [ 48D0587A8302FD3302CFE6F59F7345B0, 26D48AF3F7FF4867E179347CD635055DEA9A751C6C61CE2C391A7F74FC0DC1DE ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:15:53.0155 0x1b6c  NativeWifiP - ok
22:15:53.0186 0x1b6c  [ 11BE8117653C542D264788A700AC5BFE, 87EAAC2DF62BB26619DA72950F5EE41DCA1DBDF93F098647F9D200D588F14003 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
22:15:53.0233 0x1b6c  NcaSvc - ok
22:15:53.0264 0x1b6c  [ 286C6276B2BA86F29A0F687D05466277, AC8551536F37717A0ACE4A260F5696D1276F7AC62F669E8F12AA158DD86F71A5 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
22:15:53.0296 0x1b6c  NcbService - ok
22:15:53.0311 0x1b6c  [ C55DA734ED2A831E0BACAAFA01CEB7FF, 9D989B03D07BBAD287B317D238691664B0694331D6A69B7A1AA3D8AB7D1323FC ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
22:15:53.0327 0x1b6c  NcdAutoSetup - ok
22:15:53.0358 0x1b6c  [ CF8296427834CF8BBB3EE1444C17362D, 6EFBE1F015DFFA0704C66DF5C88089DD5771E1542018E4AE98389CFF3D0B2309 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
22:15:53.0374 0x1b6c  ndfltr - ok
22:15:53.0452 0x1b6c  [ D43EAFF4887321A07D9F9A9DD7225E07, CF29073BBABE12D56744B041118F15C6C08CB89EF12413E359A6875C90FA383F ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
22:15:53.0499 0x1b6c  NDIS - ok
22:15:53.0530 0x1b6c  [ A0719D1EBA971DFC5DF5F7CC010385F8, A982487D3A74E66F3C29AAA5B46CE9A0969F07F267DDEFE58C58573573AB0024 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
22:15:53.0561 0x1b6c  NdisCap - ok
22:15:53.0577 0x1b6c  [ 0C557932CCCC65AEB37326DD36504527, C0AF3066DEE4BCC32DB30CCC16B7A91442A8383BB36C7C4E3CC0A5EFE0FAAA9B ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
22:15:53.0608 0x1b6c  NdisImPlatform - ok
22:15:53.0624 0x1b6c  [ 56F9345D1945826135FBAB7589592B1F, 6BC2A5900076B917823C7392C582A2648D0C8000F2F65D309D5B48E36D4FB4D6 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:15:53.0639 0x1b6c  NdisTapi - ok
22:15:53.0671 0x1b6c  [ AADFC340939D99E5D756E713E1D452EB, EFEFDBB2188DE82C2C5E67929861B269FD4C127D34D1DE6D0596ABC33E2C2B51 ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
22:15:53.0702 0x1b6c  Ndisuio - ok
22:15:53.0702 0x1b6c  [ 312DFD787D99D3BF1427B0388BC04F71, C082CA1F332AD57FF2100748518D3D7B3D0F1B042F69BD7401C44B77AFE97462 ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:15:53.0733 0x1b6c  NdisVirtualBus - ok
22:15:53.0749 0x1b6c  [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
22:15:53.0765 0x1b6c  NdisWan - ok
22:15:53.0780 0x1b6c  [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:15:53.0796 0x1b6c  ndiswanlegacy - ok
22:15:53.0811 0x1b6c  [ 6E98F16983C4AE8703FF9F90AB4B31DD, BB8BD5DB4B5FB31F3A257747C27CBEFA4B7837EC5C0CF3D4F408E626E4003F4C ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
22:15:53.0843 0x1b6c  ndproxy - ok
22:15:53.0858 0x1b6c  [ F1B7CC77F412C8D45B2DDCF76EDA4F9D, 25F2AA76E675D9BCC0B1FD47AFEC6DF2D0B47E7B1C8AF6FB27C1ED2FB902961A ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
22:15:53.0889 0x1b6c  Ndu - ok
22:15:53.0921 0x1b6c  [ 824FDC990A3F79069BE468A132EB6888, D09F7A9EC04E37DA504CE54EEC25C312B407B6A8B214CBB074BEB50DE420F52A ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
22:15:53.0936 0x1b6c  NetBIOS - ok
22:15:53.0952 0x1b6c  [ F0D791348AD254360CC3C3E501CCB745, E4CAB4D3C2CD3169731283B00DEBFE26438BB66A3F0D78BDB68E876A14FC7070 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:15:53.0983 0x1b6c  NetBT - ok
22:15:53.0983 0x1b6c  [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:15:53.0999 0x1b6c  Netlogon - ok
22:15:54.0046 0x1b6c  [ 7C8A7380CBE45DFD3DF118D8601499A7, C137280B7696F8CF4258BDC8B241C66BB3AA5708C5410D85255E46C7E8284826 ] Netman          C:\WINDOWS\System32\netman.dll
22:15:54.0077 0x1b6c  Netman - ok
22:15:54.0171 0x1b6c  [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:54.0186 0x1b6c  NetMsmqActivator - ok
22:15:54.0186 0x1b6c  [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:54.0202 0x1b6c  NetPipeActivator - ok
22:15:54.0264 0x1b6c  [ BBE9D72EFC7BD66B28309C3607683DBA, FC372EFBC650CE0BDB117858D840A1FB361947B1C67D1DD16BABA95D0286856A ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
22:15:54.0296 0x1b6c  netprofm - ok
22:15:54.0343 0x1b6c  [ 24B38B871128BB08849701CEA722DA1B, 7E62AE8570E7DE83F79012B4D1492DD03496C0678F0BD98DC9C0EFF66D1B8D13 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
22:15:54.0374 0x1b6c  NetSetupSvc - ok
22:15:54.0405 0x1b6c  [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:54.0421 0x1b6c  NetTcpActivator - ok
22:15:54.0421 0x1b6c  [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:54.0436 0x1b6c  NetTcpPortSharing - ok
22:15:54.0483 0x1b6c  [ 46E862DA2CF8F351375EF537276B69B5, AC0FE0977E56380849DCE668AC0F5AF183AAB115ED84ADD964E390CC0BEDF6D3 ] netvsc          C:\WINDOWS\System32\drivers\netvsc.sys
22:15:54.0499 0x1b6c  netvsc - ok
22:15:54.0546 0x1b6c  [ 88CE4AC85F36B6347C1D820FA373B998, E10B5DF8883928A2062FC6180DE4CF0DE33C68622C2E3E4E1AFC56A0682F8E75 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
22:15:54.0577 0x1b6c  NgcCtnrSvc - ok
22:15:54.0593 0x1b6c  [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] NgcSvc          C:\WINDOWS\system32\lsass.exe
22:15:54.0608 0x1b6c  NgcSvc - ok
22:15:54.0671 0x1b6c  [ D5B50FCE0B749FC82BD8FD3A79FF623E, DB5E21011E020C08A5BE2B250BDEF9ACEA9891D6B7022BB9AAA5C6B92A4C87F8 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
22:15:54.0702 0x1b6c  NlaSvc - ok
22:15:54.0733 0x1b6c  [ 41557BE174E9EC6AC703A8A4ADBC6650, 8CF6DF3FDC3C7C44B32851538A67BF86A54AB6444A424D7A20B7A9A94B4158D8 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:15:54.0749 0x1b6c  Npfs - ok
22:15:54.0765 0x1b6c  [ AC3F70FCFBCE97AA2F12BA43EE13B86E, D0AC50FB022C0F3031531CEE210D47FC3244C6FB55FAAD4AAB04081F0A21DAE4 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
22:15:54.0796 0x1b6c  npsvctrig - ok
22:15:54.0827 0x1b6c  [ 0AF4872D3D6FD3A030E836DAC2B3EF2D, 03EE7B6FAFC0BB5C26793BC5FF8BD1019AC96B3104688009C1E062C3F4F34D6D ] nsi             C:\WINDOWS\system32\nsisvc.dll
22:15:54.0843 0x1b6c  nsi - ok
22:15:54.0858 0x1b6c  [ 66A98C407085B8920DF1E6D722F1ADB8, 3FE307E4A9E41B08E0453507E50D6D0C67FA6F4245A863D90181463C749C83B5 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
22:15:54.0874 0x1b6c  nsiproxy - ok
22:15:54.0968 0x1b6c  [ 466EC5659C02ED53DBD47DC1BC2B8086, 1F35DE75386F7D029C01D67B09D5E5157141C6892858885C11972CE73D6078AC ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
22:15:55.0046 0x1b6c  NTFS - ok
22:15:55.0077 0x1b6c  [ 383E546EF4982262A0EF6CC2B6E9D525, 3C6C90B62E8EB094E6928C388E5081A3F73DF87B0F34F716B72EA7B6EF71FBB7 ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:15:55.0093 0x1b6c  Null - ok
22:15:55.0124 0x1b6c  [ 466F875F1D4C6ABB46AF28007009237C, 26F5A5579737A7CF2267F79DDE5A551149C682D5FD24663B53FCEC5AA6B448CE ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
22:15:55.0140 0x1b6c  nvraid - ok
22:15:55.0140 0x1b6c  [ 76F19EAE7A52CBAF7B8EC428BE6E0DA0, CF1E55D92FA32744A20AB75D466A3E05E6FACF4694F9265C41F5C27C1E7243DC ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
22:15:55.0155 0x1b6c  nvstor - ok
22:15:55.0171 0x1b6c  [ 0D0CB77D74B38E0EC62341C19E469D8D, A05D3CC67FEEB2FD219BFAA34BF98CB3F3718042124AF28F0E9FDFB9F132DD76 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
22:15:55.0186 0x1b6c  nv_agp - ok
22:15:55.0280 0x1b6c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:15:55.0296 0x1b6c  odserv - ok
22:15:55.0343 0x1b6c  [ EA3FFE8617B9FCA1620AD9876E92F4F1, 68D5143CA71D10A2BB44E29B3C76580596669D0624076BCF6CCBA7AF3140538E ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
22:15:55.0374 0x1b6c  OneSyncSvc - ok
22:15:55.0452 0x1b6c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:15:55.0468 0x1b6c  ose - ok
22:15:55.0702 0x1b6c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:15:55.0827 0x1b6c  osppsvc - ok
22:15:55.0874 0x1b6c  [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
22:15:55.0905 0x1b6c  p2pimsvc - ok
22:15:55.0936 0x1b6c  [ 3612CE3432E0A2BE0081E6B488ACF84C, F1A641735FD374CA293FB98FADA2C41E2033B17FECCA3B6D225D0E591AFFF413 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
22:15:55.0968 0x1b6c  p2psvc - ok
22:15:56.0046 0x1b6c  [ 38F1AE32339731F6E5A7281AE8042545, 308954518C45D29FC199525F0CC7FE4EA805322EC0B871DDDCBEEC15355514C8 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
22:15:56.0061 0x1b6c  Parport - ok
22:15:56.0093 0x1b6c  [ 707889D2F95AAE8C9DD254D8767AD908, BE7BD94728D7629F8B7567523FFB42B8979941CEA2EA03E11BFCD51CF119FC27 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
22:15:56.0108 0x1b6c  partmgr - ok
22:15:56.0155 0x1b6c  [ A09B0D8F9F0FC17EBCE6481AC9FD5CDF, 8E8D68992D98CF3DBC4B70C7902B3EC28A1E2DA8D4DB38F0AD9D52B1A5A1D40F ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
22:15:56.0186 0x1b6c  PcaSvc - ok
22:15:56.0233 0x1b6c  [ 2834089EA4E550FF3B96E61FB4AA34ED, D25DAB47F9778675E984E0738D2014024C2758D52D7E071167A12FF466B7898E ] pci             C:\WINDOWS\system32\drivers\pci.sys
22:15:56.0249 0x1b6c  pci - ok
22:15:56.0280 0x1b6c  [ 3D587E4295B11B8480F7ACB09A89D718, 8C3BD62B3451E1B2E7197EDAE381785406DF86C03BEEC486602C642FDD37DBC1 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
22:15:56.0296 0x1b6c  pciide - ok
22:15:56.0312 0x1b6c  [ B8F07002B5F1DA23CFF979C2806B09F3, AD5C589A02BB8185AA070420BF30E78BC8BE3C6F9B0F66319A8CA05B70A5ED32 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
22:15:56.0327 0x1b6c  pcmcia - ok
22:15:56.0343 0x1b6c  [ FF588077D0C6AC2EA3FCBF1903CE08D0, 64BE1646FB6D8CC902B6F386255F7C0420E3C334E14DECD527DD541B43A1DCD6 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
22:15:56.0358 0x1b6c  pcw - ok
22:15:56.0405 0x1b6c  [ 5A4426450501534666F9E6157E258A0B, 2735EE7C5581D2FF5454662623BE94D08043C894580D540F0E5D3E21C7D7EC45 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
22:15:56.0421 0x1b6c  pdc - ok
22:15:56.0468 0x1b6c  [ 688F47C342E1BBC87A48AB71D316233E, CE99AB67C7E7A11AC69C2F4513AEBDACA385BA7F8CC49BE6313CE04ED404A0E7 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
22:15:56.0515 0x1b6c  PEAUTH - ok
22:15:56.0546 0x1b6c  [ 189265498945593D5256CFF7FEBB9665, 9CB88CC3C726BFE6EDCE8D9E4544306AACD3FB9E969E3A438D9FD533F25C1281 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
22:15:56.0561 0x1b6c  percsas2i - ok
22:15:56.0577 0x1b6c  [ 9B86965114F6831A5130EFE6657B17D9, 4C5B657DB9A9F96BFD3EAFA756ED60D911EB58857C439F5FA6E495A473ED1145 ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
22:15:56.0593 0x1b6c  percsas3i - ok
22:15:56.0687 0x1b6c  [ 8A5A52C855FB5BFEF019AE9938AEA8AE, 77CB8A09B209DB5895319BA9D073A67148926E22C47836343050DFC178AFAEEE ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
22:15:56.0702 0x1b6c  PerfHost - ok
22:15:56.0749 0x1b6c  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\WINDOWS\system32\DRIVERS\pgeffect.sys
22:15:56.0765 0x1b6c  PGEffect - ok
22:15:56.0812 0x1b6c  [ 42172DDE99D9F2AB3B0739506699A566, 6B0FAD656A24787E9429EA89F7DC03CC535D8E5D093378F93164ECADCEE5CFDF ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
22:15:56.0843 0x1b6c  PimIndexMaintenanceSvc - ok
22:15:56.0952 0x1b6c  [ 82FDEC2A262728F62F2111A84CC04B16, A1FCE38D4F55F10BB9B3BFB7D9E3EF7C27D499D9C8882218C8A9A73487798188 ] pla             C:\WINDOWS\system32\pla.dll
22:15:57.0030 0x1b6c  pla - ok
22:15:57.0077 0x1b6c  [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
22:15:57.0093 0x1b6c  PlugPlay - ok
         

Alt 23.04.2016, 21:18   #5
StefanHe
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



zweiter teil rootkit

Code:
ATTFilter
22:15:57.0124 0x1b6c  [ F1E9C35A8DFD4D64382CFB9019A950F9, 24E0381C6909F9876D6DC4697DC6405FE18DF91531891B2CCA6DB0191B9C6DF4 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
22:15:57.0140 0x1b6c  PNRPAutoReg - ok
22:15:57.0171 0x1b6c  [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
22:15:57.0186 0x1b6c  PNRPsvc - ok
22:15:57.0233 0x1b6c  [ 62C0BD179961132EF2C5B952210C11F5, 2473FBB3619D0DDA229D4BEC30CEFE7497C27ED3844A5B7655F6F2D328FEAF61 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
22:15:57.0265 0x1b6c  PolicyAgent - ok
22:15:57.0280 0x1b6c  [ 6390391EDFC43DD11CE9E6AADCAC20EA, C8BC222FFBB9E47489D16BB5248E0E2E594011C46CFF71F5DBCC4D5CC6788098 ] Power           C:\WINDOWS\system32\umpo.dll
22:15:57.0296 0x1b6c  Power - ok
22:15:57.0327 0x1b6c  [ 1433EB7908E5E1E20FFD50E4126C3484, 34D81680C8F2F2C5892FC0E0A6DFCBB241AFF493267A1FE182ED28AE9F712456 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
22:15:57.0358 0x1b6c  PptpMiniport - ok
22:15:57.0530 0x1b6c  [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:15:57.0655 0x1b6c  PrintNotify - ok
22:15:57.0686 0x1b6c  [ 22DE54C3974E4FD98F61D095C22C59B7, 64E78D6DEC4A28ABB0A23F2CF078459D81796EC79235AE45976ABB4F72B1D1E6 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
22:15:57.0702 0x1b6c  Processor - ok
22:15:57.0749 0x1b6c  [ 27D0B024BB356C6BEB1214B61E47DE02, 8CBDD62E243CC652F2197AE83DEDD21D91D2792558A6D7D1CC680B37607DEF4B ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
22:15:57.0780 0x1b6c  ProfSvc - ok
22:15:57.0796 0x1b6c  [ EDD52C352CBAAAD13FD7BD5DCEA309B3, EC7D294B23FD5C309E5C4C455896937B85DC615E1B36C9F8F3BDC90E75EBF9CF ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
22:15:57.0812 0x1b6c  Psched - ok
22:15:57.0858 0x1b6c  [ DD3FF2053356D11C785999BBC633F3E0, E9A5B7C657F4523E5DEF7AEE7ECFCC94E911FC65F1D491BEF01239F357B8D8E0 ] QWAVE           C:\WINDOWS\system32\qwave.dll
22:15:57.0905 0x1b6c  QWAVE - ok
22:15:57.0952 0x1b6c  [ 51590F442C6E5D43244BA30DDB0CE79D, 9C7FD0A19753C13FD4A27EBFD60703A2414D5A2F6F451F0B32769C8D7C953980 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
22:15:57.0968 0x1b6c  QWAVEdrv - ok
22:15:57.0983 0x1b6c  [ E951E70019865B06126AF850BCCA2026, C590DE38C7603149AFA0271D57EEBAF956F18F50584FCF04BC2C8D8CEC5C5932 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:15:57.0999 0x1b6c  RasAcd - ok
22:15:58.0046 0x1b6c  [ 0BF8607133AE264BC3C41A5BAA5FFB7B, 9A4F6AC6013AB5C2A99BCFC2CCF161DD225DE8D85D61579655ADBF04A4383A61 ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
22:15:58.0062 0x1b6c  RasAgileVpn - ok
22:15:58.0108 0x1b6c  [ FE0976379F9E7DB6F7945FCEB88C7E29, BA331CE55C02E86478714DA87FAC547B50D53BC7D02BCA5A64D484DED44BFAA5 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:15:58.0124 0x1b6c  RasAuto - ok
22:15:58.0140 0x1b6c  [ CA60F6C03611AF1710BC903ED9F566FB, B5C9E8BAC631738761E11168AB68EB1ECC5EC96BF9A8248B9127DCF744CA4691 ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
22:15:58.0155 0x1b6c  Rasl2tp - ok
22:15:58.0202 0x1b6c  [ 586A17C10D417D889F1FF7D8636E2F34, EEDA4EE8D2BC5C8C7756AB79F1F19AF8B1C4057996748FAE4E3F37844DB0EB33 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:15:58.0233 0x1b6c  RasMan - ok
22:15:58.0265 0x1b6c  [ E5FA41160F5A3D78D8F7765E5C5F6BB0, 31BA423FFFC3206717DC34B482149421EE28B27A4A3BA2DC78C3B3A9EE0C1365 ] RasPppoe        C:\WINDOWS\System32\drivers\raspppoe.sys
22:15:58.0280 0x1b6c  RasPppoe - ok
22:15:58.0312 0x1b6c  [ DF0834AE921E633E05D1FDC55C318957, 851A00961224DACBEF9DA427122F6B4B73BB99849D5ECB55DBBD311B2EA84C33 ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
22:15:58.0327 0x1b6c  RasSstp - ok
22:15:58.0358 0x1b6c  [ FC9B7AC6E2B837EF7CD6C64F7068D41D, 9B0DD842033E82BC7EE80416A62B084BF5200923EB7A6C80415BB28004E9B5E3 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:15:58.0390 0x1b6c  rdbss - ok
22:15:58.0421 0x1b6c  [ FB7375657F8A5932C35EAA45E9B4B416, 99594708BFD6DC9F8CECBF092058D4D0D4F1BC3204E86F9FDAD5207ED5ECF194 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
22:15:58.0421 0x1b6c  rdpbus - ok
22:15:58.0468 0x1b6c  [ A32AED8C644734B283A7C9D08D76064D, A12F67C57E43B6A2FE6449EA3822B1108FE70C66AF9911798777F85D760E384C ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
22:15:58.0499 0x1b6c  RDPDR - ok
22:15:58.0515 0x1b6c  [ 37CC7E41243EFBB4FBC0510E5CA32A02, 634E2F81D61F937F30E5ECE01FB581E090C6DA073EF7B1A3F6083ECAF363CB46 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:15:58.0530 0x1b6c  RdpVideoMiniport - ok
22:15:58.0577 0x1b6c  [ DAF957B25A35757E9D814611FAE8FE3B, 5244A427B2DEB5349B9F336A4A39A6834A6E8118A8EDA00738C6CE09F2452C24 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
22:15:58.0593 0x1b6c  rdyboost - ok
22:15:58.0655 0x1b6c  [ 2C72E029C153D25325CA182A669E4ADE, 5CE0E04A6B53A1F11E8159DFD1E59F2AE6631E3B5BD27BAAEC4A35BC02A55722 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
22:15:58.0687 0x1b6c  ReFSv1 - ok
22:15:58.0733 0x1b6c  [ BABEE4A896D005BD0D205F1C932DA25E, 269FDF65BE3A226FA2A5CA25085366E32ADAD30A020484FE844962E8C61CB1D2 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:15:58.0765 0x1b6c  RemoteAccess - ok
22:15:58.0812 0x1b6c  [ 066062967A77867BDCF665960EFDAD32, 68143DBDFA7C68786C22F5CC4E80200255C663A844069C080E7816F423ABB1F4 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:15:58.0827 0x1b6c  RemoteRegistry - ok
22:15:58.0905 0x1b6c  [ B0511B21366DA51DB2D7813B7E76D776, 99D7FCC6B0DDF9EE475252966BA5F926C9FE9856EB72582473CFA573F4B9DD96 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
22:15:58.0968 0x1b6c  RetailDemo - ok
22:15:58.0999 0x1b6c  [ 67E83C0C9A2B5ACEE9EF690E6B7E9189, 63D2A73B2031B52C66EF0455393BF05C55F9F7B0B9E48C54A39E547D46E090F6 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
22:15:59.0030 0x1b6c  RFCOMM - ok
22:15:59.0062 0x1b6c  [ 6451FE42C35FDE3862D99579444F4A8F, BD56A1120AACF6143E6EB739E12BEE86DF142F1159865608BDF1BBE54B66AFCE ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
22:15:59.0077 0x1b6c  RpcEptMapper - ok
22:15:59.0124 0x1b6c  [ F24131EAD1D0B73463052BB042A37B6C, 43B5772310B200DF1914C8E4D10401A0BCE9082BDEAC34736AFB2920B39D7956 ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:15:59.0140 0x1b6c  RpcLocator - ok
22:15:59.0155 0x1b6c  [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
22:15:59.0202 0x1b6c  RpcSs - ok
22:15:59.0249 0x1b6c  [ DC66C1D262D64E30A30B68E9F21AC74B, A5ED3D31BCD68DBC00A956787517ACA167C86F5FFDAF7C9A85505FA2B705C6CB ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
22:15:59.0265 0x1b6c  rspndr - ok
22:15:59.0296 0x1b6c  [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR       C:\WINDOWS\System32\Drivers\RtsUStor.sys
22:15:59.0312 0x1b6c  RSUSBSTOR - ok
22:15:59.0374 0x1b6c  [ 952209B8749D7AB91D5BB95665C5D13E, B7E6D7293A2D2B7492FD240E52E041E0BA4818F99FEBB3C6B718C1871D190E26 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
22:15:59.0390 0x1b6c  rt640x64 - ok
22:15:59.0452 0x1b6c  [ 4E821C740A675F6D040BE41D59A62B1D, F09A0247DD21580AEE268FB88371D581B6383FC354B5FBBD147E5338BF7681A4 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMIVX.sys
22:15:59.0452 0x1b6c  RTHDMIAzAudService - ok
22:15:59.0483 0x1b6c  [ 88F7703F2A4677C828124AE2110D3EBC, 529F6A5815806F2EA2235802BD28AF8D7A40E7799356BD3EC337C9E71B6B53E6 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
22:15:59.0499 0x1b6c  s3cap - ok
22:15:59.0515 0x1b6c  [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:15:59.0530 0x1b6c  SamSs - ok
22:15:59.0562 0x1b6c  [ B467E932FE4E16E201DC7E56870CB559, 6FCE9A2DFC5D222BBEA4AA271A17B830FCF8EAE44B07BEE5FF34AE50CABCBB6A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
22:15:59.0577 0x1b6c  sbp2port - ok
22:15:59.0624 0x1b6c  [ 3E115C63649402D321D396F8D606C9B0, F4BA7FE0E89D563A57B6865E4CF1334998987D11A0D70FF7491726A507B40DF4 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
22:15:59.0655 0x1b6c  SCardSvr - ok
22:15:59.0671 0x1b6c  [ 67EFFD3D1BB6D2B67DF7F8FDCB1A51FC, DE41539FAC730F5CFF6C8754ECFF1253AFDC1C86743AE71B61D716B7A84E85FD ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
22:15:59.0702 0x1b6c  ScDeviceEnum - ok
22:15:59.0733 0x1b6c  [ 31DDA0716EC265CA57DAF9D2295FD76F, E6F39C1B3CF81918277DB8C6E3DF9A82812E1C9063DEB1FB85FE433DC9A16CBA ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:15:59.0749 0x1b6c  scfilter - ok
22:15:59.0812 0x1b6c  [ 2EA574C3DCFCD47502946B85B342AA0C, F6DA375BE13FBCF20755C766E19159CC44A0B16163CF297B8AE49DD0602AEE73 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:15:59.0874 0x1b6c  Schedule - ok
22:15:59.0905 0x1b6c  [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
22:15:59.0937 0x1b6c  SCPolicySvc - ok
22:15:59.0968 0x1b6c  [ CC41D16FB823F9BE167BE773F225CD1F, 97020D419CFC161A4EEF238F8580ADC2D026221217BF41728C54F52ACDBB9FCB ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
22:15:59.0983 0x1b6c  sdbus - ok
22:16:00.0015 0x1b6c  [ A906C527B838A4922611C63EBD250F91, 6BB0054A9C2408138BDF49D834FF99B5B9764E7747ABC15016F54FBA1D28394F ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
22:16:00.0060 0x1b6c  SDRSVC - ok
22:16:00.0082 0x1b6c  [ F4BF50A7D16A97A887BFA0F193693C42, EEBF5AAC149C72F490BAC954B25BB6882B10FC38F93CA4F4829A06702B1ECEF9 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
22:16:00.0100 0x1b6c  sdstor - ok
22:16:00.0132 0x1b6c  [ 648A299839E8F48A946C41DE270D28F5, EEC9A5FCBE3FF78FB5E0452FF1932A8B0C7399688041E22555703CB1977A4428 ] seclogon        C:\WINDOWS\system32\seclogon.dll
22:16:00.0156 0x1b6c  seclogon - ok
22:16:00.0172 0x1b6c  [ 29452A9DA3E3482F0C2963312F979053, E1782D36C336C4B4C261AD665C1E9051905AA86020E08FC94069972AF4C4DB4B ] SENS            C:\WINDOWS\System32\sens.dll
22:16:00.0188 0x1b6c  SENS - ok
22:16:00.0266 0x1b6c  [ 919BA7E3054E4F1D61A3524ADCE6A970, 3C382673DF5AF2F38A5AE4A268F5856B0CC9E65D52213DE6D2C06E252753B73C ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
22:16:00.0328 0x1b6c  SensorDataService - ok
22:16:00.0375 0x1b6c  [ 01C2EEA7870FE26A4A6CCBA5421CC7E5, 9E643AB6BCBECE4F2A5FD4C96547A4E3F2BDFEFC5FE24B802467718EC69929F8 ] SensorService   C:\WINDOWS\system32\SensorService.dll
22:16:00.0406 0x1b6c  SensorService - ok
22:16:00.0438 0x1b6c  [ D2FEE824B4AA0BE377F1353E5F915BF4, 00D754C62F3482BBD0EA72C896139C39D15192B2D9FCC7B755D1FB9DF9FCFD9B ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
22:16:00.0484 0x1b6c  SensrSvc - ok
22:16:00.0516 0x1b6c  [ 9DB0BBE3ABE1F49651AE51EC5BCABE58, 0B46C1F231F41766AB73EE7E9834D3CDACA602D12E702D9277E28B47417D9CA4 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
22:16:00.0531 0x1b6c  SerCx - ok
22:16:00.0578 0x1b6c  [ C4AF79C37334D995D95C22C14FDBF7FD, 4D4985921261909F2123467A22EDB102B490710F60AB935624435E5BB808A0E9 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
22:16:00.0594 0x1b6c  SerCx2 - ok
22:16:00.0656 0x1b6c  [ FC541A272F47BE03E67A9FCB87FA8C3E, 730A3616FD67E9F2832442144B2655A8EF78B9AFCB204113E73E257256491354 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
22:16:00.0672 0x1b6c  Serenum - ok
22:16:00.0688 0x1b6c  [ 2A5F5F95FCA123DCBF53B5F603B64789, DE5C9E1D88B2C180B137DA7839F3EF6C936A171ABA49F89C10EE9C73A2226F3F ] Serial          C:\WINDOWS\System32\drivers\serial.sys
22:16:00.0703 0x1b6c  Serial - ok
22:16:00.0750 0x1b6c  [ C8738887228B7BFA3B1A906816A8BB12, 328283569201791891D5E9FB3028DB5B9FD93A7BEFC00C7DEBC2CC5731DE64D5 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
22:16:00.0766 0x1b6c  sermouse - ok
22:16:00.0828 0x1b6c  [ B1CB58853153397DFFA2D13A81451D09, CC9B3B064711E9B5CB38DC1C84DC410033939848BD31BB0D12F990E8154F357E ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
22:16:00.0859 0x1b6c  SessionEnv - ok
22:16:00.0906 0x1b6c  [ 67832B68752CDF7FDE56949E4A2E70BF, A72320EA8575A751DF86A1EE7969AD9D548D6185F2520197262E11B79FF8222B ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
22:16:00.0906 0x1b6c  sfloppy - ok
22:16:00.0969 0x1b6c  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\WINDOWS\system32\DRIVERS\Sftfslh.sys
22:16:01.0000 0x1b6c  Sftfs - ok
22:16:01.0078 0x1b6c  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:16:01.0109 0x1b6c  sftlist - ok
22:16:01.0125 0x1b6c  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\WINDOWS\system32\DRIVERS\Sftplaylh.sys
22:16:01.0141 0x1b6c  Sftplay - ok
22:16:01.0156 0x1b6c  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\WINDOWS\system32\DRIVERS\Sftredirlh.sys
22:16:01.0172 0x1b6c  Sftredir - ok
22:16:01.0203 0x1b6c  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\WINDOWS\system32\DRIVERS\Sftvollh.sys
22:16:01.0219 0x1b6c  Sftvol - ok
22:16:01.0250 0x1b6c  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:16:01.0266 0x1b6c  sftvsa - ok
22:16:01.0313 0x1b6c  [ F10E5536E1C753E01CF19FA4F466CE90, C9897F22B176D84CA233F864078895E3DAD4DAD090FACBB01BD6E59EE337B47C ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:16:01.0359 0x1b6c  SharedAccess - ok
22:16:01.0406 0x1b6c  [ 4AC12D495B3CB4275F74C68A7A017561, DC53EBD606ECCD8BCF6D618C0EB58B03F5C20F09E0F0AEDE9B8082D6B208B19A ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:16:01.0453 0x1b6c  ShellHWDetection - ok
22:16:01.0469 0x1b6c  [ ED058030296CF9B79C8D48BF43724323, 01DC7C2590DF48116CD1A126F207FE5DE439A53286BAE3736E22EE3D1CA80BE3 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:16:01.0485 0x1b6c  SiSRaid2 - ok
22:16:01.0500 0x1b6c  [ 633D3D1581E9DCCD5A2D8F039104C9A5, C44B5097016C2AEC8B41F77425FE44413562F9DCF0C0C11CA69D8178970B4706 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
22:16:01.0516 0x1b6c  SiSRaid4 - ok
22:16:01.0563 0x1b6c  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:16:01.0578 0x1b6c  SkypeUpdate - ok
22:16:01.0610 0x1b6c  [ F06D0E0C7CD13DD01DCCBAEB1EBC9283, 6E8C78EE466901650EF4028D6B64F2BF5969C883E8F498E9FAAA3C2A955F0A01 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
22:16:01.0625 0x1b6c  SmbDrvI - ok
22:16:01.0672 0x1b6c  [ 35B8FC714C2E7F07F7DC7C64452153F8, 6D45EB01B5F972ED0E5520E771F007FFEE892054FABDB3DD00D3E9915D3A0A31 ] smphost         C:\WINDOWS\System32\smphost.dll
22:16:01.0688 0x1b6c  smphost - ok
22:16:01.0750 0x1b6c  [ DE3A5C27EC842A113F68A2705FF63B00, B134EF63708A892B673B539F544F7980FF72838D822E8E4CCDDB359B22CB8805 ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
22:16:01.0781 0x1b6c  SmsRouter - ok
22:16:01.0844 0x1b6c  [ CD1056818A6FCEF4D32BD1D6E34070D5, F5BFB61ACB220A73B0DC4487B049F52E9F9FA2D4188C001E7A5838D47CEA6343 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
22:16:01.0859 0x1b6c  SNMPTRAP - ok
22:16:01.0906 0x1b6c  [ 187B4AD4446C59F8FCC4A10F473EE3D1, 0AAD961B3D7B3484DC89CB86F3EC96CEBFABB7224A5BFB48083DE8F1805EA7B4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
22:16:01.0922 0x1b6c  spaceport - ok
22:16:01.0953 0x1b6c  [ 2799FCA215919FDC9A87C5FCAB530828, BDE968BF26693AA4D70AB669896BCA49C6F533EA226386B35B0EA589A55227B5 ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
22:16:01.0969 0x1b6c  SpbCx - ok
22:16:02.0016 0x1b6c  [ 58C17D92AD61EC7A98B05F4FAD0D205A, B881134A1BD9194145A9D18BDB34D57E2C167F06C2A9368459D0C33E6E0D6501 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
22:16:02.0063 0x1b6c  Spooler - ok
22:16:02.0297 0x1b6c  [ 5C31E109943E67CFC801810C00AB63EE, 9A80D7CDA1135EBCE10E753986A59CFA3D8D49F9B0BE38FDF99880B1DD88C41D ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
22:16:02.0578 0x1b6c  sppsvc - ok
22:16:02.0610 0x1b6c  [ AA1F23501511EFE9CF9771F6B20E8D45, E786852D9877CCFD35444F8FC694467132F868D87A8C344FD1016FFDE74695A5 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:16:02.0641 0x1b6c  srv - ok
22:16:02.0672 0x1b6c  [ F5B169EDF9D5E3C7200D89D30E065D13, 12BAF3A3CB76F0900FA53681C9AD16F40308F493BA22C0F60E1E268D0D6AF825 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
22:16:02.0719 0x1b6c  srv2 - ok
22:16:02.0735 0x1b6c  [ 2E142E027F0AA698BA4DCE49CBDB43CD, A21027BBBC75A55A8B302D028113A0683016E4C72790A8C561DDB1AE7FDB4289 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:16:02.0750 0x1b6c  srvnet - ok
22:16:02.0797 0x1b6c  [ BF71B3FB5B7557CB740CDB09C5FB50D9, D6F9E65FDC9C4ADAFE82D94F71A1F5960DB3BEEBF4FE5B2D087515C4FAA5F287 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:16:02.0813 0x1b6c  SSDPSRV - ok
22:16:02.0860 0x1b6c  [ EF1BC04215C201ADA3F7F5A2F034EA21, E1A7A0FA2032B9E7D3951100E74C04D93CD848C88D23D57FBA0BFA2816B29C61 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
22:16:02.0891 0x1b6c  SstpSvc - ok
22:16:02.0922 0x1b6c  [ 9B74226E10CD57E965F87014841016F9, 95C76049DBBF3B31A9B01CFD0EDAAC47DE9A1F096B61D05C47FB85E1AFC07288 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
22:16:02.0938 0x1b6c  ssudmdm - ok
22:16:03.0047 0x1b6c  [ C26E2C89EFB4BB39CD135B5DED804B78, 99288C6023DC6AC6554521EA671AB387ACE2AE2BCDE145C7012202842FF40841 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
22:16:03.0172 0x1b6c  StateRepository - ok
22:16:03.0235 0x1b6c  [ D27C8C88CEB69075465B41DA6ECF3374, B1A70A30787080474E901E4743996EEE4FCD09BEDBBA89CE57ACAE05A67907AB ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:16:03.0266 0x1b6c  Steam Client Service - ok
22:16:03.0297 0x1b6c  [ DDE064A4298FD1FBF804D3ED691E7EDB, B0D117B1FC0DA2CB76F5F63699E2F108930B6C6721AC443111D48215ED624278 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
22:16:03.0313 0x1b6c  stexstor - ok
22:16:03.0344 0x1b6c  [ 7C4D2F167FA6153B4FE7145FE6D3DF15, F39ED9CDF323DDC57D0F64F9CC121E911EA53819A3A941A2F6EA557C35FCB372 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
22:16:03.0360 0x1b6c  StillCam - ok
22:16:03.0406 0x1b6c  [ 60F04DF1AB55D6D4BDA02052DD20537E, 52996EDF2C06968DADC9BDF24E4039929B81643493C7193B8CC4A6BD1A3AE761 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
22:16:03.0453 0x1b6c  stisvc - ok
22:16:03.0469 0x1b6c  [ 32C95F44108C3E7DB58F773346E3C9D0, F852D8ECA06080EA6DE1A90509071965A750D9CFC9627F0D4DB8ECC57133B0B5 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
22:16:03.0485 0x1b6c  storahci - ok
22:16:03.0516 0x1b6c  [ 8883C8CE4942A99B84E1CC6EFA19738E, 60C1CDA4382F8EE70D810DBB1BCAF5F389433563FF23EEB84859612F396D8CE6 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
22:16:03.0531 0x1b6c  storflt - ok
22:16:03.0563 0x1b6c  [ 7042792AC7045D1EE8CC9FE743FD5194, F0CF2E542A51C887B476FAAFFA35504A85C3D127CCBD03C13C24984AEDCF506D ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
22:16:03.0563 0x1b6c  stornvme - ok
22:16:03.0594 0x1b6c  [ 63513EF3121689B3A59BD217618A2E42, DE9B89732801DEC60BD116D58CFB427F7E37F093BE8A9F6E0CAC729B5346B314 ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
22:16:03.0625 0x1b6c  storqosflt - ok
22:16:03.0672 0x1b6c  [ CC96FF061C772340F2ED89ABBA567ADC, 028CD44405B7FAFC7BF331DD729E44E0594A63386F48CF39D7725A58B3DE22D6 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
22:16:03.0719 0x1b6c  StorSvc - ok
22:16:03.0735 0x1b6c  [ 000F5CFCEF0F06DC8FD1D2F568E48AE4, C1FE485E57A1B912CE79556E0EFF03CC11362E7966D250E3AA4962DCCB8F8EE6 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
22:16:03.0750 0x1b6c  storufs - ok
22:16:03.0781 0x1b6c  [ 7415087F9006D6818F85F3CBD79B1A50, C768EBB2263375D285D689FEEF546147D42D7376977424A4D6FD655CC78EA7CD ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
22:16:03.0797 0x1b6c  storvsc - ok
22:16:03.0828 0x1b6c  [ E49858EA5865A015EB78B7F7C1C07DE2, 1ADBBAC2D2E2E3C40AB0BDDE068001E76A8DAB79C54F06479F7A4567DAD7A7A8 ] svsvc           C:\WINDOWS\system32\svsvc.dll
22:16:03.0860 0x1b6c  svsvc - ok
22:16:03.0953 0x1b6c  [ 802278EE4ACCE9EA1F1481DF20EB1667, E78F0DA2CA0B2C2DF3B7E3B2A22C03380FE649813EE6EB31067C5FB6727DB7BD ] swenum          C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
22:16:03.0969 0x1b6c  swenum - ok
22:16:04.0000 0x1b6c  [ 313D2C0DBA0B23A8302254FD317D2EC8, 20B98D6F33FEC7ACBCEED9757A3FEAD837FA7BA378BA25575A33EA45E076FC6B ] swprv           C:\WINDOWS\System32\swprv.dll
22:16:04.0047 0x1b6c  swprv - ok
22:16:04.0078 0x1b6c  [ 12D0CB1DCAE6725B6CA54CC2038C4C8C, 7D224298E440B8C5FDD99A52485A6245DE5109C9A02E65AD38F1EC6DBF4AEEF2 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
22:16:04.0094 0x1b6c  Synth3dVsc - ok
22:16:04.0141 0x1b6c  [ 1C3F9491A1880C43F95A6F675736BF85, 15B47D3583400B8F8A10483B0E0B0228723F8E95750FADE0CACA64BAB48D8C97 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:16:04.0156 0x1b6c  SynTP - ok
22:16:04.0266 0x1b6c  [ E1415A51EFD0FB87649954C76BEE32D9, F65B35DE88351CEA4A0DD9CC76EB50EE777F323C4D15EEFCA43321CA4C525FBC ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
22:16:04.0281 0x1b6c  SynTPEnhService - ok
22:16:04.0344 0x1b6c  [ 4EF908A86E6866783D66E2DF97666269, 4FF31CC0AEB36FF55D442E8C12DE3F311CF959D3094013609A177BEE31BA5CF9 ] SysMain         C:\WINDOWS\system32\sysmain.dll
22:16:04.0422 0x1b6c  SysMain - ok
22:16:04.0485 0x1b6c  [ 8863F06F520C1C76254B7DB45057BADA, EE8DA20185FBE37F64E8FE2A6FB477D602159AD6B63FFDD807981E6D28629888 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:16:04.0500 0x1b6c  SystemEventsBroker - ok
22:16:04.0547 0x1b6c  [ 95875059929EF91B55EA612D7967DD3D, 5F734209C8C9725376F7C146ED84999CC6D019C4C10B1795F53E72BE8853E2DD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:16:04.0578 0x1b6c  TabletInputService - ok
22:16:04.0625 0x1b6c  [ FE33F417DFD9847CB571D3C7EE5FA7E3, B3C7BE7998B9B093DD969A2588EE8CEBD9771331A63D4B1D86A188317B5EE71C ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:16:04.0656 0x1b6c  TapiSrv - ok
22:16:04.0766 0x1b6c  [ BA8CDF0FC9469005A84453A128EEB6AE, 5E037452DAB8B9004BCB761FD2161477E1D22D6F398CE97665F95FD0D6DD26B5 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
22:16:04.0860 0x1b6c  Tcpip - ok
22:16:04.0922 0x1b6c  [ BA8CDF0FC9469005A84453A128EEB6AE, 5E037452DAB8B9004BCB761FD2161477E1D22D6F398CE97665F95FD0D6DD26B5 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
22:16:05.0000 0x1b6c  Tcpip6 - ok
22:16:05.0047 0x1b6c  [ D378A1AF58AFA84BB6AC753F2C1BE9F4, 8BBA623193D51E6A8DD0627FA08C93B918EF1BA2EEBA46CDBB86FE6A1007FDEE ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
22:16:05.0063 0x1b6c  tcpipreg - ok
22:16:05.0094 0x1b6c  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] TDCMDPST        C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
22:16:05.0094 0x1b6c  TDCMDPST - ok
22:16:05.0141 0x1b6c  [ 28E1E63A1AC65E17B3194238FA2CF3BF, 9A52D6DD14BEBB7B407B2703A111D1B302F1B84AA40A14D21FCA554F395E935D ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
22:16:05.0156 0x1b6c  tdx - ok
22:16:05.0188 0x1b6c  [ 1B43FDBFE5A98F6B3D90595C6B2E5277, B13068E99FD301887C12EACDB94DB0B87F1186569AEAD65C1553E74B462EE972 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
22:16:05.0203 0x1b6c  TemproMonitoringService - ok
22:16:05.0219 0x1b6c  [ CCDBD2817C10A4F631280CBB3AE44FFB, A022DEF4D3CF75F41FA26275347F4BA38A513AD32FF18385C2E756DECB61D404 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
22:16:05.0235 0x1b6c  terminpt - ok
22:16:05.0297 0x1b6c  [ A0608264209A836821D6AB8C67B108AB, 7912C75F72BCAB7426A2E00C597C8D94C185B5DD31BD6C4BE5D56FECD5B0D9EA ] TermService     C:\WINDOWS\System32\termsrv.dll
22:16:05.0344 0x1b6c  TermService - ok
22:16:05.0375 0x1b6c  [ 261830B1E3650E4471E1F98850B929B7, D281B8A93315E64C7AF5002E5BFBE6AFF8B35FD6AA747AE07D7AA96F4AFAA613 ] Themes          C:\WINDOWS\system32\themeservice.dll
22:16:05.0391 0x1b6c  Themes - ok
22:16:05.0438 0x1b6c  [ 04F4382FF6CF40F4DB99EF01448AAAF5, 96C26B1703964FAFAB9ABC8F4337C28AAEC3198138145644C50B47EC4DEB4F9E ] Thotkey         C:\WINDOWS\System32\drivers\Thotkey.sys
22:16:05.0438 0x1b6c  Thotkey - ok
22:16:05.0469 0x1b6c  [ 79431E9EEAE85C3E579D28265D2E3F21, 4C4A5CCCA8754D15737EC6E838E9F8A2B0D044F1FEB435B332EC70BB0CFA7DE1 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
22:16:05.0516 0x1b6c  tiledatamodelsvc - ok
22:16:05.0547 0x1b6c  [ 354DAA630928CD4DA2BC84A0DA4ADA9D, AFAE4948EA4F899267DC52DF9A06450FC3E77083B563E541581DA90685C7E98C ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
22:16:05.0563 0x1b6c  TimeBroker - ok
22:16:05.0641 0x1b6c  [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:16:05.0657 0x1b6c  TMachInfo - ok
22:16:05.0688 0x1b6c  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
22:16:05.0703 0x1b6c  TODDSrv - ok
22:16:05.0735 0x087c  Object required for P2P: [ 63282F5EB7E5BFB58FD1EC93C6ADB457 ] MozillaMaintenance
22:16:05.0782 0x1b6c  [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:16:05.0797 0x1b6c  TosCoSrv - ok
22:16:05.0860 0x1b6c  [ 2AB7A4697462EDB0C9DFAFC529746BA9, 4EAF4839CA35C8FCE9C086D43E7417E52F0714A2227AE983C0B5C88A66A1B554 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:16:05.0860 0x1b6c  TOSHIBA eco Utility Service - ok
22:16:05.0922 0x1b6c  [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:16:05.0922 0x1b6c  TOSHIBA HDD SSD Alert Service - ok
22:16:05.0969 0x1b6c  [ 8021F63311797085949FA387F7C83583, 7781994B9F06784807D32FD5A93C5406A441908870B1328BBDA9D15C5DD98C1B ] tosporte        C:\WINDOWS\system32\DRIVERS\tosporte.sys
22:16:05.0969 0x1b6c  tosporte - ok
22:16:05.0985 0x1b6c  [ C523A9186C39D65CC9ADEBB2E1B93CCD, B04E73CAFFD8100512686F3487D28FE62AC3538F6A71DBC94AA724824256E2E4 ] Tosrfcom        C:\WINDOWS\system32\Drivers\tosrfcom.sys
22:16:06.0000 0x1b6c  Tosrfcom - ok
22:16:06.0032 0x1b6c  [ E54143FA5F4D7D651364EBD2E6C1EECC, 52986D58A5176F57CCD7AD68DAA7A00E4A9F93872425BC6D20113CA50D4C31B3 ] tosrfec         C:\WINDOWS\System32\drivers\tosrfec.sys
22:16:06.0047 0x1b6c  tosrfec - ok
22:16:06.0094 0x1b6c  [ DE44A2A2459D0504F146E599F4BD2074, E400F8E0C9D9CC8A523765754634073F531E7B76E8135A734DA976EA86AC5282 ] Tosrfusb        C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
22:16:06.0094 0x1b6c  Tosrfusb - ok
22:16:06.0172 0x1b6c  [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:16:06.0203 0x1b6c  TPCHSrv - ok
22:16:06.0219 0x1b6c  [ F4AEDABC8F3A9D632F8206D0C7F8CA09, 6E76749CD4B857B4D930267E3CF448AF4D14FAC851873C5E71572E62CAD2FA36 ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
22:16:06.0250 0x1b6c  TPM - ok
22:16:06.0282 0x1b6c  [ 2D0338A3009075FCCB119CB7F3280F82, F42F3B8DA0F8B2C99892E66CDEF471A1CD30A30CF437ADFF464A2C786A6B87A6 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
22:16:06.0297 0x1b6c  TrkWks - ok
22:16:06.0375 0x1b6c  [ 62D6A900C5DFF2ECF131384E5A5C85AB, 1AF1FB868C59DFF452E3351EE5070B2C746DE606B9E2F1834CE2256F41ABE7A9 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:16:06.0407 0x1b6c  TrustedInstaller - ok
22:16:06.0422 0x1b6c  [ 676C801CAA61AADD0C918CC536A74B78, DB5DEC9445272E46D32DC2A9A99A9AE45729E424E61C679ECFD973AA88457BE6 ] TsUsbFlt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
22:16:06.0453 0x1b6c  TsUsbFlt - ok
22:16:06.0485 0x1b6c  [ 2BB6CC0DD1CEE86330743B56FA9FE91F, EE71E3DEECA7599947AB09E8967FE8066348D82B4C17D8CBE800FCDE9CF4989D ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:16:06.0500 0x1b6c  TsUsbGD - ok
22:16:06.0547 0x1b6c  [ 14B46248612DF1B1A695040FFFBCFAFC, 8C373A3C416FC9AB3872A187E64AC7A6E69FF605BD8784E8F2B1C28C293A0495 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
22:16:06.0578 0x1b6c  tunnel - ok
22:16:06.0610 0x1b6c  [ 63165D1FA4D51838CD8D7AA3CB4E2651, 70500C52A86ED002502EEBC3A40F5F4EEAEF086B9AC8540C9178FDD770E1265C ] TVALZ           C:\WINDOWS\system32\drivers\TVALZ_O.SYS
22:16:06.0625 0x1b6c  TVALZ - ok
22:16:06.0657 0x1b6c  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
22:16:06.0657 0x1b6c  TVALZFL - ok
22:16:06.0672 0x1b6c  [ D0BE5EA1652D55029C9A898FB8ACFCE0, 80C4BC30B967C79B3457F43EB9B530CA2571C6158958879AC55E5A81F71CFF15 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
22:16:06.0688 0x1b6c  uagp35 - ok
22:16:06.0719 0x1b6c  [ 13C15E4B238895FE4731DB1D612EEB5F, 211E4B05AA09F7FBE2487C3241A98D1F970FEE5B9B1BAED2788B57233BFC4104 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
22:16:06.0735 0x1b6c  UASPStor - ok
22:16:06.0766 0x1b6c  [ BEBB8B55C5F99B69EEE39A9D7BADB21E, 08A094EA38AB58CC70108A3BDFDD3251897DC4B13FDDAD54C1B063137836EF34 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
22:16:06.0782 0x1b6c  UcmCx0101 - ok
22:16:06.0813 0x1b6c  [ DE3EDAF609D00EA2E54986E6459796A6, 61A9AB51869F38300CC5CC5D302B962FB966F54CBB2E393954F36372B3A479FE ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
22:16:06.0844 0x1b6c  UcmUcsi - ok
22:16:06.0875 0x1b6c  [ FB1C1D8B96A482F3581338D6752E1D6C, 0FFAEE3E088614B3483C459513BB9D78EB76B574696FD877A3CDF6A11378F46C ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
22:16:06.0891 0x1b6c  Ucx01000 - ok
22:16:06.0907 0x1b6c  [ 4E1543ACE2F6E2846713E5123D9D4159, 1A6AFC525A80D1F19B14CDAD38790DF7293911C4D0E8301161D92201B934C3D4 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
22:16:06.0922 0x1b6c  UdeCx - ok
22:16:06.0985 0x1b6c  [ CDCA9CC1D8293E75218D8FF85F2337A4, 173086C08DDC7625E026E425F1E2B5D6C795771BEAE9BFF6093E3592FBEBD323 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
22:16:07.0016 0x1b6c  udfs - ok
22:16:07.0032 0x1b6c  [ BC683E19307C533C7161DB7A58051347, 5553BE3421986FDD9992EBFD883CDA151F7166C01BBFA3E9183A3C93E41D79B6 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
22:16:07.0047 0x1b6c  UEFI - ok
22:16:07.0094 0x1b6c  [ D14B42C26DE402F316D49667D15446F0, 61CC9FF03EF78631C800EFD8D587975CB94D53DB80E6F60BD13BA52EC5690D3D ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
22:16:07.0110 0x1b6c  Ufx01000 - ok
22:16:07.0125 0x1b6c  [ 192470BE4321791FBB25F379D0141D6F, AD120F8F98BD99014471CE60630B5FEE7555AB261C98B7D9819FE23C386655F7 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
22:16:07.0141 0x1b6c  UfxChipidea - ok
22:16:07.0172 0x1b6c  [ F7BD838E84E6B286DBCE068EFB8C0800, A55188C8F8BDC739A7ED7D29CDCB2A17468BBB158E13D804963B31ED73449520 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
22:16:07.0188 0x1b6c  ufxsynopsys - ok
22:16:07.0219 0x1b6c  [ C844E39B900FFA46CA8DD2BBA670A077, 0CB6232BCE47C59821DF25D6ED33E85C3E32DDAB101AA8A2C22B5401E73F5D5B ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
22:16:07.0250 0x1b6c  UI0Detect - ok
22:16:07.0282 0x1b6c  [ A25842AC180F0E8B02380ECB8ADA1AF5, AF22E7559C5EF8DC22A2B9E27FFFFF075B1D1B68A8307266BD9473E0FAF36BEF ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
22:16:07.0297 0x1b6c  uliagpkx - ok
22:16:07.0313 0x1b6c  [ 21088F43172525C7E02D335A3327F46C, B04AD471A7DFE83AB557DB4540616B7DF4A1904F8BDDCB920D449FCEE6F36FD5 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
22:16:07.0328 0x1b6c  umbus - ok
22:16:07.0360 0x1b6c  [ 294A291B5D48FE8F38DD94B7272442C5, 66C9139636760C92C1E04FCF440C432FF6C5A94E1577CAFE1D61FCF2D30472ED ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
22:16:07.0375 0x1b6c  UmPass - ok
22:16:07.0407 0x1b6c  [ 3427889AECC3B6912A0A01D095E32B98, 322AE14B74295ACFC124719BBEF8809201150A184E262EC55E26D2B45787BF9D ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
22:16:07.0438 0x1b6c  UmRdpService - ok
22:16:07.0500 0x1b6c  [ A4A5FF89F65D8D1AA3A769654AD8DBC0, 9C792595F7E90C6074BC0FF5A63C9A19449E2F2E2780087BBF12A72658437EE0 ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
22:16:07.0578 0x1b6c  UnistoreSvc - ok
22:16:07.0735 0x1b6c  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:16:07.0797 0x1b6c  UNS - ok
22:16:07.0860 0x1b6c  [ BD693208673F40BA21AA70B69F1D439C, E324947C2DD34386A83B09E73668F1CCED127AC91194B8BF7EC4C8E36CF8203E ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:16:07.0891 0x1b6c  upnphost - ok
22:16:07.0907 0x1b6c  [ A7A52EDDC3FAF183D6AC4774690ADF13, 630A0331F2EFA2DC7EFDACD08D8DF5C85BFDA30FF1525050FF54E069AFA45F6C ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
22:16:07.0922 0x1b6c  UrsChipidea - ok
22:16:07.0938 0x1b6c  [ 2EEA0897DD9E30E958B508D557F0B5E4, BE051A3AA5DFF56310FAB67AD19AC0443A3580542886EF3554EBE18F1323596F ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
22:16:07.0953 0x1b6c  UrsCx01000 - ok
22:16:07.0969 0x1b6c  [ DC54D775A3A61E4CDE871B4E38A1459A, CC996A9D293201BBD285E7B629B12EE88574702B8AC7BB4149439D6A25A07F7E ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
22:16:07.0985 0x1b6c  UrsSynopsys - ok
22:16:08.0000 0x1b6c  [ 18B63A0980F4AA1E6D7879B253980E37, 05F96DBE0A3DE2A685DEEBA8B6838A47AEB7CE2EBE8EB6BAD67B36DCF7E73589 ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
22:16:08.0016 0x1b6c  usbccgp - ok
22:16:08.0047 0x1b6c  [ 1C60A1A3C8E1E819E16F12BAEB1C83F8, E255BD173DBF091C5EA07381862E23C1FD761489EC396E312974FBC124E1F33A ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
22:16:08.0078 0x1b6c  usbcir - ok
22:16:08.0141 0x087c  Object send P2P result: true
22:16:08.0204 0x1b6c  [ 9A3E39F85DC6E3B9F792F1095ACFF788, 66B8E137A5232E9F717907CFD49FE624AE101F4DE14E2960849DABF7A877E87A ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
22:16:08.0219 0x1b6c  usbehci - ok
22:16:08.0266 0x1b6c  [ 15FE07A404C8A0CD306661433027FFE4, 250C5B4624EF062C88F49DCFEA00BFF1771EFE8B095EC4F0B51C99BB3F80EC66 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
22:16:08.0297 0x1b6c  usbhub - ok
22:16:08.0344 0x1b6c  [ 7E51F2AD1D729F5CDBB6BE21CB58FEB7, 4C9CBC7BE52EE80E3734ACF9AA6FC106FBAA9AE15FCDACB7E5100ED5CC041E80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
22:16:08.0375 0x1b6c  USBHUB3 - ok
22:16:08.0516 0x1b6c  [ 72EA850B59F40C25A4FEDDA5FE84EFEB, FB4801AA1FB72FC1C41024916368823E88D53E338640E3BEA865B0F0E7B8EE91 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
22:16:08.0547 0x1b6c  usbohci - ok
22:16:08.0563 0x1b6c  [ 47B2B2DE152E25546944049CA1170BB1, DDA0A806D3108B2475AB13F584EA8CE6F0932C5E394C2C3FA691DFAB8A2BCAC0 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
22:16:08.0578 0x1b6c  usbprint - ok
22:16:08.0610 0x1b6c  [ 1F72E1A7E1858B7B3FF81522FCEBDE95, 4FAD243DA73C45CD5CA5E50F824F30EF0DC777D83957FD21FF43D8C89EC15AAC ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
22:16:08.0641 0x1b6c  usbser - ok
22:16:08.0657 0x1b6c  [ CD35467670DF1E6FBF36DA308F0C872B, E1F4F9B1EBD476394CBD0C934842AEE2502B030D97351B0A1E751FF23B011B57 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:16:08.0672 0x1b6c  USBSTOR - ok
22:16:08.0766 0x1b6c  [ DFA92EA105DD1073B43FB210EEB03DD4, D940432458F0A04F5013B48197CEA0412C8A909C50605AA21DD08271C90E2FE3 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
22:16:08.0782 0x1b6c  usbuhci - ok
22:16:08.0829 0x1b6c  [ B1484D4BBC6B7B424F1CD1554B0AFB84, C9432978603360182AAA983248FFA97576B3C59BE5DA45473DFA17E2940479C8 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
22:16:08.0860 0x1b6c  usbvideo - ok
22:16:08.0891 0x1b6c  [ 0728504F9863774E56A54AE66C3F1E6B, 5BA3CC6D98A573AF10B56AF1748B39C83C92FC13E9D5CBF5B344C404A67D52DC ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:16:08.0907 0x1b6c  USBXHCI - ok
22:16:08.0985 0x1b6c  [ FD38DDBCC1699BAB0446B93C1245FE17, 0AADBE137FE4372C3FFF2E98CAB4522CBC16CA1CE9564FB3C53A896A1B4E6EC2 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
22:16:09.0063 0x1b6c  UserDataSvc - ok
22:16:09.0125 0x1b6c  [ E9E2B5FFBEFC2CDF14A6E55DD94CC823, A10C011835A65601B8FE3A30F361C224C60084A78085842ADCDA248047530CD1 ] UserManager     C:\WINDOWS\System32\usermgr.dll
22:16:09.0172 0x1b6c  UserManager - ok
22:16:09.0219 0x1b6c  [ 0CFEA30C0217EE74FF853B2B0CC0BE6D, 1F0856D2D94F46D7B24B7EE18ED868C9EFAE972039D35D1FAA9058A12CF40493 ] UsoSvc          C:\WINDOWS\system32\usocore.dll
22:16:09.0250 0x1b6c  UsoSvc - ok
22:16:09.0266 0x1b6c  [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
22:16:09.0282 0x1b6c  VaultSvc - ok
22:16:09.0297 0x1b6c  [ 26223003DDFB347B5CF3EC0B56DB066B, 78848BE1334C05F28FA431B08225EAE8345B2C66E7D677F9936892FC941EA961 ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
22:16:09.0313 0x1b6c  vdrvroot - ok
22:16:09.0375 0x1b6c  [ 0C3F4E7684C1D72E85A98689E65A98A1, F7928D3EFC1A83125887ADA5F8E008022B58F0DBA8A711B4D60975D8CE82B595 ] vds             C:\WINDOWS\System32\vds.exe
22:16:09.0422 0x1b6c  vds - ok
22:16:09.0438 0x1b6c  [ A417284BC6B5C2EEF63F2C5154473530, 55146660CDDD829630C216038E6500CFAC906E67C82881047B665BFEEB286D10 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
22:16:09.0454 0x1b6c  VerifierExt - ok
22:16:09.0516 0x1b6c  [ 4C39C05A72EB14C0567501C7E087E564, D3DC122B7E4A5BD345517FE3A9E9E58CD3C78887F9F327AB782BADCAD0F8F2EB ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
22:16:09.0547 0x1b6c  vhdmp - ok
22:16:09.0563 0x1b6c  [ C42206A15078596FDE8E89BB629DE342, B95F9EC2413ADE658A7CE4A9BB57A0E125C29205C24BBB120153DACAF4CF9482 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
22:16:09.0579 0x1b6c  vhf - ok
22:16:09.0610 0x1b6c  [ 248D9F911A5C94CF8477125DD0C3A291, 418C7285184BCC9DE4E56175960585867A5DB21FEF761C49FF6F1AF1C07D8088 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
22:16:09.0625 0x1b6c  vmbus - ok
22:16:09.0641 0x1b6c  [ 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E, 2B5CF364F4D1D3359FBEA8BB2E72A1FCE1277E8D893977B751D9AC10A27DF018 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
22:16:09.0657 0x1b6c  VMBusHID - ok
22:16:09.0704 0x1b6c  [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:16:09.0735 0x1b6c  vmicguestinterface - ok
22:16:09.0750 0x1b6c  [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
22:16:09.0782 0x1b6c  vmicheartbeat - ok
22:16:09.0797 0x1b6c  [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:16:09.0829 0x1b6c  vmickvpexchange - ok
22:16:09.0844 0x1b6c  [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
22:16:09.0875 0x1b6c  vmicrdv - ok
22:16:09.0891 0x1b6c  [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
22:16:09.0922 0x1b6c  vmicshutdown - ok
22:16:09.0938 0x1b6c  [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
22:16:09.0969 0x1b6c  vmictimesync - ok
22:16:09.0985 0x1b6c  [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvmsession   C:\WINDOWS\System32\ICSvc.dll
22:16:10.0016 0x1b6c  vmicvmsession - ok
22:16:10.0032 0x1b6c  [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
22:16:10.0047 0x1b6c  vmicvss - ok
22:16:10.0079 0x1b6c  [ 91F165C5D71D9DCB18D4661CF10D1084, 1D55C1FF0F5D860E6DB60EEFE303C0797C98BB0B053ECC255F9B316872288818 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
22:16:10.0094 0x1b6c  volmgr - ok
22:16:10.0141 0x1b6c  [ 17042748AC05862A0283D32575220080, A85B480CB969CB7678545D2A9EE99CBD2ADFF210FA016A43E092D0711FBB633D ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
22:16:10.0157 0x1b6c  volmgrx - ok
22:16:10.0172 0x1b6c  [ 823A237D871CD652C6BFD47BECB6810A, 99310521451CB54C29A5DEA54C3A666F95E2A1FF0979D5F9792885A161E90C65 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
22:16:10.0204 0x1b6c  volsnap - ok
22:16:10.0235 0x1b6c  [ 78727FA284C2095EED660D71CD3C9AEF, 323F0BD5A624DF77973F28C7CF31EC6B3A525496EBF063666623A62B1DB0EA65 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
22:16:10.0250 0x1b6c  vpci - ok
22:16:10.0282 0x1b6c  [ 2415961D561E02F5E46B7C1C687A6788, 68A54B9595A0D15D410D5F1656B6EBE3B913A4BA5F71C658C9B99420E6ED327A ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
22:16:10.0297 0x1b6c  vsmraid - ok
22:16:10.0391 0x1b6c  [ 16419CBDB04DB9FF298169AA93413822, 743AD26F08AF5EFF5DD353E75C3D659B10C3FEC2FEDABB76387B87721B5B98F8 ] VSS             C:\WINDOWS\system32\vssvc.exe
22:16:10.0469 0x1b6c  VSS - ok
22:16:10.0500 0x1b6c  [ 6AE9A843AE979F2DCCA5A25C07C7A5F8, 3CEC26DE2EEC97929A0FBBD87FF75F8DC387C0988B2047074C8F069ACBEF2587 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
22:16:10.0516 0x1b6c  VSTXRAID - ok
22:16:10.0547 0x1b6c  [ BD232C761C59FA8D8EF626CA630E2D2E, E494EFDCE8F6343F49F33F1F03DCD5DEC9CB6F349B1AD302B4D3333B5F6BD8E5 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
22:16:10.0579 0x1b6c  vwifibus - ok
22:16:10.0594 0x1b6c  [ 3039687AB65CEE26CF478C1F42FFCD7D, 40E140C6F94B6203767A1493DF8CAE6BA1FB67FBD0C13789444F72410D0E6FF1 ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
22:16:10.0625 0x1b6c  vwififlt - ok
22:16:10.0625 0x1b6c  [ 37C868DDE3103130B00AD1313DAB5ACB, BF9C30817A3502F5C0673FD462B18FE1BF37963B29DF09D84B66BDCBF8ECBA81 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
22:16:10.0657 0x1b6c  vwifimp - ok
22:16:10.0704 0x1b6c  [ EC9B6544C569E8D7FAB91772BD7D23F2, 06CC5F21E9A9DD35099CB3E44C3E2BF2F944CE5B71284E6A85E1B681F12BD31B ] W32Time         C:\WINDOWS\system32\w32time.dll
22:16:10.0735 0x1b6c  W32Time - ok
22:16:10.0797 0x1b6c  [ 9776E4816D92B766F461957FBDA84360, 048F6ADC97767AFAB50582D0AE1E67A15B038A1C02F7982A6AD30B61AC5C7369 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
22:16:10.0813 0x1b6c  w3logsvc - ok
22:16:10.0860 0x1b6c  [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] W3SVC           C:\WINDOWS\system32\inetsrv\iisw3adm.dll
22:16:10.0891 0x1b6c  W3SVC - ok
22:16:10.0938 0x1b6c  [ FC40A7527D39F06D032A6553D22E4BF6, F572FCB5EB3DE16FD6222A5B6A43C81E3A1F838890667D9F0453F82FFCA772FF ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
22:16:10.0954 0x1b6c  WacomPen - ok
22:16:11.0000 0x1b6c  [ 2CFE8CBE358CC4D5715E010E3B13559F, 54E9BFCE202FA123EB261C226094054950429AAFA304AA714F461B003E070BD9 ] WalletService   C:\WINDOWS\system32\WalletService.dll
22:16:11.0047 0x1b6c  WalletService - ok
22:16:11.0079 0x1b6c  [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:16:11.0094 0x1b6c  wanarp - ok
22:16:11.0094 0x1b6c  [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:16:11.0110 0x1b6c  wanarpv6 - ok
22:16:11.0157 0x1b6c  [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
22:16:11.0188 0x1b6c  WAS - ok
22:16:11.0266 0x1b6c  [ CF9EF65FA66B0F4982FD1FACAB3009B6, 681C1CD5DCAF87EF436B907534E98B0AB4F66BD62E46B8977A7880B854766A27 ] wbengine        C:\WINDOWS\system32\wbengine.exe
22:16:11.0360 0x1b6c  wbengine - ok
22:16:11.0407 0x1b6c  [ 8F2B0ED6FCA72B34BEEA37E32D0EE106, A86C641A13FDF056B7BA13641551582199DDB08E9490003C74D999518B097C00 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
22:16:11.0454 0x1b6c  WbioSrvc - ok
22:16:11.0516 0x1b6c  [ A598CECB1834C9B1798D0D2CD1910F30, 6124F421C8D0AAC60A1F47DC4A3638934665E51852BC00BBE582F0CB89D844A8 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
22:16:11.0563 0x1b6c  Wcmsvc - ok
22:16:11.0641 0x1b6c  [ 8E7FD07D2C82ACBCA52C4100C20F6542, FB2CD88557ABB5EBE6555CD4E41BF4BDC6FE6BCF26288338F2FB034B966FCBD3 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
22:16:11.0672 0x1b6c  wcncsvc - ok
22:16:11.0688 0x1b6c  [ 9C776ED423CD03F8ABD54C2557E34416, 282C1208977070EC0280D5ABA0E03A847AEAEE31F35CDAA3C7A02D8477614EB1 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:16:11.0719 0x1b6c  WcsPlugInService - ok
22:16:11.0766 0x1b6c  [ C8BA574B3BA6AE88741AC86B1FE3C1DC, B2422CDE3A6A27B52D270D24298FF69D91D389C68456EC1805BA30AA59BAB839 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
22:16:11.0782 0x1b6c  WdBoot - ok
22:16:11.0813 0x1b6c  [ 796D1C95894BC15B3FEF090C107CBA31, 97917C543CBC13288F2194CB09C3A2759012B74F0D72DDB0896EF42C87348C6D ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
22:16:11.0844 0x1b6c  Wdf01000 - ok
22:16:11.0875 0x1b6c  [ C5BB7C612B4C852836BEA39593BA5F46, 1E2B123F34500C2A8E983AAAF7F14E409B88DC396A655F19F3E7F15D0C51A762 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
22:16:11.0891 0x1b6c  WdFilter - ok
22:16:11.0938 0x1b6c  [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
22:16:11.0954 0x1b6c  WdiServiceHost - ok
22:16:11.0954 0x1b6c  [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
22:16:11.0985 0x1b6c  WdiSystemHost - ok
22:16:12.0047 0x1b6c  [ 9B2039C5673EEBF1D4E34ABC0AFB88C7, BBC85546BD86B9027426DAF148194CFE992B80FF89311B28BE0BD82C88630E8C ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
22:16:12.0094 0x1b6c  wdiwifi - ok
22:16:12.0125 0x1b6c  [ BD193A7BD34B2E829FAF56306FEE3B09, ADD746D198E21242CEFA01840952B792074EFC473113CD3E7F1ABBA6A4E26AF6 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:16:12.0141 0x1b6c  WdNisDrv - ok
22:16:12.0172 0x1b6c  WdNisSvc - ok
22:16:12.0219 0x1b6c  [ 6A3B5013D5C7840E8CABD63DD021C112, 371CCEEAC7816CFE79ACA8A218CDA16469D9567CB63CC9D18C55FF047011EF25 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:16:12.0250 0x1b6c  WebClient - ok
22:16:12.0266 0x1b6c  [ EED4043BC3C2D00067411730EE118354, 5E268DA4DB78C06D8F181E9408B4769F8A12C38DA52C1E986EE0CEE1101E9485 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
22:16:12.0282 0x1b6c  Wecsvc - ok
22:16:12.0297 0x1b6c  [ 6ECD7A49AFC6533821BEEA1876CEB21D, 2E972245F56F589EF1AB9DABB9214B9DE6E290878735476323A3357D8CDFC71F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
22:16:12.0313 0x1b6c  WEPHOSTSVC - ok
22:16:12.0329 0x1b6c  [ 09B434867028AF4895A87959EA668686, 26A7DB82E42DCBF3A77092D58AC6392754FD7C538B9EAAEFA88E9AF81DFE8E96 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
22:16:12.0360 0x1b6c  wercplsupport - ok
22:16:12.0376 0x1b6c  [ DE4E417B867841EE55114E588098B8D5, 878708C93FC1D919E2B9E1C5F94A0EAFC5F28BDAA58D3F29DEEDC8EC3F72D9ED ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
22:16:12.0407 0x1b6c  WerSvc - ok
22:16:12.0407 0x1b6c  wfpcapture - ok
22:16:12.0438 0x1b6c  [ DBF5255B759212E5217A2748567A0B5C, 5E81A9289EC39702179038B686A35FADF9974651E74222F3354B4CBE919887B0 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
22:16:12.0454 0x1b6c  WFPLWFS - ok
22:16:12.0485 0x1b6c  [ 4CD8826BB8320741842A9E53E48AF2BC, 97B22D9DCD0FD31D3A801946173369B0E70B1850576682C8A8180874A61CAD1A ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
22:16:12.0501 0x1b6c  WiaRpc - ok
22:16:12.0532 0x1b6c  [ 4375BCBA419D19695CF566082CEF27D3, 6F86FA14B41A03F2BA51B8702F3D59B85FD488405601FA177495E4B7C576850D ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
22:16:12.0547 0x1b6c  WIMMount - ok
22:16:12.0547 0x1b6c  WinDefend - ok
22:16:12.0579 0x1b6c  [ 037BC6DE5F58D4A74A5BB0C12DCECDCA, 92921A2615A41C434BADEB33594DABC166FC9418FBD311A3B2022410B14BFDAC ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
22:16:12.0594 0x1b6c  WindowsTrustedRT - ok
22:16:12.0641 0x1b6c  [ 70BCD70BD53F2FE660ED94B025A043EB, B23B96DCAB30C62CB1651B3A2292155AEE8217CE3120574F5158D5E7DA09DE56 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
22:16:12.0657 0x1b6c  WindowsTrustedRTProxy - ok
22:16:12.0719 0x1b6c  [ 8921ECEC2C7D1B1333D77325C60D3AEA, 67C6B6A92B34D99165B5591D0730322C31E967E599BA44924249BF5AD505C132 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:16:12.0782 0x1b6c  WinHttpAutoProxySvc - ok
22:16:12.0813 0x1b6c  [ 7792AE5403BF8975B6460DFC3428D129, D88F77E973D58C2CA629CC9249877A34ABF31CA1DC2A570666921A8A0DC8DEC7 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
22:16:12.0829 0x1b6c  WinMad - ok
22:16:12.0907 0x1b6c  [ 73B5230F03DC7002A70F11EA1B0BAA37, DFE8BBE52B58589686E402ACED51021E298A491F907EBA5689DF9DAFC3002BA5 ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:16:12.0954 0x1b6c  Winmgmt - ok
22:16:13.0094 0x1b6c  [ 2FE85D6AFF90F56A78743CC93B9CA684, B515765C4EE64E7EC16BD6AF037C084CCA6E81180AEF59E18F260406ABE6DF58 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
22:16:13.0251 0x1b6c  WinRM - ok
22:16:13.0266 0x1b6c  [ 811F30EB6EE8318C4171CB95AE30B9BD, 765F6BEA3D35D523B5D7ED7356EC0C97A48066A5C4D77C1E6EDAC6F220153385 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
22:16:13.0282 0x1b6c  WINUSB - ok
22:16:13.0313 0x1b6c  [ DF00381AB8665D48DE3FF794BC6760AB, 749AC7048601061A34BFF507B574AF028FC662C0A98692E7331E667D105EC09D ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
22:16:13.0329 0x1b6c  WinVerbs - ok
22:16:13.0422 0x1b6c  [ 11F106F92BCE6521878066C8D374BE4E, 4D72D686B3D8EECCDA13F318CA84D8747337B1A3612E17B0A2D5F422AE7C05AA ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
22:16:13.0532 0x1b6c  WlanSvc - ok
22:16:13.0626 0x1b6c  [ 043048A604EC6642B30676AE27E728FA, 82A095873CFB9DAFE985EFBEAD74C46090A2B6BE5B380EAA194A036AD8D292A8 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
22:16:13.0719 0x1b6c  wlidsvc - ok
22:16:13.0751 0x1b6c  [ 623ED8E10DFEEAB7AE2CD11A0451DB79, 7DDE15F22FD24556D4765F6CFD0F8E2F27370A89A962919646DE2613B33D43D6 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
22:16:13.0751 0x1b6c  WmiAcpi - ok
22:16:13.0797 0x1b6c  [ B2BB87531C4127ED4120E9BF5566827F, 1DDC0F00F215D77D3698F81B56D4488F384E9D017267840EDFA4846742B99B6A ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:16:13.0829 0x1b6c  wmiApSrv - ok
22:16:13.0860 0x1b6c  WMPNetworkSvc - ok
22:16:13.0876 0x1b6c  [ 78CA1FF6FE37EEFAFF99DD1C956AF60A, 883C7890C83BAB3B846A0C969D7B67031BD2EF65FA58A0620DD0CD1655C5B2C5 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
22:16:13.0907 0x1b6c  Wof - ok
22:16:14.0001 0x1b6c  [ B2D8EDBBC339D903BF4073FF7A8D251E, 989F3B94F084720A094C89FD5AF02B5D5BCE5FB127F323E1ADA2890B6AAB3535 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
22:16:14.0094 0x1b6c  workfolderssvc - ok
22:16:14.0126 0x1b6c  [ 388F2A3C771B8BEE76FD1AAF9614D08E, C064EC6136CC20C4EE19C86E91CA071974933BB52C9EF8521DF4AFD060FED4A2 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:16:14.0141 0x1b6c  wpcfltr - ok
22:16:14.0188 0x1b6c  [ A6FCFE1F691B4A4D266F5D487FADB9FE, 2135D0C13C1295A2F76885E380CD72CB71CEB8E0D9F1C183A35935B27737D423 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
22:16:14.0204 0x1b6c  WPDBusEnum - ok
22:16:14.0235 0x1b6c  [ 37DCE976B3935380F2F6E39ABB6BF40D, B14E875F6D6503DF0DB6D9D2363316073AEEF394D830EA2270A0DCDA56E1CEC4 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:16:14.0251 0x1b6c  WpdUpFltr - ok
22:16:14.0266 0x1b6c  [ 80F0154FD4293E562D54E97811E03499, EDE920F7F95EFBE542FE3CE066B6F7CDE3B9A37DDF3411DC86EACE9EEF294C1D ] WpnService      C:\WINDOWS\system32\WpnService.dll
22:16:14.0298 0x1b6c  WpnService - ok
22:16:14.0329 0x1b6c  [ 3CD22DD5A790CF7C24D65455E565EA83, 49DB06DF6F38940E7F8691C16586A78BB20E702FD48A34E50987C06B08BDF4DB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:16:14.0344 0x1b6c  ws2ifsl - ok
22:16:14.0407 0x1b6c  [ EBA916109A176714E6A7BD152387F13C, 7B38B1708B83271ADA8D1CEC7F5F0A75C7F2572185C0961EFC749D5DF16A03F0 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
22:16:14.0422 0x1b6c  wscsvc - ok
22:16:14.0438 0x1b6c  [ E392DFAF6D0DEFC812ECC727A61F91C5, C28B6CC8AD034157CE92C7F098A9C12ADED2769E6AF954A9AAD10CC0E811DD2A ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
22:16:14.0454 0x1b6c  WSDPrintDevice - ok
22:16:14.0454 0x1b6c  [ 0902C63D8C836EA4D0876FCD8D627701, 0173F83CF8DA9C6D40C64CE88BF1A40EB634008D3D48F74E4E3BBBB11F1CA8D1 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
22:16:14.0469 0x1b6c  WSDScan - ok
22:16:14.0485 0x1b6c  WSearch - ok
22:16:14.0610 0x1b6c  [ 9EB85802AB625970E05879D15DE56335, B7DCE5E1924A5CEE76CC07FF3B8CEDBBD0DDBB4C4ED0A3BFB8D1ABCAD7C0AA23 ] WSService       C:\WINDOWS\System32\WSService.dll
22:16:14.0751 0x1b6c  WSService - ok
22:16:14.0860 0x1b6c  [ A2C3482A6535792F5DD22C144261B170, 6C47BFD03E81C7998CF14AFC8CB850C2951D60FAFD4DB244AFBAF938F6A3B7AA ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
22:16:14.0985 0x1b6c  wuauserv - ok
22:16:15.0032 0x1b6c  [ 835F60262E7E310080EA05F6752BF248, 3010B731DF3D52B56EA16FD29B66F5D3AB9412E49CA4C547BAAECA3225C5DC40 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
22:16:15.0047 0x1b6c  WudfPf - ok
22:16:15.0079 0x1b6c  [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
22:16:15.0110 0x1b6c  WUDFRd - ok
22:16:15.0141 0x1b6c  [ 44CF3130AEC8914705487C4AEF756A19, 30B09E32DEC02141F9B99ED012E441056C1663A72E4130EF4221ECC0ED87BF4B ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
22:16:15.0157 0x1b6c  wudfsvc - ok
22:16:15.0173 0x1b6c  [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:16:15.0188 0x1b6c  WUDFWpdFs - ok
22:16:15.0204 0x1b6c  [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:16:15.0219 0x1b6c  WUDFWpdMtp - ok
22:16:15.0282 0x1b6c  [ E818494D2C23282CCAA4EB4C0FCCF138, 6F975AF4DECB39D09DA8945473C69ECD451AB83039742FFC95D839EA29827B90 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
22:16:15.0360 0x1b6c  WwanSvc - ok
22:16:15.0422 0x1b6c  [ 9BDC2AFCEF4CF1C630D728DE1DBD495A, 5CE19974380CCEC46C181315B349E9A7CE757E19118EC5978A2293D63268BA66 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
22:16:15.0469 0x1b6c  XblAuthManager - ok
22:16:15.0532 0x1b6c  [ 3EDB6162310EA223890C2DF44C68358B, 12053291809CA9C38A30EA4B2DE7115F535531F0925220C63B0312979F9CC707 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
22:16:15.0594 0x1b6c  XblGameSave - ok
22:16:15.0626 0x1b6c  [ 30021D1E0407B71E8D5D4F8DAE4E656A, EE2E366A1CC033C068176C7E9F876FFA0EF86A15A482B6964E170DE863CFF542 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
22:16:15.0657 0x1b6c  xboxgip - ok
22:16:15.0719 0x1b6c  [ 729B70C81F207541BC6A4ABAE3A8D594, 31F9BC41169D28B397C0D988C367C32FA9A95289E68AB8F38061DA478752A765 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
22:16:15.0798 0x1b6c  XboxNetApiSvc - ok
22:16:15.0813 0x1b6c  [ 6851673B90D8CB332439E0339F81A6B6, 4E95F1A63E6DD58BB5BD6FC1D9784837D5E6F5BCF870C7ECC92DCA1AF20B6A4C ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
22:16:15.0829 0x1b6c  xinputhid - ok
22:16:15.0844 0x1b6c  ================ Scan global ===============================
22:16:15.0907 0x1b6c  [ C6BC6E49A7F76AA2BBA58CD08196755F, D02B6B285899E966D19323566A4780D51303D00E66674D7FF4B61991430A69A6 ] C:\WINDOWS\system32\basesrv.dll
22:16:15.0938 0x1b6c  [ 70EC9717DC3A1CDF79C703A145E0E5B7, D5ABF42063DFF799FD4099D8A347256CC79B89582B987B3DEE240AFA5BA421BE ] C:\WINDOWS\system32\winsrv.dll
22:16:15.0985 0x1b6c  [ F435AFA375ACBAEE44324DD464EDCC11, 815DE470439AE5D96348BEBF971A14FBDCA1D36F31CA0D25F69E5F41817D43D5 ] C:\WINDOWS\system32\sxssrv.dll
22:16:16.0032 0x1b6c  [ BB3D8E1C108F7244613FF3993291A922, 1642AF23F200D46F54239C3BA743F1D5ADDC6A32D5F6481264D0C1D7F3E9D533 ] C:\WINDOWS\system32\services.exe
22:16:16.0048 0x1b6c  [ Global ] - ok
22:16:16.0048 0x1b6c  ================ Scan MBR ==================================
22:16:16.0063 0x1b6c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:16:17.0188 0x1b6c  \Device\Harddisk0\DR0 - ok
22:16:17.0188 0x1b6c  ================ Scan VBR ==================================
22:16:17.0204 0x1b6c  [ 9A2424AED3302D542AF3B05C84FA9671 ] \Device\Harddisk0\DR0\Partition1
22:16:17.0204 0x1b6c  \Device\Harddisk0\DR0\Partition1 - ok
22:16:17.0235 0x1b6c  [ 4D01B62C77765A025D09F0B1AF486A28 ] \Device\Harddisk0\DR0\Partition2
22:16:17.0235 0x1b6c  \Device\Harddisk0\DR0\Partition2 - ok
22:16:17.0235 0x1b6c  ================ Scan generic autorun ======================
22:16:17.0688 0x1b6c  [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:16:18.0188 0x1b6c  RtHDVCpl - ok
22:16:18.0204 0x1b6c  SmartFaceVWatcher - ok
22:16:18.0204 0x1b6c  SynTPEnh - ok
22:16:18.0563 0x1b6c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
22:16:18.0860 0x1b6c  OneDriveSetup - ok
22:16:19.0126 0x1b6c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
22:16:19.0407 0x1b6c  OneDriveSetup - ok
22:16:19.0595 0x1b6c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
22:16:19.0610 0x1b6c  Google Update - ok
22:16:20.0141 0x1b6c  [ FC9AC796ACCF950D202DB32B19684F15, 0BBA73C4B24A90141EDADD8B32949E714229F3F6DFA7B8860FD15BC3E2D69B9D ] C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
22:16:20.0735 0x1b6c  MusicManager - detected UnsignedFile.Multi.Generic ( 1 )
22:16:23.0063 0x1b6c  Object required for P2P: [ FC9AC796ACCF950D202DB32B19684F15 ] C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
22:16:25.0485 0x1b6c  Object send P2P result: true
22:16:25.0485 0x1b6c  Detect skipped due to KSN trusted
22:16:25.0485 0x1b6c  MusicManager - ok
22:16:25.0626 0x1b6c  [ F9387D080BF8566354CDB0445AB8F87B, 4EE5D4A15E2D3DF578FA0370449C0894166B1B2998B63D9F02A994845350B86A ] C:\Users\Staples\AppData\Local\Microsoft\OneDrive\OneDrive.exe
22:16:25.0642 0x1b6c  OneDrive - ok
22:16:25.0939 0x1b6c  [ 47DBCC66CF9A3DCEF2D42051431160D3, 5E99CB8333471E80590AED8CA139EF859AD617D1C7BD9406913A86016DCA08F6 ] C:\Program Files\CCleaner\CCleaner64.exe
22:16:26.0251 0x1b6c  CCleaner Monitoring - ok
22:16:26.0298 0x1b6c  [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0329 0x1b6c  Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 - ok
22:16:26.0345 0x1b6c  [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0360 0x1b6c  Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 - ok
22:16:26.0376 0x1b6c  [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0407 0x1b6c  Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok
22:16:26.0423 0x1b6c  [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0439 0x1b6c  Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 - ok
22:16:26.0454 0x1b6c  [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0485 0x1b6c  Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 - ok
22:16:26.0485 0x1b6c  [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0517 0x1b6c  Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64 - ok
22:16:26.0532 0x1b6c  [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0548 0x1b6c  Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 - ok
22:16:26.0564 0x1b6c  [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0595 0x1b6c  Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 - ok
22:16:26.0860 0x1b6c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
22:16:27.0142 0x1b6c  OneDriveSetup - ok
22:16:27.0157 0x1b6c  Waiting for KSN requests completion. In queue: 10
22:16:28.0173 0x1b6c  Waiting for KSN requests completion. In queue: 10
22:16:29.0189 0x1b6c  Waiting for KSN requests completion. In queue: 10
22:16:30.0220 0x1b6c  Win FW state via NFP2: enabled ( trusted )
22:16:32.0658 0x1b6c  ============================================================
22:16:32.0658 0x1b6c  Scan finished
22:16:32.0658 0x1b6c  ============================================================
22:16:32.0658 0x03ac  Detected object count: 0
22:16:32.0658 0x03ac  Actual detected object count: 0
         


Alt 24.04.2016, 15:02   #6
M-K-D-B
/// TB-Ausbilder
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Servus,




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________
--> Windows reagiert oft nicht. Fund durch Avira

Alt 24.04.2016, 18:36   #7
StefanHe
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



in MbaM waren noch alte Dateien in Quarantäne, nur mal als Anmerkung. Ignorieren?

[CODE]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 10 Home x64
Ran by Staples (Administrator) on 24.04.2016 at 19:23:53,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Users\Staples\AppData\Local\{74DC73EB-C25C-429C-A417-4CE4F93BFF05} (Empty Folder)
Successfully deleted: C:\WINDOWS\SysWOW64\REN23CC.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\sho302F.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\shoE1C4.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2016 at 19:27:58,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[/CODE

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 24.04.2016
Suchlaufzeit: 18:30
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.04.24.05
Rootkit-Datenbank: v2016.04.17.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Staples

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 452439
Abgelaufene Zeit: 48 Min., 52 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{76B30A95-2680-42E6-BC07-2AF24B1A6DF5}, In Quarantäne, [3d68d7db9cfdef477e32129c30d4d828], 
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B430142D-9787-4A1B-A30D-853E4F5EA53C}, In Quarantäne, [2481aa086d2ccf67cd459418887c5ba5], 

Registrierungswerte: 3
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{76B30A95-2680-42E6-BC07-2AF24B1A6DF5}|Path, \HDvid Codec V1-enabler, In Quarantäne, [3d68d7db9cfdef477e32129c30d4d828]
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B430142D-9787-4A1B-A30D-853E4F5EA53C}|Path, \HDvid Codec V1-codedownloader, In Quarantäne, [2481aa086d2ccf67cd459418887c5ba5]
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|HDvid Codec V1-bg.exe, 8000, In Quarantäne, [e8bde0d2b5e445f126886a444fb5bc44]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v5.112 - Bericht erstellt am 24/04/2016 um 18:18:23
# Aktualisiert am 17/04/2016 von Xplode
# Datenbank : 2016-04-24.2 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Staples - STAPLES-TOSH
# Gestartet von : C:\Users\Staples\Desktop\AdwCleaner_5.112.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKCU\Software\Mail.Ru
[-] Schlüssel gelöscht : HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2448 Bytes] - [24/04/2016 18:18:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [2554 Bytes] - [24/04/2016 18:15:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2594 Bytes] ##########
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Staples (Administrator) auf STAPLES-TOSH (24-04-2016 19:29:19)
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples &  (Verfügbare Profile: Staples & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [Google Update] => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [MusicManager] => C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk [2016-02-29]
ShortcutTarget: Warkeys Update.lnk -> C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
BootExecute: autocheck autochk /p \??\C:autocheck autochk /m /P \Device\HarddiskVolume2autocheck autochk /m /f \Device\HarddiskVolume2autocheck autochk * 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{214a7604-97a2-44e4-9116-57a232caae45}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e151f280-f994-498c-b104-4491eea55f73}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {4FEE286E-218C-4BF0-B386-BA499B29169B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {D1F998F5-B874-47D1-BDDD-B50E44A73288} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4FEE286E-218C-4BF0-B386-BA499B29169B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D1F998F5-B874-47D1-BDDD-B50E44A73288} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857
FF DefaultSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-31] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\searchplugins\bildde.xml [2015-12-13]
FF Extension: Adblock Plus - C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]

Chrome: 
=======
CHR Profile: C:\Users\Staples\AppData\Local\Google\Chrome\User Data\default

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-08-02] (Broadcom Corporation.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-17] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-08-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
S3 MWAC; \??\C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-08-20] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-08-02] (Toshiba Corporation)
U5 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [212072 2009-09-24] (TOSHIBA CORPORATION)
U5 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50664 2009-06-19] (TOSHIBA Corporation)
U5 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94336 2009-06-19] (TOSHIBA Corporation.)
U5 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63856 2009-08-05] (TOSHIBA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-24 19:29 - 2016-04-24 19:31 - 00025185 _____ C:\Users\Staples\Desktop\FRST.txt
2016-04-24 19:27 - 2016-04-24 19:28 - 00000846 _____ C:\Users\Staples\Desktop\JRT.txt
2016-04-24 19:21 - 2016-04-24 19:23 - 01610008 _____ (Malwarebytes) C:\Users\Staples\Desktop\JRT.exe
2016-04-24 19:21 - 2016-04-24 19:21 - 00002204 _____ C:\Users\Staples\Desktop\mbam.txt
2016-04-24 19:19 - 2016-04-24 19:19 - 00016148 _____ C:\WINDOWS\system32\STAPLES-TOSH_Staples_HistoryPrediction.bin
2016-04-24 18:29 - 2016-04-24 18:29 - 00001182 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-24 18:27 - 2016-04-24 18:27 - 22851472 _____ (Malwarebytes ) C:\Users\Staples\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-24 18:24 - 2016-04-24 18:24 - 00002712 _____ C:\Users\Staples\Desktop\AdwCleaner[C1].txt
2016-04-24 18:15 - 2016-04-24 18:18 - 00000000 ____D C:\AdwCleaner
2016-04-24 18:14 - 2016-04-24 18:15 - 03683904 _____ C:\Users\Staples\Desktop\AdwCleaner_5.112.exe
2016-04-24 18:05 - 2016-04-24 18:05 - 00001090 _____ C:\Users\Public\Desktop\Mumble.lnk
2016-04-24 18:05 - 2016-04-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-04-24 18:05 - 2016-04-24 18:05 - 00000000 ____D C:\Program Files (x86)\Mumble
2016-04-24 14:39 - 2016-04-24 14:41 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-23 22:15 - 2016-04-23 22:24 - 00270208 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_22.15.24_log.txt
2016-04-23 22:07 - 2016-04-23 22:13 - 00270208 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_22.07.52_log.txt
2016-04-23 22:06 - 2016-04-23 22:07 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Staples\Desktop\tdsskiller.exe
2016-04-23 22:03 - 2016-04-24 19:29 - 00000000 ____D C:\FRST
2016-04-23 22:02 - 2016-04-23 22:03 - 02375680 _____ (Farbar) C:\Users\Staples\Desktop\FRST64.exe
2016-04-19 00:09 - 2016-04-19 00:09 - 00000000 ____D C:\Users\Staples\Documents\Diablo II
2016-04-19 00:07 - 2016-04-19 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-04-18 23:25 - 2016-04-18 23:25 - 02771704 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_deDE.exe
2016-04-18 23:12 - 2016-04-18 23:13 - 02689174 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
2016-04-15 20:41 - 2016-04-15 20:41 - 00000017 _____ C:\WINDOWS\SysWOW64\shortcut_ex.dat
2016-04-12 21:11 - 2016-04-15 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-08 21:43 - 2016-04-08 21:43 - 00016622 _____ C:\Users\Staples\Documents\Sobri.odt
2016-04-03 07:37 - 2016-04-03 07:37 - 00275040 _____ C:\WINDOWS\Minidump\040316-38109-01.dmp
2016-03-28 20:14 - 2016-03-28 20:14 - 00000000 ____D C:\Users\Staples\AppData\Local\Steam

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-24 19:19 - 2010-10-31 01:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE5EF183-990B-42DC-8793-FA5A454ADFA0}
2016-04-24 18:40 - 2014-08-15 21:33 - 00049536 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\agremove.exe
2016-04-24 18:39 - 2015-08-02 01:59 - 00017920 _____ C:\WINDOWS\system32\rpcnetp.exe
2016-04-24 18:39 - 2014-08-04 23:59 - 00001154 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job
2016-04-24 18:34 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-24 18:33 - 2016-01-10 22:13 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-24 18:30 - 2015-08-27 21:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-24 18:29 - 2015-08-27 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-24 18:29 - 2015-08-27 21:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-04-24 18:23 - 2016-01-10 22:13 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-24 18:21 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-24 18:19 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-24 18:18 - 2015-08-02 02:11 - 00000000 ____D C:\Users\Staples
2016-04-24 18:15 - 2014-01-18 21:17 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Mumble
2016-04-24 18:13 - 2014-01-18 21:26 - 00000000 ____D C:\Users\Staples\AppData\Local\Battle.net
2016-04-24 14:44 - 2015-12-12 21:58 - 00000000 ____D C:\WINDOWS\Panther
2016-04-24 10:38 - 2014-01-01 11:54 - 00000000 ___RD C:\Users\Staples\Desktop\Programme
2016-04-24 10:37 - 2014-01-01 11:54 - 00000000 ____D C:\Users\Staples\Desktop\Spiele
2016-04-24 10:33 - 2014-07-05 10:58 - 00000000 ____D C:\Users\Staples\Documents\JTP
2016-04-23 23:36 - 2014-01-18 21:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-23 20:39 - 2014-08-04 23:59 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job
2016-04-23 16:06 - 2014-01-18 21:34 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-23 15:52 - 2014-07-22 18:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-23 10:42 - 2014-12-08 22:53 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-04-22 21:51 - 2015-08-02 03:25 - 00002400 _____ C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-22 21:51 - 2015-08-02 03:25 - 00000000 ___RD C:\Users\Staples\OneDrive
2016-04-22 20:04 - 2015-08-02 02:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-22 15:46 - 2015-08-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-20 12:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-19 00:14 - 2011-09-22 17:56 - 00000618 _____ C:\BnetLog.txt
2016-04-19 00:09 - 2010-10-29 17:20 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-04-16 22:27 - 2010-11-01 16:50 - 00000000 ____D C:\Users\Staples\AppData\Roaming\TS3Client
2016-04-15 20:39 - 2013-12-27 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 23:02 - 2013-08-15 01:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 22:56 - 2010-10-31 19:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-11 17:51 - 2015-08-02 02:09 - 00007412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-11 17:51 - 2015-07-10 18:34 - 01165958 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-11 17:51 - 2015-07-10 18:34 - 00279796 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-06 20:32 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 07:37 - 2015-08-02 17:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-31 22:57 - 2012-12-25 11:58 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-31 20:28 - 2012-12-25 11:58 - 00003876 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-30 20:47 - 2014-12-27 00:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-03-28 21:07 - 2014-07-22 19:35 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-10-31 19:55 - 2010-10-31 19:55 - 0000095 _____ () C:\Users\Staples\AppData\Local\fusioncache.dat
2014-08-01 23:59 - 2014-08-01 23:59 - 0016958 _____ () C:\Users\Staples\AppData\Local\gem.ico
2014-08-01 23:59 - 2014-08-01 23:59 - 0127112 _____ () C:\Users\Staples\AppData\Local\mybet.ico
2014-03-29 01:34 - 2014-11-18 20:59 - 0007607 _____ () C:\Users\Staples\AppData\Local\Resmon.ResmonCfg
2014-06-17 15:35 - 2014-06-17 15:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-02 12:45 - 2010-11-02 12:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-12-07 00:47 - 2015-12-07 00:47 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Einige Dateien in TEMP:
====================
C:\Users\Staples\AppData\Local\Temp\avgnt.exe
C:\Users\Staples\AppData\Local\Temp\libeay32.dll
C:\Users\Staples\AppData\Local\Temp\msvcr120.dll
C:\Users\Staples\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-18 23:41

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-24 19:32:07)
Gestartet von C:\Users\Staples\Desktop
Windows 10 Home (X64) (2015-08-02 01:20:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1502668225-1892257724-3303000117-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1502668225-1892257724-3303000117-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1502668225-1892257724-3303000117-503 - Limited - Disabled)
Gast (S-1-5-21-1502668225-1892257724-3303000117-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502668225-1892257724-3303000117-1002 - Limited - Enabled)
Staples (S-1-5-21-1502668225-1892257724-3303000117-1000 - Administrator - Enabled) => C:\Users\Staples

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM\...\Steam App 30) (Version:  - Valve)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Haushaltsbuch 5.0 (HKLM-x32\...\{0E6C1531-9546-4153-9D88-689519385319}) (Version: 5.0 - Euchler Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{E7A3B455-76AD-423A-AE5E-F431C69BF2B0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.3.0 (HKLM-x32\...\{9B95B20A-324C-4FEE-AF12-24F0CF0D2580}) (Version: 1.3.0 - The Mumble Developers)
Music Manager (HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\MusicManager) (Version:  - Google, Inc.)
Music Manager (HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MusicManager) (Version:  - Google, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - Ihr Firmenname)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warkeys 1.21.0.0b (HKLM-x32\...\Warkeys) (Version: 1.21.0.0b - )
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {2A7B3111-CA95-4031-AEBE-F8E78F591055} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {2D34A571-4CEC-421F-9378-CFB7FBCD5780} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {34AE0563-2C0C-441F-B688-908CC3065303} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {34BF107D-76F5-45AD-A9DD-3313F342FAE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {374703C8-047E-458E-A707-64ED95105CB7} - \HDvid Codec V1-updater -> Keine Datei <==== ACHTUNG
Task: {37522DE3-CD46-4659-A0FA-9ACA2B27868A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {388D3AC4-01BA-4663-9003-C0F3B7DDCF9A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {38F102F6-73BF-4552-A978-F529AEB166D0} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {3914F8FB-D065-44BA-ADFB-A266017A2A98} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {3D1F5DB5-186F-4BDE-87AD-C24E5576C1B2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3D46462C-CD47-4D47-B630-A827F78431E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {452475D1-F5A5-4BD8-9CCE-824B69FBFA48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA} - \ConfigFree Startup Programs -> Keine Datei <==== ACHTUNG
Task: {53BD5C85-07E8-4A3B-975B-CF63B0078021} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {54FC8C20-F3B3-405F-B5D3-2C297BCBBB95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {55A71768-B655-420A-B641-74DC7784B873} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {567F5A78-2F13-44C0-8F13-EFD9C5A76050} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {57CFA2A7-4180-456B-BF8A-A1CAC6D0FF5F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {5EC10D66-F719-4668-86C7-4CE76079A0C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {600A2786-3EDA-4639-B8CF-19A96B5D463D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated)
Task: {6F9C441D-CCCA-4CE0-8F2C-E9C5111740C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {71459263-08A6-43E0-B086-911E2AA8F233} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7998CF8D-D393-41ED-8499-9424214EAD15} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8350377D-88D4-4A82-8581-C3E3F5D702E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8AF38B8A-F573-4FD1-97FA-34C76E69408F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {94D7DAC8-D08B-4E54-AA90-4E816D264D74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {A0E8D8A4-582C-4A2F-90CC-FF163157F9ED} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {AA6B7129-EF76-4BCC-A791-2011AD059DF1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC9AFF9F-874B-4DC6-9A2E-37AE14FDBEC6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B02C24DE-42E0-45C3-8DCB-74F600BF51FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B28A4DF6-2185-42D2-B0A7-E0B90985A4F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B45B70A8-461A-4044-88D2-DAAE989E045A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C1F73BFD-54A2-4477-9E0C-9757930AD47E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C2F99E66-9961-453E-AE82-927BB96932A5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C9E936DA-9486-4A23-8FF0-225CEA97CB40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {CA3E81D8-FC27-43E9-B52B-E784F76687EE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CF2FA2FF-1A46-4DE6-A460-C662304D48B7} - System32\Tasks\{428DD254-78FD-48CF-AFB3-2C3E7F513096} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="2M02-K09C-4652-C94K-5T44-HAM6-KX7M-078A-3X3C-L9TT-2W5U-821H-1C12-9810-A291-0000"
Task: {D98728C8-1886-465A-8839-A6CA5519CD38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {DB99FD54-021F-4A44-BD01-3FEB47A1DD02} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DBBE0970-979F-4DAD-BEBD-1871B5B13953} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E450177C-00C7-42B1-B73D-9D3E38CA19D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EBB5871C-28D0-44B3-81EE-11DC19349E85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {ECBB05AA-0B80-470E-9367-AE7504FB3970} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-31] (Adobe Systems Incorporated)
Task: {F107F1CF-52E4-4871-959E-200C438020FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FD9D15E4-1BE1-4205-A2A6-8D415DA064B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-08-02 02:52 - 2015-08-02 02:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-02 02:52 - 2015-08-02 02:52 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2010-04-06 14:53 - 2010-04-06 14:53 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00959176 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-11 22:14 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-11 22:14 - 2015-08-03 03:08 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-11 22:14 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [125]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys [1792]
AlternateDataStreams: C:\Users\Staples\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\Verlauf:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Documents\desktop.ini:gs5sys [3074]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-07-29 09:43 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Staples\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Staples\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\startupfolder: C:^Users^Staples^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Battle.net.lnk => C:\Windows\pss\Battle.net.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GameXN GO => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3CA2Q7BT060F:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: MusicManager => "C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{DAB9098E-BCC6-43EA-914C-180FB28B1190}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [TCP Query User{251DD3FB-685E-4277-A791-97947ED3BBDC}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [{463D4E6D-28F7-4D94-A1EF-2AE3B45CC574}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{AE158F70-72C1-46F9-BA84-33C2EA6B3B3A}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{1DF298B3-BCA9-4322-BF0D-7E7A8D0411B3}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [{6BE7CCFD-90A5-47A6-98C0-D94F8828BEFE}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [UDP Query User{43046A62-F0A0-4B78-BC6D-73F1B01E7651}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{87291E13-B742-4A4A-AED6-D08F55710435}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [{BFE6636C-05E2-496D-83EB-354A37E72F72}] => (Allow) E:\FSetup.exe
FirewallRules: [{2F6F6651-43F1-45FE-8A9C-14AE9E829319}] => (Allow) E:\FSetup.exe
FirewallRules: [UDP Query User{E0D19048-7F9B-4F6A-91B7-1590A722B9B4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{78FCE144-CD62-460B-AA88-D6AC01C7055B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5A874BB2-6927-4F44-AE2F-4E3EA3A92D8D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F3921869-22F6-48EA-8FA0-2065F05EEE26}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C309552C-6031-4C74-8CFE-268AFE41FC91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F516593-A61A-4EBB-8DC7-9D4BD3A6339A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CAD7E71-0BD5-4A7C-9DBB-A1066D3C6A25}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{6DC5F174-9CCB-4632-AF90-D738CD1E5594}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{076E4404-43AE-4B3E-91B4-D17DA167A4E9}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{79128DD4-E18B-4A1D-A061-2F0ACB0A4CBE}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{A5C16E36-0195-4CE1-AB02-693C5900B83E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAE76957-0503-40B0-B2F3-8B0C9CBCBD4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33236DBE-44A0-48ED-91AF-01B34211077E}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D07EA77B-DED6-4010-99C5-BFA6E53C158F}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BCC5A689-B1ED-412A-B131-C003122C2F5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D90623C6-113B-469F-B20E-6667CFCCBBE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CF2A2CE-FC1A-4BA6-B8D6-CA8ED53E2855}] => (Allow) LPort=1900
FirewallRules: [{BDA74D07-EE95-44EB-BCA8-DAE09A7C4185}] => (Allow) LPort=7900
FirewallRules: [{3FF958D2-792D-4E41-945D-DFF5316E9344}] => (Allow) LPort=24234
FirewallRules: [{52C311B7-95FA-42CF-A667-B353CFF3CE01}] => (Allow) LPort=7679
FirewallRules: [{1564CB85-C992-4B74-B414-6CB4ED63B1FF}] => (Allow) LPort=7676
FirewallRules: [{05B80B2B-64CA-4120-AED3-FDC1C63268F8}] => (Allow) LPort=8643
FirewallRules: [{94C5872C-096D-45FE-A386-A704F37CCD41}] => (Allow) LPort=8743
FirewallRules: [{85D1FCA6-5AAE-40ED-BC8A-661A80BB825C}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0CDCC238-9293-4960-A01E-ADBC24DE2426}] => (Allow) LPort=5357
FirewallRules: [{E6C70617-CBAC-4EAE-8821-ED72246690C8}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{7A11A418-B75D-4C52-96DA-9CA4B8DD999A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{E81E2219-DCB7-40E3-9C0B-65EE6AB363AF}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{4B2CDB83-6F00-4483-9EC4-5DDEA19FA0AB}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{820B410A-B60B-46BC-B15D-A930CEC2752A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{1A50E5AF-C87D-4180-9BDD-1356CD48961F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{262DE6E1-3D09-4960-B0BD-452E77ED4E4B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{1886E3CF-BBAA-45BA-BDBF-DF68C5649FDA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{622BAA4C-8B46-4565-B206-E2786189BFCA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6389EC2A-ABC7-46A4-B4B6-79C2FEC0B024}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{16313845-2B0C-4CF9-A3A4-19C03180546F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{DD06D80F-7ACB-4661-8F85-699B83430D5A}] => (Allow) LPort=1900
FirewallRules: [{D6471186-80C3-43C1-84E3-742026E8539C}] => (Allow) LPort=2869
FirewallRules: [{70392273-5556-4955-B447-E97E32091F68}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{84DDAC82-808E-4E2D-9789-A52F53C0D4DC}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [TCP Query User{50C46697-1E82-4C15-9E29-B1A32888100E}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [UDP Query User{E5048485-2062-4C31-AC52-00DCEC838ACB}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [TCP Query User{23A89A76-ED93-43B5-8B46-17A9B4C72C2F}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [{974C9DC9-9006-4816-8119-CA81896AAA61}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{17EB269A-3379-47DF-B6B9-9499EA3D64DD}] => (Allow) svchost.exe
FirewallRules: [{AC3A1281-9F11-429D-ADFD-D6D233994896}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{485D1D0E-997B-4638-B1CF-57A62F63A6FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04E04B5C-DE15-460A-914A-A5B081BD09C2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9BE9D350-3FA7-420B-AAD5-56F5F27AB135}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DEF5B45F-AF3C-4AB4-891C-F2C91B263928}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{05C1E0E9-3DEA-440C-BD56-17C383E892B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E52537E4-F94C-4C42-B831-1F656622A8CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7BF7CD7-6A47-4FC6-AFFF-7A8DB6844C2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A860695-8579-416A-A287-40C07810B5BE}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [UDP Query User{6B00BD4E-D83B-4199-BF07-A93E703B642B}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [TCP Query User{6081101E-1662-45E3-97DC-A46F1856706C}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [UDP Query User{92F466A6-9A25-459E-82D3-C6D2B2AC43C1}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [TCP Query User{839A40D7-5698-45A5-AEC4-E880FC49092E}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{BB8B1D12-AAE0-4DE7-98E5-ED54A144FDB6}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{5A85E686-28AD-40A9-AD95-0AB1053FAB9C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{9056D4F4-F01C-40EA-B5C0-325981AD555C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{075F0F34-0735-46B8-8665-55A38DCBB6F4}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [UDP Query User{C75B5420-C5D6-4C49-A150-E68C2BB76418}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [TCP Query User{31F80D6F-AEF1-4457-819E-786C7090118D}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{C0F385F3-870D-4B35-AAB2-F5D43D48C33C}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{EE979479-45C4-459C-887E-C2E698DF3D85}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E04E306A-36DD-459B-ABEC-3D2B65388F3A}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{D5BBB418-E1FF-4F0D-808F-03F8C93F1389}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4781C4DA-2B16-4012-875F-A5E91EA891F3}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{F4E51C64-B712-4C49-8607-2D1F80E314F6}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [UDP Query User{1E67D163-DC92-4131-9178-206AA862968B}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [TCP Query User{91008239-45AF-45C7-876E-C2CC8F1AECD9}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe
FirewallRules: [UDP Query User{08768379-FEF5-42D1-BB62-FDB41C2153A0}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe

==================== Wiederherstellungspunkte =========================

24-04-2016 19:23:54 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/24/2016 07:24:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/24/2016 07:00:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x770
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (04/24/2016 06:32:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (04/24/2016 06:25:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "퀀뀀붵⼭뛖祱๔퀀궵ଯ쿞擩ᑊ䀴ⶥਫ裛". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (04/24/2016 06:05:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/24/2016 04:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0xcec
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (04/24/2016 04:04:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x414
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (04/24/2016 03:53:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x1214
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (04/24/2016 02:52:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAPLES-TOSH)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/24/2016 02:38:44 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) -- System must be eligible for MS DVD License


Systemfehler:
=============
Error: (04/24/2016 07:24:43 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: WINDOWS\Device\HarddiskVolumeShadowCopy33

Error: (04/24/2016 06:29:46 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x100000004ba46. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/24/2016 06:28:44 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.

Error: (04/24/2016 06:27:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/24/2016 06:21:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (04/24/2016 06:21:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (04/24/2016 06:20:10 PM) (Source: Application Popup) (EventID: 877) (User: )
Description: DATABASE OPEN FAILED

Error: (04/24/2016 06:19:45 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: C:\Device\HarddiskVolume23

Error: (04/24/2016 06:18:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/24/2016 06:18:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-03-17 00:34:13.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-14 08:44:09.391
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 22:12:58.712
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-06 16:59:53.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 23:08:44.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-28 21:20:12.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-26 16:56:32.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-23 20:21:56.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-23 09:00:54.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-23 09:00:54.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 3954.67 MB
Verfügbarer physikalischer RAM: 2215.16 MB
Summe virtueller Speicher: 7922.67 MB
Verfügbarer virtueller Speicher: 6053.52 MB

==================== Laufwerke ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:43.16 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:145.24 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40D49AEE)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 25.04.2016, 15:38   #8
M-K-D-B
/// TB-Ausbilder
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Servus,


wir entfernen die letzten Reste und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
Task: {2D34A571-4CEC-421F-9378-CFB7FBCD5780} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {374703C8-047E-458E-A707-64ED95105CB7} - \HDvid Codec V1-updater -> Keine Datei <==== ACHTUNG
Task: {452475D1-F5A5-4BD8-9CCE-824B69FBFA48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA} - \ConfigFree Startup Programs -> Keine Datei <==== ACHTUNG
Task: {54FC8C20-F3B3-405F-B5D3-2C297BCBBB95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {567F5A78-2F13-44C0-8F13-EFD9C5A76050} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {71459263-08A6-43E0-B086-911E2AA8F233} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8350377D-88D4-4A82-8581-C3E3F5D702E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B02C24DE-42E0-45C3-8DCB-74F600BF51FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B45B70A8-461A-4044-88D2-DAAE989E045A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C1F73BFD-54A2-4477-9E0C-9757930AD47E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C9E936DA-9486-4A23-8FF0-225CEA97CB40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 25.04.2016, 21:37   #9
StefanHe
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.13.258
www.hitmanpro.com

   Computer name . . . . : STAPLES-TOSH
   Windows . . . . . . . : 10.0.0.10240.X64/4
   User name . . . . . . : STAPLES-TOSH\Staples
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-04-25 22:00:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 26m 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 39

   Objects scanned . . . : 2.300.864
   Files scanned . . . . : 71.190
   Remnants scanned  . . : 689.699 files / 1.539.975 keys

Suspicious files ____________________________________________________________

   C:\Users\Staples\Desktop\FRST64.exe
      Size . . . . . . . : 2.375.680 bytes
      Age  . . . . . . . : 2.0 days (2016-04-23 22:02:41)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 9B23A27F854566FE804500EDE2368AF601DC071DBAC28A773ABD48CEAB6CAA20
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{050000CE-F9D5-4145-9490-DB9E7E40FDF9}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{476DAA21-E0C3-4EEB-B27B-5F4123334ABA}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{7DE6769A-E482-4AB7-8ED9-0CAFEA11D687}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{813F8915-C940-44ED-ADED-8B782D85FA87}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{8D182E50-D646-49FF-B518-34B09BDF5375}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{9563917C-2D1F-4E92-A90F-01E470099B68}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{A182C848-76B5-4473-B742-A688D38982A1}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{AC5C40D0-DC3A-4406-A35C-9102C5FA4D7E}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{C336533A-5E74-457F-AD87-9598F4AADF49}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{C8C14216-4D34-4866-B66E-BC25B98FCCCA}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{E54B3747-7507-43B0-8537-A64189F28B35}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{F761BABE-0622-4DCE-A1B0-9D1BCA75DFEF}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{F98F0DE1-9B6F-4C87-8E08-6EE5928D8558}\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08D05D38D7D092348847B7481BB59E27\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B4750D705E2564409328D661F3A08E1\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2100E8859603A3F4197D1B27E573732C\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26E983F1377593143A37E3BA1C65CB74\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3988C1233C05DA343BC7CA3722778352\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C036A97566BFD147A3318BA9E8EA65E\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CC84F27D09408149894EC0F9A7C017F\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BDFB2601A205D344828E68FC902CAE9\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61C6C9723DC74D64EBD13F8B7F055FE9\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CDC79C82D453D74B90AD77658CE0F2B\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\862061A20CBCB5844ADD940E3D4D97F0\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92BE82F4D303DB55D901F45A13BBBC98\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D010CDB0C7815A48A7F780C5F8AACA7\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A35FB0BA5A29617419E9385DD008C23C\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB101CA032D21DE4B95FECA174B489FE\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFEEBDA8013CAA74C8052DC06F9F22D8\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C65E7C17918171F44B397779E7B97E1F\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D8695A29617419E9385DD008C23C\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC063FFF6402E614191D191F0DE5C5B4\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F18FD125C322BC84286AD21D8B685F2F\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C8F66181D6DDD488BB6F772F71324A\ (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C\ (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Loader\Iminent (Iminent)
   HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\Iminent\ (Iminent)
   HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent\ (Iminent)
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-25 22:30:03)
Gestartet von C:\Users\Staples\Desktop
Windows 10 Home (X64) (2015-08-02 01:20:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1502668225-1892257724-3303000117-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1502668225-1892257724-3303000117-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1502668225-1892257724-3303000117-503 - Limited - Disabled)
Gast (S-1-5-21-1502668225-1892257724-3303000117-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502668225-1892257724-3303000117-1002 - Limited - Enabled)
Staples (S-1-5-21-1502668225-1892257724-3303000117-1000 - Administrator - Enabled) => C:\Users\Staples

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM\...\Steam App 30) (Version:  - Valve)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Haushaltsbuch 5.0 (HKLM-x32\...\{0E6C1531-9546-4153-9D88-689519385319}) (Version: 5.0 - Euchler Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{E7A3B455-76AD-423A-AE5E-F431C69BF2B0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.3.0 (HKLM-x32\...\{9B95B20A-324C-4FEE-AF12-24F0CF0D2580}) (Version: 1.3.0 - The Mumble Developers)
Music Manager (HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\MusicManager) (Version:  - Google, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - Ihr Firmenname)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warkeys 1.21.0.0b (HKLM-x32\...\Warkeys) (Version: 1.21.0.0b - )
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {2A7B3111-CA95-4031-AEBE-F8E78F591055} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {34AE0563-2C0C-441F-B688-908CC3065303} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {34BF107D-76F5-45AD-A9DD-3313F342FAE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {37522DE3-CD46-4659-A0FA-9ACA2B27868A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {388D3AC4-01BA-4663-9003-C0F3B7DDCF9A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {38F102F6-73BF-4552-A978-F529AEB166D0} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {3914F8FB-D065-44BA-ADFB-A266017A2A98} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {3D1F5DB5-186F-4BDE-87AD-C24E5576C1B2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3D46462C-CD47-4D47-B630-A827F78431E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {53BD5C85-07E8-4A3B-975B-CF63B0078021} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {55A71768-B655-420A-B641-74DC7784B873} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {57CFA2A7-4180-456B-BF8A-A1CAC6D0FF5F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {5EC10D66-F719-4668-86C7-4CE76079A0C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {600A2786-3EDA-4639-B8CF-19A96B5D463D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated)
Task: {6F9C441D-CCCA-4CE0-8F2C-E9C5111740C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7998CF8D-D393-41ED-8499-9424214EAD15} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8AF38B8A-F573-4FD1-97FA-34C76E69408F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {94D7DAC8-D08B-4E54-AA90-4E816D264D74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {A0E8D8A4-582C-4A2F-90CC-FF163157F9ED} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {AA6B7129-EF76-4BCC-A791-2011AD059DF1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC9AFF9F-874B-4DC6-9A2E-37AE14FDBEC6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B28A4DF6-2185-42D2-B0A7-E0B90985A4F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C2F99E66-9961-453E-AE82-927BB96932A5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CA3E81D8-FC27-43E9-B52B-E784F76687EE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CF2FA2FF-1A46-4DE6-A460-C662304D48B7} - System32\Tasks\{428DD254-78FD-48CF-AFB3-2C3E7F513096} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="2M02-K09C-4652-C94K-5T44-HAM6-KX7M-078A-3X3C-L9TT-2W5U-821H-1C12-9810-A291-0000"
Task: {D98728C8-1886-465A-8839-A6CA5519CD38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {DB99FD54-021F-4A44-BD01-3FEB47A1DD02} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DBBE0970-979F-4DAD-BEBD-1871B5B13953} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E450177C-00C7-42B1-B73D-9D3E38CA19D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EBB5871C-28D0-44B3-81EE-11DC19349E85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {ECBB05AA-0B80-470E-9367-AE7504FB3970} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-31] (Adobe Systems Incorporated)
Task: {F107F1CF-52E4-4871-959E-200C438020FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FD9D15E4-1BE1-4205-A2A6-8D415DA064B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-08-02 02:52 - 2015-08-02 02:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-02 02:52 - 2015-08-02 02:52 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2010-04-06 14:53 - 2010-04-06 14:53 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00959176 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-11 22:14 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-11 22:14 - 2015-08-03 03:08 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-11 22:14 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00679624 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [125]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys [1792]
AlternateDataStreams: C:\Users\Staples\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\Verlauf:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Documents\desktop.ini:gs5sys [3074]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-07-29 09:43 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Staples\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\startupfolder: C:^Users^Staples^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Battle.net.lnk => C:\Windows\pss\Battle.net.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GameXN GO => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3CA2Q7BT060F:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: MusicManager => "C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{DAB9098E-BCC6-43EA-914C-180FB28B1190}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [TCP Query User{251DD3FB-685E-4277-A791-97947ED3BBDC}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [{463D4E6D-28F7-4D94-A1EF-2AE3B45CC574}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{AE158F70-72C1-46F9-BA84-33C2EA6B3B3A}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{1DF298B3-BCA9-4322-BF0D-7E7A8D0411B3}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [{6BE7CCFD-90A5-47A6-98C0-D94F8828BEFE}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [UDP Query User{43046A62-F0A0-4B78-BC6D-73F1B01E7651}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{87291E13-B742-4A4A-AED6-D08F55710435}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [{BFE6636C-05E2-496D-83EB-354A37E72F72}] => (Allow) E:\FSetup.exe
FirewallRules: [{2F6F6651-43F1-45FE-8A9C-14AE9E829319}] => (Allow) E:\FSetup.exe
FirewallRules: [UDP Query User{E0D19048-7F9B-4F6A-91B7-1590A722B9B4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{78FCE144-CD62-460B-AA88-D6AC01C7055B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5A874BB2-6927-4F44-AE2F-4E3EA3A92D8D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F3921869-22F6-48EA-8FA0-2065F05EEE26}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C309552C-6031-4C74-8CFE-268AFE41FC91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F516593-A61A-4EBB-8DC7-9D4BD3A6339A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CAD7E71-0BD5-4A7C-9DBB-A1066D3C6A25}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{6DC5F174-9CCB-4632-AF90-D738CD1E5594}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{076E4404-43AE-4B3E-91B4-D17DA167A4E9}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{79128DD4-E18B-4A1D-A061-2F0ACB0A4CBE}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{A5C16E36-0195-4CE1-AB02-693C5900B83E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAE76957-0503-40B0-B2F3-8B0C9CBCBD4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33236DBE-44A0-48ED-91AF-01B34211077E}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D07EA77B-DED6-4010-99C5-BFA6E53C158F}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BCC5A689-B1ED-412A-B131-C003122C2F5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D90623C6-113B-469F-B20E-6667CFCCBBE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CF2A2CE-FC1A-4BA6-B8D6-CA8ED53E2855}] => (Allow) LPort=1900
FirewallRules: [{BDA74D07-EE95-44EB-BCA8-DAE09A7C4185}] => (Allow) LPort=7900
FirewallRules: [{3FF958D2-792D-4E41-945D-DFF5316E9344}] => (Allow) LPort=24234
FirewallRules: [{52C311B7-95FA-42CF-A667-B353CFF3CE01}] => (Allow) LPort=7679
FirewallRules: [{1564CB85-C992-4B74-B414-6CB4ED63B1FF}] => (Allow) LPort=7676
FirewallRules: [{05B80B2B-64CA-4120-AED3-FDC1C63268F8}] => (Allow) LPort=8643
FirewallRules: [{94C5872C-096D-45FE-A386-A704F37CCD41}] => (Allow) LPort=8743
FirewallRules: [{85D1FCA6-5AAE-40ED-BC8A-661A80BB825C}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0CDCC238-9293-4960-A01E-ADBC24DE2426}] => (Allow) LPort=5357
FirewallRules: [{E6C70617-CBAC-4EAE-8821-ED72246690C8}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{7A11A418-B75D-4C52-96DA-9CA4B8DD999A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{E81E2219-DCB7-40E3-9C0B-65EE6AB363AF}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{4B2CDB83-6F00-4483-9EC4-5DDEA19FA0AB}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{820B410A-B60B-46BC-B15D-A930CEC2752A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{1A50E5AF-C87D-4180-9BDD-1356CD48961F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{262DE6E1-3D09-4960-B0BD-452E77ED4E4B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{1886E3CF-BBAA-45BA-BDBF-DF68C5649FDA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{622BAA4C-8B46-4565-B206-E2786189BFCA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6389EC2A-ABC7-46A4-B4B6-79C2FEC0B024}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{16313845-2B0C-4CF9-A3A4-19C03180546F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{DD06D80F-7ACB-4661-8F85-699B83430D5A}] => (Allow) LPort=1900
FirewallRules: [{D6471186-80C3-43C1-84E3-742026E8539C}] => (Allow) LPort=2869
FirewallRules: [{70392273-5556-4955-B447-E97E32091F68}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{84DDAC82-808E-4E2D-9789-A52F53C0D4DC}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [TCP Query User{50C46697-1E82-4C15-9E29-B1A32888100E}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [UDP Query User{E5048485-2062-4C31-AC52-00DCEC838ACB}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [TCP Query User{23A89A76-ED93-43B5-8B46-17A9B4C72C2F}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [{974C9DC9-9006-4816-8119-CA81896AAA61}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{17EB269A-3379-47DF-B6B9-9499EA3D64DD}] => (Allow) svchost.exe
FirewallRules: [{AC3A1281-9F11-429D-ADFD-D6D233994896}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{485D1D0E-997B-4638-B1CF-57A62F63A6FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04E04B5C-DE15-460A-914A-A5B081BD09C2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9BE9D350-3FA7-420B-AAD5-56F5F27AB135}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DEF5B45F-AF3C-4AB4-891C-F2C91B263928}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{05C1E0E9-3DEA-440C-BD56-17C383E892B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E52537E4-F94C-4C42-B831-1F656622A8CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7BF7CD7-6A47-4FC6-AFFF-7A8DB6844C2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A860695-8579-416A-A287-40C07810B5BE}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [UDP Query User{6B00BD4E-D83B-4199-BF07-A93E703B642B}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [TCP Query User{6081101E-1662-45E3-97DC-A46F1856706C}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [UDP Query User{92F466A6-9A25-459E-82D3-C6D2B2AC43C1}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [TCP Query User{839A40D7-5698-45A5-AEC4-E880FC49092E}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{BB8B1D12-AAE0-4DE7-98E5-ED54A144FDB6}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{5A85E686-28AD-40A9-AD95-0AB1053FAB9C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{9056D4F4-F01C-40EA-B5C0-325981AD555C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{075F0F34-0735-46B8-8665-55A38DCBB6F4}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [UDP Query User{C75B5420-C5D6-4C49-A150-E68C2BB76418}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [TCP Query User{31F80D6F-AEF1-4457-819E-786C7090118D}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{C0F385F3-870D-4B35-AAB2-F5D43D48C33C}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{EE979479-45C4-459C-887E-C2E698DF3D85}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E04E306A-36DD-459B-ABEC-3D2B65388F3A}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{D5BBB418-E1FF-4F0D-808F-03F8C93F1389}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4781C4DA-2B16-4012-875F-A5E91EA891F3}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{F4E51C64-B712-4C49-8607-2D1F80E314F6}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [UDP Query User{1E67D163-DC92-4131-9178-206AA862968B}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [TCP Query User{91008239-45AF-45C7-876E-C2CC8F1AECD9}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe
FirewallRules: [UDP Query User{08768379-FEF5-42D1-BB62-FDB41C2153A0}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe

==================== Wiederherstellungspunkte =========================

25-04-2016 19:53:40 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/25/2016 10:14:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAPLES-TOSH)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/25/2016 10:14:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAPLES-TOSH)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/25/2016 09:58:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 10.0.10240.16405 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1900

Startzeit: 01d19f2c98be74b6

Beendigungszeit: 0

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: f3f553e1-0b1f-11e6-9c87-e839dfc6bedd

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (04/25/2016 09:57:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (04/25/2016 09:57:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (04/25/2016 09:01:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x1594
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (04/25/2016 08:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x1b68
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (04/25/2016 08:30:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x13b4
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (04/25/2016 08:14:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0xc0c
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (04/25/2016 08:00:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x77c
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5


Systemfehler:
=============
Error: (04/25/2016 10:14:35 PM) (Source: DCOM) (EventID: 10010) (User: STAPLES-TOSH)
Description: App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca

Error: (04/25/2016 07:55:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Windows 10 für x64-Systeme (KB3106246)

Error: (04/25/2016 07:55:04 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: WINDOWS\Device\HarddiskVolumeShadowCopy23

Error: (04/25/2016 07:53:14 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053VSSNicht verfügbar{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (04/25/2016 07:53:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/25/2016 07:53:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Volumeschattenkopie erreicht.

Error: (04/25/2016 07:52:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0xc0000005 fehlgeschlagen: Upgrade auf Windows 10 Home, Version 1511, 10586

Error: (04/25/2016 06:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (04/25/2016 06:46:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Staples\AppData\Local\Temp\ehdrv.sys

Error: (04/25/2016 06:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275


CodeIntegrity:
===================================
  Date: 2016-03-17 00:34:13.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-14 08:44:09.391
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 22:12:58.712
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-06 16:59:53.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 23:08:44.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-28 21:20:12.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-26 16:56:32.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-23 20:21:56.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-23 09:00:54.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-23 09:00:54.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 51%
Installierter physikalischer RAM: 3954.67 MB
Verfügbarer physikalischer RAM: 1904.64 MB
Summe virtueller Speicher: 7922.67 MB
Verfügbarer virtueller Speicher: 5600.22 MB

==================== Laufwerke ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:46.66 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:145.22 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40D49AEE)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Staples (Administrator) auf STAPLES-TOSH (25-04-2016 22:29:00)
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples & DefaultAppPool (Verfügbare Profile: Staples & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avrestart.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [Google Update] => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [MusicManager] => C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk [2016-02-29]
ShortcutTarget: Warkeys Update.lnk -> C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
BootExecute: autocheck autochk /p \??\C:autocheck autochk /m /P \Device\HarddiskVolume2autocheck autochk /m /f \Device\HarddiskVolume2autocheck autochk * 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{214a7604-97a2-44e4-9116-57a232caae45}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e151f280-f994-498c-b104-4491eea55f73}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {4FEE286E-218C-4BF0-B386-BA499B29169B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {D1F998F5-B874-47D1-BDDD-B50E44A73288} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857
FF DefaultSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-31] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\searchplugins\bildde.xml [2015-12-13]
FF Extension: Adblock Plus - C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]

Chrome: 
=======
CHR Profile: C:\Users\Staples\AppData\Local\Google\Chrome\User Data\default

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-08-02] (Broadcom Corporation.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-17] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-08-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
S3 MWAC; \??\C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-08-20] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-08-02] (Toshiba Corporation)
U5 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [212072 2009-09-24] (TOSHIBA CORPORATION)
U5 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50664 2009-06-19] (TOSHIBA Corporation)
U5 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94336 2009-06-19] (TOSHIBA Corporation.)
U5 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63856 2009-08-05] (TOSHIBA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-25 22:29 - 2016-04-25 22:29 - 00020529 _____ C:\Users\Staples\Desktop\FRST.txt
2016-04-25 21:59 - 2016-04-25 22:27 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-25 21:59 - 2016-04-25 21:59 - 11441744 _____ (SurfRight B.V.) C:\Users\Staples\Downloads\HitmanPro_x64.exe
2016-04-25 21:52 - 2016-04-25 21:52 - 00016148 _____ C:\WINDOWS\system32\STAPLES-TOSH_Staples_HistoryPrediction.bin
2016-04-25 18:42 - 2016-04-25 18:42 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-25 18:41 - 2016-04-25 18:42 - 02870984 _____ (ESET) C:\Users\Staples\Desktop\esetsmartinstaller_deu.exe
2016-04-25 16:42 - 2016-04-25 18:09 - 00011089 _____ C:\Users\Staples\Desktop\Fixlog.txt
2016-04-25 13:35 - 2016-04-25 13:54 - 00009772 _____ C:\Users\Staples\Desktop\Haushalt.xlsx
2016-04-24 19:27 - 2016-04-24 19:28 - 00000846 _____ C:\Users\Staples\Desktop\JRT.txt
2016-04-24 19:21 - 2016-04-24 19:23 - 01610008 _____ (Malwarebytes) C:\Users\Staples\Desktop\JRT.exe
2016-04-24 18:29 - 2016-04-24 18:29 - 00001182 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-24 18:27 - 2016-04-24 18:27 - 22851472 _____ (Malwarebytes ) C:\Users\Staples\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-24 18:15 - 2016-04-24 18:18 - 00000000 ____D C:\AdwCleaner
2016-04-24 18:14 - 2016-04-24 18:15 - 03683904 _____ C:\Users\Staples\Desktop\AdwCleaner_5.112.exe
2016-04-24 18:05 - 2016-04-24 18:05 - 00001090 _____ C:\Users\Public\Desktop\Mumble.lnk
2016-04-24 18:05 - 2016-04-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-04-24 18:05 - 2016-04-24 18:05 - 00000000 ____D C:\Program Files (x86)\Mumble
2016-04-23 22:15 - 2016-04-23 22:24 - 00270208 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_22.15.24_log.txt
2016-04-23 22:07 - 2016-04-23 22:13 - 00270208 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_22.07.52_log.txt
2016-04-23 22:06 - 2016-04-23 22:07 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Staples\Desktop\tdsskiller.exe
2016-04-23 22:03 - 2016-04-25 22:29 - 00000000 ____D C:\FRST
2016-04-23 22:02 - 2016-04-23 22:03 - 02375680 _____ (Farbar) C:\Users\Staples\Desktop\FRST64.exe
2016-04-19 00:09 - 2016-04-19 00:09 - 00000000 ____D C:\Users\Staples\Documents\Diablo II
2016-04-19 00:07 - 2016-04-19 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-04-18 23:25 - 2016-04-18 23:25 - 02771704 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_deDE.exe
2016-04-18 23:12 - 2016-04-18 23:13 - 02689174 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
2016-04-15 20:41 - 2016-04-15 20:41 - 00000017 _____ C:\WINDOWS\SysWOW64\shortcut_ex.dat
2016-04-12 21:11 - 2016-04-15 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-08 21:43 - 2016-04-08 21:43 - 00016622 _____ C:\Users\Staples\Documents\Sobri.odt
2016-04-03 07:37 - 2016-04-03 07:37 - 00275040 _____ C:\WINDOWS\Minidump\040316-38109-01.dmp
2016-03-28 20:14 - 2016-03-28 20:14 - 00000000 ____D C:\Users\Staples\AppData\Local\Steam

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-25 21:44 - 2014-08-04 23:59 - 00001154 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job
2016-04-25 21:32 - 2016-01-10 22:13 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 20:39 - 2014-08-04 23:59 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job
2016-04-25 19:32 - 2016-01-10 22:13 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-25 18:40 - 2015-10-30 21:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-25 18:25 - 2015-12-12 21:58 - 00000000 ____D C:\WINDOWS\Panther
2016-04-25 18:24 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-25 18:13 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-25 18:11 - 2015-08-13 20:58 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-25 18:11 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-25 16:42 - 2014-01-18 21:17 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Mumble
2016-04-25 16:40 - 2014-01-18 21:26 - 00000000 ____D C:\Users\Staples\AppData\Local\Battle.net
2016-04-25 09:55 - 2014-01-18 21:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-25 08:17 - 2014-01-18 21:34 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-25 00:50 - 2010-10-31 01:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE5EF183-990B-42DC-8793-FA5A454ADFA0}
2016-04-24 23:05 - 2014-07-22 18:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-24 20:47 - 2014-01-01 11:54 - 00000000 ____D C:\Users\Staples\Desktop\Spiele
2016-04-24 18:40 - 2014-08-15 21:33 - 00049536 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\agremove.exe
2016-04-24 18:39 - 2015-08-02 01:59 - 00017920 _____ C:\WINDOWS\system32\rpcnetp.exe
2016-04-24 18:30 - 2015-08-27 21:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-24 18:29 - 2015-08-27 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-24 18:29 - 2015-08-27 21:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-04-24 18:18 - 2015-08-02 02:11 - 00000000 ____D C:\Users\Staples
2016-04-24 10:38 - 2014-01-01 11:54 - 00000000 ___RD C:\Users\Staples\Desktop\Programme
2016-04-24 10:33 - 2014-07-05 10:58 - 00000000 ____D C:\Users\Staples\Documents\JTP
2016-04-23 10:42 - 2014-12-08 22:53 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-04-22 21:51 - 2015-08-02 03:25 - 00002400 _____ C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-22 21:51 - 2015-08-02 03:25 - 00000000 ___RD C:\Users\Staples\OneDrive
2016-04-22 20:04 - 2015-08-02 02:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-22 15:46 - 2015-08-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-20 12:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-19 00:14 - 2011-09-22 17:56 - 00000618 _____ C:\BnetLog.txt
2016-04-19 00:09 - 2010-10-29 17:20 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-04-16 22:27 - 2010-11-01 16:50 - 00000000 ____D C:\Users\Staples\AppData\Roaming\TS3Client
2016-04-15 20:39 - 2013-12-27 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 23:02 - 2013-08-15 01:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 22:56 - 2010-10-31 19:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-11 17:51 - 2015-08-02 02:09 - 00007412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-11 17:51 - 2015-07-10 18:34 - 01165958 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-11 17:51 - 2015-07-10 18:34 - 00279796 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-06 20:32 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 07:37 - 2015-08-02 17:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-31 22:57 - 2012-12-25 11:58 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-31 20:28 - 2012-12-25 11:58 - 00003876 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-30 20:47 - 2014-12-27 00:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-03-28 21:07 - 2014-07-22 19:35 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-10-31 19:55 - 2010-10-31 19:55 - 0000095 _____ () C:\Users\Staples\AppData\Local\fusioncache.dat
2014-08-01 23:59 - 2014-08-01 23:59 - 0016958 _____ () C:\Users\Staples\AppData\Local\gem.ico
2014-08-01 23:59 - 2014-08-01 23:59 - 0127112 _____ () C:\Users\Staples\AppData\Local\mybet.ico
2014-03-29 01:34 - 2014-11-18 20:59 - 0007607 _____ () C:\Users\Staples\AppData\Local\Resmon.ResmonCfg
2014-06-17 15:35 - 2014-06-17 15:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-02 12:45 - 2010-11-02 12:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-12-07 00:47 - 2015-12-07 00:47 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-18 23:41

==================== Ende von FRST.txt ============================
         
Beim FRst FIX hat es echt lange gedauert...
hier die Log-Datein.


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d3f035e020eaa14d8f4a60937334a7b5
# end=init
# utc_time=2016-04-25 04:42:29
# local_time=2016-04-25 06:42:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 29232
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d3f035e020eaa14d8f4a60937334a7b5
# end=updated
# utc_time=2016-04-25 04:46:12
# local_time=2016-04-25 06:46:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d3f035e020eaa14d8f4a60937334a7b5
# engine=29232
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-25 07:34:34
# local_time=2016-04-25 09:34:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 37997 24670607 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3369603 25086886 0 0
# scanned=350616
# found=0
# cleaned=0
# scan_time=10102
         

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-25 16:42:16) Run:1
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples &  (Verfügbare Profile: Staples & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
Task: {2D34A571-4CEC-421F-9378-CFB7FBCD5780} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {374703C8-047E-458E-A707-64ED95105CB7} - \HDvid Codec V1-updater -> Keine Datei <==== ACHTUNG
Task: {452475D1-F5A5-4BD8-9CCE-824B69FBFA48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA} - \ConfigFree Startup Programs -> Keine Datei <==== ACHTUNG
Task: {54FC8C20-F3B3-405F-B5D3-2C297BCBBB95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {567F5A78-2F13-44C0-8F13-EFD9C5A76050} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {71459263-08A6-43E0-B086-911E2AA8F233} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8350377D-88D4-4A82-8581-C3E3F5D702E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B02C24DE-42E0-45C3-8DCB-74F600BF51FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B45B70A8-461A-4044-88D2-DAAE989E045A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C1F73BFD-54A2-4477-9E0C-9757930AD47E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C9E936DA-9486-4A23-8FF0-225CEA97CB40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D34A571-4CEC-421F-9378-CFB7FBCD5780}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D34A571-4CEC-421F-9378-CFB7FBCD5780}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{374703C8-047E-458E-A707-64ED95105CB7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{374703C8-047E-458E-A707-64ED95105CB7}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid Codec V1-updater => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{452475D1-F5A5-4BD8-9CCE-824B69FBFA48}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{452475D1-F5A5-4BD8-9CCE-824B69FBFA48}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConfigFree Startup Programs => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54FC8C20-F3B3-405F-B5D3-2C297BCBBB95}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54FC8C20-F3B3-405F-B5D3-2C297BCBBB95}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{567F5A78-2F13-44C0-8F13-EFD9C5A76050}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567F5A78-2F13-44C0-8F13-EFD9C5A76050}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71459263-08A6-43E0-B086-911E2AA8F233}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71459263-08A6-43E0-B086-911E2AA8F233}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8350377D-88D4-4A82-8581-C3E3F5D702E5}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8350377D-88D4-4A82-8581-C3E3F5D702E5}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B02C24DE-42E0-45C3-8DCB-74F600BF51FC}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B02C24DE-42E0-45C3-8DCB-74F600BF51FC}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B45B70A8-461A-4044-88D2-DAAE989E045A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B45B70A8-461A-4044-88D2-DAAE989E045A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1F73BFD-54A2-4477-9E0C-9757930AD47E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1F73BFD-54A2-4477-9E0C-9757930AD47E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9E936DA-9486-4A23-8FF0-225CEA97CB40}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9E936DA-9486-4A23-8FF0-225CEA97CB40}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BFE" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BITS" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\msiserver" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vss" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BITS" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\msiserver" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vss" => Schlüssel erfolgreich entfernt

========= RemoveProxy: =========

HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

EmptyTemp: => 5.3 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:09:49 ====
         

Alt 26.04.2016, 15:04   #10
M-K-D-B
/// TB-Ausbilder
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Servus,



Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind
    Iminent
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.04.2016, 19:55   #11
StefanHe
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



hey,

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 20:53 on 26/04/2016 by Staples
Administrator - Elevation successful

========== regfind ==========

Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader]
"Iminent"="software\Iminent\Assemblies"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent]

-= EOF =-
         

Alt 27.04.2016, 15:17   #12
M-K-D-B
/// TB-Ausbilder
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Servus,





Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!









Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup:
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.




Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.




Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.04.2016, 20:17   #13
StefanHe
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Der PC hat ca. 20 minuten zum Neustart nach Fabers gebraucht. Nochmal fünf für das Starten von Mozilla.
Beim Neustart wurde mir für ca. 1 Sek ein Container?-Fehler eingeblendet. Ging aber zu schnell um es zu lesen.

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-27 20:22:17) Run:2
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples & DefaultAppPool (Verfügbare Profile: Staples & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent
EmptyTemp:
end
     
*****************

Prozess erfolgreich geschlossen.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent => Schlüssel erfolgreich entfernt
EmptyTemp: => 49.6 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 20:54:29 ====
         

Alt 28.04.2016, 15:33   #14
M-K-D-B
/// TB-Ausbilder
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Wie sieht es mit dem Starten nach einem erneuten Neustart aus?
Dauert es immer noch so lange?
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 28.04.2016, 21:32   #15
StefanHe
 
Windows reagiert oft nicht. Fund durch Avira - Standard

Windows reagiert oft nicht. Fund durch Avira



Ja, es ist jetzt echt grausam geworden. Hier geht kaum noch was. Surfen, zocken usw. nicht/kaum möglich.
Irgentwelche Lösungen?

Antwort

Themen zu Windows reagiert oft nicht. Fund durch Avira
aktuell, avira, fund, funde, hoffe, laptop, laufe, laufen, nicht, nicht mehr, quara, quarantäne, reagiert, sauberes, surfe, surfen, system, windows, zocken



Ähnliche Themen: Windows reagiert oft nicht. Fund durch Avira


  1. TR/Crypt.XPACK.Gen7 Fund durch Avira
    Plagegeister aller Art und deren Bekämpfung - 15.03.2016 (19)
  2. Windows 7: Avira hat ADSPY/Skrum.EL & PUA/OpenCandy.GEN gefunden + 1 weiterer Fund durch Malwarebytes
    Log-Analyse und Auswertung - 29.02.2016 (15)
  3. Trojaner Fund durch Avira
    Plagegeister aller Art und deren Bekämpfung - 18.04.2015 (22)
  4. Windows 8: Adware Fund durch Avira
    Log-Analyse und Auswertung - 07.03.2015 (17)
  5. Windows 7 Ultimate 32-bit: Fund durch AVIRA EXP/JAVA.Edilage.Gen
    Log-Analyse und Auswertung - 08.12.2014 (9)
  6. Fund TR/Crypt.XPACK.Gen2 durch Avira
    Log-Analyse und Auswertung - 25.11.2014 (32)
  7. Windows 8: Durch JS/Gfilter.Ba infiziert, Avira lässt sich nicht deaktivieren
    Log-Analyse und Auswertung - 25.07.2014 (16)
  8. Windows reagiert nach kleinigkeiten nicht mehr.Dropper.gen fund.
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (7)
  9. Windows 7 Starter: Avira Trojaner-Fund lässt sich nicht beseitigen (Atraps.Gen2)
    Log-Analyse und Auswertung - 06.09.2013 (21)
  10. Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM
    Log-Analyse und Auswertung - 13.01.2013 (20)
  11. Avira Free Antivirus reagiert nicht, Malwarebytes durchlaufen lassen
    Plagegeister aller Art und deren Bekämpfung - 11.12.2012 (4)
  12. Fund durch Avira: TR/Dropper.Gen in D:\Sonstiges\Treiber\CREATIVE\Audible\Manager_Creative.cab
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (1)
  13. Avira Systemprüfung reagiert nicht
    Plagegeister aller Art und deren Bekämpfung - 13.01.2012 (8)
  14. BOO/Alureon.C Fund durch Avira Anti Vir standard edition
    Log-Analyse und Auswertung - 17.07.2011 (19)
  15. Bluescreen nach Crypt.XPACK.Gen3 -Fund durch Avira
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (6)
  16. Drop.A.zaq.52224 fund durch Avira
    Log-Analyse und Auswertung - 21.08.2010 (26)
  17. Trojaner-Fund TR/Click.Yabector.262830 durch Avira
    Log-Analyse und Auswertung - 04.02.2010 (24)

Zum Thema Windows reagiert oft nicht. Fund durch Avira - Moin, da mein Laptop (zwar betagt, aber durchaus nützlich) beim zocken, aber auch beim surfen, oft nicht mehr reagiert, habe ich Avira drüber laufen lassen und die Funde in Quarantäne - Windows reagiert oft nicht. Fund durch Avira...
Archiv
Du betrachtest: Windows reagiert oft nicht. Fund durch Avira auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.