| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Mail-Account gehackt, Avast zeigt Trojaner anWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.06.2016, 15:03
| #1 |
| |  Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Einen guten Tag wünsche ich allen, ich habe gestern Abend einen Anruf bekommen, dass von meiner E-Mail-Adresse bei Yahoo Spam-Mails verschickt wurden. Als ich nachgeschaut habe, habe ich gesehen, dass die Mail von einer fremden Adresse kam, die aber meinen vollen Namen enthielt und dass zudem Adressen aus meinem Adressbuch verwendet wurden. Bei einem Scan mit Avast wurde mir Win32:Hupigon-ONX als Trojaner angezeigt mit dem Dateinamen C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Eine Suche mit dem ESET Online Scanner hat keine Ergebnisse gezeigt, Scans mit AdwCleaner und Anti-Malware haben dagegen relativ viele Ergebnisse gezeigt. Ich bin daher ein bisschen in Sorge, dass sich einige Viren oder sonstige Schadprogramme auf meinem PC befinden. Allerdings wollte ich mich vor dem Löschen erst mal an euch wenden, bevor ich irgendetwas unnötigerweise lösche. Hier die Logfiles FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016 durchgeführt von ***** (Administrator) auf ***** (03-06-2016 11:46:12) Gestartet von D:\ Geladene Profile: ***** (Verfügbare Profile: ***** & *****) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Apple Inc.) D:\itunes (1)\iTunesHelper.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () Q:\140066.enu\Office14\WINWORDC.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe () Q:\140066.enu\Office14\OffSpon.EXE (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Malwarebytes) D:\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => D:\itunes (1)\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Plugin Install] => D:\Quicktime\Plugins\DeleteMe1.exe HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NPSStartup] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-12] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10] ShortcutTarget: Audible Download Manager.lnk -> D:\Audible\Bin\AudibleDownloadHelper.exe (Keine Datei) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) ProxyServer: [S-1-5-21-1078192431-239819200-2145751044-1000] => http=5.133.176.199:3128 Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{F8CE8708-5C3F-48FF-996E-AFF92665AD4C}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800 SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800 SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {07D56749-CE28-4EAD-98CF-98486A8E78D3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557 SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557 BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\*****\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-12] (AVAST Software) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO-x32: Kein Name -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-12] (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM-x32 - Kein Name - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - Keine Datei Toolbar: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Kein Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Keine Datei FireFox: ======== FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104 FF Homepage: google.de FF NetworkProxy: "backup.ftp", "212.29.229.21" FF NetworkProxy: "backup.ftp_port", 80 FF NetworkProxy: "backup.socks", "212.29.229.21" FF NetworkProxy: "backup.socks_port", 80 FF NetworkProxy: "backup.ssl", "212.29.229.21" FF NetworkProxy: "backup.ssl_port", 80 FF NetworkProxy: "ftp", "198.50.129.9" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "gopher", "119.4.115.51" FF NetworkProxy: "gopher_port", 80 FF NetworkProxy: "http", "198.50.129.9" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "198.50.129.9" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "198.50.129.9" FF NetworkProxy: "ssl_port", 3128 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-16] () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2013-12-09] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08] FF Extension: Modify Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-04-27] FF Extension: Video DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24] FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF Extension: DownThemAll! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15] FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-05-27] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-13] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-13] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-06-01] Chrome: ======= CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden> CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden> CHR HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden> CHR HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-12] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-12] (AVAST Software) R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-04-28] (Electronic Arts) S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies) R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [Datei ist nicht signiert] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-12] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-12] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-12] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-12] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-12] (AVAST Software) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation) [Datei ist nicht signiert] R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-03] (Malwarebytes) S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.) [Datei ist nicht signiert] R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-23] (Duplex Secure Ltd.) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.) U5 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2010-11-21] (Microsoft Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.) S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-03 11:46 - 2016-06-03 11:46 - 00000000 ____D C:\FRST 2016-06-03 11:32 - 2016-06-03 11:44 - 00022232 _____ C:\Users\*****\Desktop\mbam.txt 2016-06-03 11:18 - 2016-06-03 11:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-03 11:18 - 2016-06-03 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-06-03 11:17 - 2016-06-03 11:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-06-03 11:17 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-06-03 11:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-06-03 11:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-06-02 21:21 - 2016-06-02 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16 2016-06-01 21:34 - 2016-06-02 15:15 - 00000000 ____D C:\Users\*****\Documents\Citavi 5 2016-06-01 21:34 - 2016-06-01 21:47 - 00000000 ____D C:\Users\*****\AppData\Roaming\Swiss Academic Software 2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5 2016-06-01 21:32 - 2016-06-01 21:32 - 00000000 ____D C:\Users\*****\AppData\Local\Downloaded Installations 2016-05-31 18:22 - 2016-05-31 18:22 - 00135152 _____ C:\Users\*****\AppData\Local\recently-used.xbel 2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\Public\CyberLink 2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\*****\Documents\CyberLink 2016-05-30 23:40 - 2016-05-30 23:40 - 00000000 ____D C:\Users\*****\AppData\Local\Cyberlink 2016-05-30 23:33 - 2016-06-03 01:50 - 00000000 ____D C:\Program Files (x86)\CyberLink 2016-05-30 23:33 - 2016-05-30 23:33 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information 2016-05-30 23:30 - 2016-06-03 01:50 - 00000000 ____D C:\ProgramData\SUPPORTDIR 2016-05-30 23:30 - 2016-05-30 23:41 - 00000000 ____D C:\ProgramData\CyberLink 2016-05-30 23:30 - 2016-05-30 23:30 - 00000000 ____D C:\ProgramData\install_clap 2016-05-26 00:28 - 2016-06-02 20:11 - 00149015 _____ C:\Users\*****\Desktop\2016_06rechnung_5616687642.pdf 2016-05-11 11:35 - 2016-05-11 11:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\com.bby.cinemanowca 2016-05-11 01:18 - 2016-05-15 12:14 - 00000000 ____D C:\Users\*****\Desktop\Rupp 2013 ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-03 10:43 - 2015-08-05 14:55 - 00000000 ____D C:\Users\*****\Desktop\Neuer Ordner (6) 2016-06-03 10:24 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-03 10:24 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-03 10:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-03 02:18 - 2013-03-25 22:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client 2016-06-03 01:50 - 2012-04-20 17:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-06-03 00:08 - 2014-07-30 23:58 - 00000000 ____D C:\ProgramData\Origin 2016-06-02 21:22 - 2013-12-18 02:18 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc 2016-06-02 21:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-06-02 15:35 - 2014-09-10 00:10 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-02 00:05 - 2016-05-03 14:14 - 00000000 ____D C:\Users\*****\Desktop\BA-Arbeit Kapitel 2016-06-01 17:04 - 2011-04-12 09:43 - 00701778 _____ C:\Windows\system32\perfh007.dat 2016-06-01 17:04 - 2011-04-12 09:43 - 00150420 _____ C:\Windows\system32\perfc007.dat 2016-06-01 17:04 - 2009-07-14 07:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-01 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-31 22:27 - 2016-01-28 12:27 - 00000000 ____D C:\Users\*****\.gimp-2.8 2016-05-31 18:22 - 2014-01-07 20:51 - 00000000 ____D C:\Users\*****\AppData\Local\gtk-2.0 2016-05-30 16:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-22 11:45 - 2012-09-17 12:04 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-05-19 18:40 - 2015-11-06 00:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-18 00:02 - 2016-04-26 13:39 - 00000000 ____D C:\Users\*****\Desktop\Transkripte für BA-Arbeit 2016-05-16 11:14 - 2013-03-11 20:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-16 11:14 - 2013-03-11 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-15 14:31 - 2015-11-13 18:50 - 00000000 ____D C:\Users\*****\AppData\Local\Clan_prefs 2016-05-13 01:11 - 2014-12-27 13:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-09 22:58 - 2014-05-27 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-09 22:56 - 2015-04-29 12:02 - 00000000 ____D C:\Users\*****\dwhelper 2016-05-09 13:48 - 2015-05-29 22:41 - 00000000 __SHD C:\AI_RecycleBin 2016-05-08 16:56 - 2015-12-26 13:16 - 00000000 ____D C:\Users\*****\AppData\Local\UnrealEngine 2016-05-08 11:45 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-04 00:17 - 2016-04-12 22:56 - 00000000 ____D C:\Users\*****\Desktop\KGS ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-02-24 00:43 - 2016-03-28 16:51 - 0001456 _____ () C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2016-05-31 18:22 - 2016-05-31 18:22 - 0135152 _____ () C:\Users\*****\AppData\Local\recently-used.xbel 2015-06-07 02:41 - 2015-06-07 02:41 - 0007605 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg 2014-06-08 16:27 - 2016-05-15 02:23 - 0002703 _____ () C:\ProgramData\flcd_proxy.log 2013-03-30 00:02 - 2013-03-30 00:14 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-28 00:28 ==================== Ende von FRST.txt ============================ Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-06-2016
durchgeführt von ***** (2016-06-03 11:46:36)
Gestartet von D:\
Windows 7 Professional Service Pack 1 (X64) (2012-04-20 15:20:37)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1078192431-239819200-2145751044-500 - Administrator - Disabled)
Gast (S-1-5-21-1078192431-239819200-2145751044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1078192431-239819200-2145751044-1003 - Limited - Enabled)
***** (S-1-5-21-1078192431-239819200-2145751044-1000 - Administrator - Enabled) => C:\Users\*****
Mcx1-*****-PC (S-1-5-21-1078192431-239819200-2145751044-1001 - Limited - Enabled) => C:\Users\Mcx1-*****-PC
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Access 97rt PAN EURO G (HKLM-x32\...\Access 97rt PAN EURO G) (Version: - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version: - )
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.08005 - Cisco Systems, Inc.) Hidden
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
CLAN (HKLM-x32\...\{00868CD9-BEB1-4D2C-8307-4AD82C48501A}) (Version: 2.11.00 - CMU)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.42.13482.16 - Electronic Arts)
Fragen-Lern-CD 4.3 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1) (Version: 4.3.5 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.3 (x32 Version: 4.3.5 - Wendel-Verlag GmbH) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: - Intel(R) Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6134.5007 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Yu-Gi-Oh! The Dawn of a New Era Version 5.0.18.3673 (HKLM-x32\...\{1F276EF8-ACD8-4805-845C-BA1FC14DCB3B}_is1) (Version: 5.0.18.3673 - Kaiba Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0071A13B-6B94-46F2-9FB6-ADE22483D5A5} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for *****-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {0CC6A309-3F84-4134-8FFB-9171C1FE2932} - System32\Tasks\{1DBE5654-06A6-4930-B238-0DF98147764A} => pcalua.exe -a C:\Users\*****\AppData\Local\TNT2\2.0.0.1627\TNT2User.exe -c /UNINSTALL PARTNER=10557
Task: {172DF47C-9163-4CC4-AB32-7BB276417631} - System32\Tasks\{45912AD4-8F33-4D8D-9554-A80AA320F031} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {1AE6AEA5-5C3E-4F4B-BC06-6AAD7A21D250} - System32\Tasks\{173E985D-BE0F-4425-BDB3-341AF9AB4146} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SSBCUninstall.exe
Task: {2191EFF0-B8A4-4E70-AB0C-A64B67600B84} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {2585F3CA-5711-4D62-B6F5-A199FED58DC7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2B2EA069-9304-4BDF-AF20-4B017C27CC4C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {2B428C53-209C-48C4-A188-624C9CA70FF9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3C96134A-FC2F-4E4B-9EF9-2700AD0D00E6} - System32\Tasks\{66823191-2EB3-47EC-A19A-02C731EA27C2} => pcalua.exe -a E:\dx7ager.exe -d E:\
Task: {3E76700B-2384-4F18-834F-35983FBB8F26} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-12] (AVAST Software)
Task: {4ABB64DA-07A2-46BD-A64B-3E69D48CEC3E} - System32\Tasks\{8CE18D4A-43FB-4D4B-BD63-0B634CDFAFA1} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {4C7DC039-C318-4A43-B7A9-728234D2A737} - System32\Tasks\{AF90126A-79C8-4274-AD4E-38A1B3BDC08D} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {5CEE0A7A-9A24-42B3-A8C4-B264A07E3434} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6672CE13-36D9-4D89-A012-3893126F7B86} - System32\Tasks\{3F24D816-EF75-43E8-9F64-50F1E3DB735E} => pcalua.exe -a C:\Users\*****\Desktop\PESEdit.com_2012_Patch_3.3.1\Installer.exe -d C:\Users\*****\Desktop\PESEdit.com_2012_Patch_3.3.1
Task: {7466DEB7-CB2E-42E6-8A50-621C46C0643E} - System32\Tasks\{60731E58-7FFB-4725-8A0E-4938AF74C082} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {803F5571-B947-425E-A2A9-40FFBEC293E0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {83CE7615-E7E2-40A5-A872-AC1C004B734C} - System32\Tasks\{79A0981F-23F9-4972-A067-D5910A7DAAE0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Task: {883A3927-A45D-4675-BF91-F2EFFA4ACB36} - System32\Tasks\{3670FBCA-2A3C-470A-B293-977CB288DA46} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -c -runfromtemp -l0x0407 -removeonly
Task: {91981B81-7214-48D1-A774-78CBDD928779} - System32\Tasks\{045A154F-0301-4AE9-858C-C7E12566F748} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {99519820-DA6F-4713-802E-8FF328DFC9A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A5ED77AC-6AED-406F-9953-2B16D36EB5F3} - System32\Tasks\{EE93492B-829F-46B8-8BA2-7225EA8C38FE} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {AB7F177B-533D-4559-A658-B5260C43D430} - System32\Tasks\{05376299-63E3-40B4-B000-3BAC939D67C1} => pcalua.exe -a C:\Users\*****\Desktop\epson375890eu.exe -d C:\Users\*****\Desktop
Task: {BA07FC55-F1EB-4D5A-8725-902184DD8A13} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BCAB8935-3339-458D-8B1B-0C0E79442CB0} - System32\Tasks\{B1D11270-DC0A-443F-A2C2-7886CB6545AC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {C04C3B6E-DB4A-4790-9455-7A5DB41505BC} - System32\Tasks\{5877E4B1-A854-461D-A464-83E4E03E4047} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {C515F816-D0D4-48C2-81DE-84D0EAB44AC6} - System32\Tasks\{87B8B25C-F246-4C50-A323-E5115EC007AB} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {D2100B8D-CFCF-4F46-B4C7-38B6BF8FF944} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe
Task: {D31D2427-00AE-4BC4-8DF4-2F9F421DDFBA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {DB898384-D1F3-4649-9244-0A6C28D7214B} - System32\Tasks\{C4C55CCC-9DBF-451F-B551-657EA06F68C0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {DC416041-539F-4378-B0DE-9585A0443A5A} - System32\Tasks\{D3869556-B4D2-45ED-9BB6-9B033BF40786} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {E69AC183-3C16-4AB6-BE2C-67EEFE889F79} - System32\Tasks\{8FE250CF-A532-4D2A-89E2-D971EBC570C8} => pcalua.exe -a C:\Users\*****\Desktop\epson29817eu.exe -d C:\Users\*****\Desktop
Task: {E88DA03D-B7F8-4978-9C38-D24035CD37F9} - System32\Tasks\{6E7BB2E2-DB0B-46AD-A7FD-CD4EBAE55CA1} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.64.105/de/abandoninstall?page=tsProgressBar
Task: {EB234CD3-AE7B-4C04-BA18-B6510C3CA55B} - System32\Tasks\{BCDD38EF-0904-43CC-B055-D9F7168A70CD} => D:\StreamTransport\StreamTransport.exe
Task: {F2679F97-D496-4E85-BCBD-70F9956D2763} - System32\Tasks\{B08A6FA7-7E3B-4CDF-8D07-44CDA2804BD1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {F560CC06-3682-441B-A3E7-77352D1C586D} - System32\Tasks\{78685E25-AE26-47B9-BD42-866A20EDC10B} => pcalua.exe -a C:\Users\*****\Downloads\streaming_optimizer_setup.exe -d C:\Users\*****\Downloads
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2012-02-07 21:54 - 2012-02-07 21:54 - 00078624 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-11-03 12:21 - 2015-11-03 12:21 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-12 14:29 - 2016-02-12 14:29 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-12 14:29 - 2016-02-12 14:29 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-02 11:15 - 2016-06-02 11:15 - 02984152 _____ () C:\Program Files\AVAST Software\Avast\defs\16060200\algo.dll
2016-04-14 18:04 - 2016-04-14 18:04 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll
2016-01-15 13:06 - 2016-01-15 13:06 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-04-20 17:58 - 2012-02-21 06:09 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\ProcessPrivileges.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\System.ComponentModel.Composition.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Interop.TaskScheduler.dll
2016-05-16 11:14 - 2016-05-16 11:14 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94298785-BBE7-4803-9808-176D43C4E216}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9688D9CD-38B3-4C6C-85A2-93D8171E3856}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{A6853C33-7D72-4FBC-8627-2A87A55919CA}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [UDP Query User{E0A83EAB-E379-46B6-827E-F0CB77D07E10}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [TCP Query User{01277258-7A3B-4271-9FE7-D4C8607EFA3C}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [UDP Query User{05AF7882-6A87-4B7F-985A-466333B07AC9}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [TCP Query User{D4FD44CC-6F86-465D-9660-EE25780533C4}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [UDP Query User{F5DB8AF0-02B2-47B5-B66A-FD4CD46F78C6}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [TCP Query User{ABDBE795-B056-45E6-9256-94B5C1A48326}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{6B65D548-037A-4A83-8228-4BE7B053A9CC}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{4A90897E-CD4A-4603-A076-2F7603EC17D8}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{8F60A005-04AB-475E-A786-8BFE92808589}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [TCP Query User{49375053-5C68-432F-9781-AC33999F0008}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{4AD3975C-C6E2-4052-AC09-49C919E916C0}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{76CCD08E-FDC4-45B3-BBE4-7F35660D2830}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6177E29A-7E97-423E-9E31-7D391AC1DB6F}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{AF591D2A-0520-4C36-93B3-14AEDAF3A549}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{F983E86F-E76F-4B3D-A004-ACA22CB80938}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{9E4C7613-42CC-4CE2-A645-F2BF96921709}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{30B4081A-2283-41D8-9FBB-B08E8024C881}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{36FD5D36-DF53-4F09-9EDD-152F3F4BA620}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{09310F29-FC7C-4CB4-AB3C-5CA3164757C9}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{EB6E2773-E0F1-4B00-9466-22FB253C88ED}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{E34E6481-9AD7-43AC-AD41-2D8092EDD9CB}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{B6D4044F-D5C8-4087-9B41-7C656EFD9149}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FD68BD03-E04C-4AF5-AEEE-5DAB69C75FB0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C43B7741-5F17-4FBD-BD41-891C55C5ACAD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{E59ABD5C-70B2-4F9C-9BB8-B01DBD44F9EF}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [UDP Query User{98E8DCE4-788A-4E6B-93D6-5579ED579B1E}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [TCP Query User{E71AEEB1-01BD-41AA-8F36-CFF524807B0C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A8BDF807-1C34-419B-A7F5-0D1075FD766C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{DF9C7B38-72C8-4905-BF17-15E3D33793AC}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [UDP Query User{0394E352-ADD2-4B0C-B227-441231BCE97D}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [{8DC61941-EEDE-4959-9AA0-EAD07FDC4DE9}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7D198C55-19F3-4229-8FD4-E8894F94A13D}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F74C777F-9F65-4418-9779-CBFA100AE30E}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{98DFE08A-1684-455A-A9A4-6264C9E3F784}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{77167C1C-9004-42E2-9BA7-1FBC770B7E89}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{C324AD62-C264-434E-AD50-8685C9A654C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{46242EFF-72ED-474C-A15E-17507B313216}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DFD8F70A-D886-49EE-BDA7-ECAB1088734E}C:\users\*****\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\*****\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [UDP Query User{5D149EAF-08DC-4881-953D-68177630FAE6}C:\users\*****\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\*****\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [{98C691AC-BCA1-43BD-9DF9-86705F0542F8}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{64A1F775-9F00-4698-BB1C-30234E5E4C75}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{2FF169A4-6B8B-47B4-8724-AE2FCC1B5015}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{F35D6A8D-B3A8-4C01-8956-EBA0A2DF5B1B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{C93155AD-0155-461F-9200-3B8A9E14577B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF829D10-FEE8-4A39-895B-5A270CB8193F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{556741C3-6B18-407D-A36B-2E33091DB2CD}] => (Allow) D:\npsasvr.exe
FirewallRules: [{E36BC25E-DAF0-4A7E-89B8-6EEB3D37F4C7}] => (Allow) D:\npsasvr.exe
FirewallRules: [{4068BB2E-1E2B-4B35-A5F3-830CC0C31A87}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{06CE6F3F-592D-40F3-9352-212C5AF4B359}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{9EA2F439-5C3C-4CC5-A09F-71ABF4F3AB84}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{A69E688A-D28D-4D8A-92D0-74756BE0349B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0A5FCF11-E7F2-4F81-9F43-71AF4D6374F6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{9D2AAA30-7887-4F75-B937-F8B714C15C8C}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{7ECB53BC-7C99-47EC-83B1-9E05FC1B6A23}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{97DB5C82-F495-4902-ACD7-510997B2EE11}] => (Allow) D:\StreamTransport\StreamTransport.exe
FirewallRules: [{716BC0D0-1D25-43E9-A230-8EA33CE2D2A5}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{08418CE3-8F62-44A4-8427-9FEBFFE542FB}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{4DB46D3E-89B2-4A48-97DA-D4B31BB69641}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2B73FA99-F875-4992-9F10-37F78CD7C608}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{839203F3-6FB1-4A71-A6D8-55A3530559BE}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{931D8042-D7F8-4BAC-AF66-577D7C07848B}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [{24D79C9B-F04D-4DD1-9AC8-DE551E973D29}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{DB568B39-2853-4E83-86ED-072619304E66}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{9BC2BE4F-CBA0-452C-ADB7-C843FAEC4C4B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{58F6E409-1128-40CF-A0B4-CCF101E13DB9}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{8C338048-DB27-4E2D-AB8A-EF82FE816AD8}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{4A2AAC95-CF70-474E-8F42-93ADB0BBACEA}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{2FF460ED-3A3F-42C9-B13C-C4F4BCFCA5FB}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{9F962D63-AAB8-4A21-9AB1-AAB1E92CD4DF}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{7BD7B874-0A59-4FC8-8A51-FCCBEDB68F2B}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{9E5E263C-06E1-47A5-A607-570E8913142E}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [TCP Query User{AF1BE002-5DF9-49DB-9145-04F4668498F6}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [UDP Query User{F4D10470-C05D-491B-BB38-A505DC6CCC69}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{CB0C0078-85B0-4BF4-BBC0-630D2D2202DC}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{59363F5C-D949-438C-8544-4D249C34DC65}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{C70883A0-C343-41E3-B6BD-7D75865A5D5B}] => (Allow) D:\Skype\Phone\Skype.exe
FirewallRules: [{7A33FBBA-2C4D-4668-9632-DF6FC4552E40}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{70753751-3DB1-40ED-8051-0596499DD5B1}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{E6DDD641-730A-4647-AD3B-E24C9EBCCB4B}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{182BB2E6-6C64-471C-8223-2505E76A5767}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{230FAD66-FB36-4227-A0C8-BF67D7A62877}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{A2D05491-07CD-4924-8153-BC7A29505700}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{DAAF45B6-8A2F-473C-9BB7-04244E6D50CF}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{5B58AC55-CA8F-452E-B796-F9E7DF687BDB}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{547129D6-5A14-46E5-B11B-3F6E0BB6B0A4}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{CD4EAC82-11C2-41B7-86B1-5FC4CF7619D2}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{7A2DA5E6-C4A7-4F59-B65D-AC48A61064E1}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{187A1EF0-5558-447C-ABEE-625AC07A723B}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{1EFB4A3A-6113-464D-9528-6EFA205A6E65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADFE4FBE-FA82-47D6-BE12-EBA70E0FEABF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C4698300-FE10-4715-ABB4-759C70195532}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{565E985C-046A-435D-9649-07DF5E0AAC93}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{120151B5-E836-42AA-A43F-F12932CF806B}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CD028901-4F2F-450B-91FE-A8B8511A3286}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E57FF4CC-B1B1-4B8F-BD57-76A4C85D51E4}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{6E64CD84-569D-4E8E-A92A-1C23B704609A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{9493AB36-6106-4E5A-8BDF-7EBAC795628B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{BF076DB4-D3A7-4E77-AAF4-3839952B55CE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{D876D33F-1264-49BE-9A61-B16E46CAF5E6}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{BC86322E-CB9C-41A2-9B64-10C49211D7DE}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{80AB14D5-B8B1-404B-B0EF-C5A0771A73C4}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [UDP Query User{616A93E8-729A-4587-9737-1CCCC073ED67}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{853CB42B-6954-4CB0-A55F-85113F6167D9}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{79697550-E990-4CB2-B1D3-DDD86435FDD1}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [TCP Query User{C987FDDC-F65B-449B-BFF2-4FA740BC63A7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [UDP Query User{73F40D76-BDD1-4270-82AD-B45115637DA7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{B3907EE7-BC18-4B43-AFF5-F98C05A393B4}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{5D0EC131-F3A2-441C-879B-65985643F81C}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{2F0557AB-20B4-46A3-B1FA-D078CCA96F34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2952665-C19C-4084-AFBA-A48D1D4A9B3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B0839F3-9AAE-466B-845D-9F77E52F6AC2}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{3B7FB2AB-AAF6-4B4D-83CB-B6CBD1D7C406}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [TCP Query User{333F4A8D-430F-4B7E-ADF2-59365C8CF461}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{EB132654-F851-4A98-8A41-0EB2F2AE92C3}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{D86ACBF1-3A3D-4A4D-84CB-5EB369FC731F}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{23BFFDB7-A160-4F4E-B04B-287A8C85404D}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{A072177C-7188-4EB4-9846-1CD55AD8E934}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [UDP Query User{87EFAD7E-30EF-4BB3-BD5F-5856BD2137FB}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{767A0D3E-6CDA-4093-A469-3A663F938684}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{616DC7E5-3F34-4A8B-B0FA-6103B60F28FC}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{29D906A8-E74A-4DA3-ACBC-45028C63EA40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC24542D-87FB-4406-A45F-253E11FBC154}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99A9A41A-755D-43C9-8C04-46EB23AFF018}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14AADFB8-C9E9-45A1-8A3C-41637D7193A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{867181B9-03AF-45B7-8A7F-766A660EB38E}] => (Allow) D:\itunes (1)\iTunes.exe
FirewallRules: [TCP Query User{445EBC5A-5F72-45F8-9CDE-396279860252}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{48A911E9-B5BC-47ED-B564-05B06D084A4B}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{CA96D09B-8060-4B2D-81B8-E34C4152E478}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{315A886A-E2EB-418F-A831-FA16E3DF8731}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{50FC1106-9F83-42E5-8EEB-61B864B36071}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{81B05483-E256-4251-B0F4-B14AC17CA6DB}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
==================== Wiederherstellungspunkte =========================
03-06-2016 11:43:57 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/03/2016 10:27:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (06/03/2016 10:17:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/03/2016 01:28:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/03/2016 01:28:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/02/2016 09:51:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (06/02/2016 09:41:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2016 05:14:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 3.42.16.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 7d0
Startzeit: 01d1bcca1f38bce6
Endzeit: 27
Anwendungspfad: D:\steam\Steam.exe
Berichts-ID: a546ba08-28d4-11e6-b68b-00059a3c7a00
Error: (06/02/2016 01:15:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/02/2016 01:15:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/02/2016 11:25:58 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Systemfehler:
=============
Error: (06/03/2016 10:17:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (06/03/2016 10:16:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/02/2016 09:41:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (06/02/2016 09:38:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/02/2016 08:41:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (06/02/2016 01:17:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (06/02/2016 11:15:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (06/02/2016 11:14:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/01/2016 01:09:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (06/01/2016 11:32:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 8130.21 MB
Verfügbarer physikalischer RAM: 4700.46 MB
Summe virtueller Speicher: 8930.34 MB
Verfügbarer virtueller Speicher: 5280.95 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:50 GB) (Free:2.08 GB) NTFS
Drive d: () (Fixed) (Total:415.66 GB) (Free:39.64 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1FE31042)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=415.7 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 03.06.2016 Suchlaufzeit: 11:19 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.06.03.01 Rootkit-Datenbank: v2016.05.27.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ***** Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 337625 Abgelaufene Zeit: 10 Min., 14 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 96 Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], Adware.1ClickDownload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\f, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\f, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [7419ef097c1de94d0445038be61d47b9], PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [0885f503e4b5c076e16a1b7302019b65], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [632a2fc9aeebb97dd772ef9fca39e11f], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [b6d79563f5a413239caf2d6138cbcf31], PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, , [46471cdc1683e0563386217bba492ad6], PUP.Optional.InstallCore, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\InstallCore, , [d2bb1fd9841551e564bce1b1d52e5ca4], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [a1ec758332671422d96dd1bdb54e946c], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [abe28573a0f9ce68c1863f4fcb38966a], PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}, , [c4c9aa4ea4f59b9b329acdd6927150b0], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [0c81c0389bfe43f359eecdc1de252ed2], Registrierungswerte: 30 PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Funmoods Toolbar, , [1c714cac6633d561343ba2da3fc37f81] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [17767c7c7f1ac76f313ebfbd986aed13], PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [0885f503e4b5c076e16a1b7302019b65] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [b6d732c66c2d251119323d514ab943bd] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [45487781c6d3f04643089df1c93a6997] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [6d208573693096a053f8c4ca62a1ee12] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [94f9c5330c8d3ff77fcc1c721ae9a55b] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [2e5f46b2a0f9b185a7a4d4ba6f94cc34] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [fd90c533bddcb97d0d3edfaf857e0cf4] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [b6d79563f5a413239caf2d6138cbcf31] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [008d1fd925743ff777d4018d46bdb24e] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [187528d0fe9b49edba910c82d231946c] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [2766ec0c6d2c3df90a414846798a20e0] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [fc917e7a03962e0860eb3658a3600ff1] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [1c71c038e4b5f640a1aac3cb05fee818] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [8607c0384851211545065f2f20e3c43c] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [abe28573a0f9ce68c1863f4fcb38966a] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [335a1ddb8019f73fb88f4d41a261aa56] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [385536c29009e353ef5835595ea5cc34] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [1c718078ddbcfe3865e2137b808352ae] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [f89515e31f7a330379ce1876dd269d63] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [1a730aee1881b4820047f39be221f30d] PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}|OSDFileURL, file:///C:/Users/*****/AppData/Local/TNT2/Profiles/10557/yah10557.xml, , [c4c9aa4ea4f59b9b329acdd6927150b0] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [0c81c0389bfe43f359eecdc1de252ed2] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [6825e0181782b87e88bfb4dab94a2dd3] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [1677c434910843f3b5926a24a16213ed] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [7d100deb1c7dd95d2b1c820c17ec926e] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [8c0124d44c4d93a3d374bad4ae558d73] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [67263bbdd3c6e74fcf78a7e717ecb050] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [8b022ecabddca096a2a5cdc144bf837d] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) AdwCleaner Code:
ATTFilter # AdwCleaner v5.119 - Bericht erstellt am 03/06/2016 um 14:02:03
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-05-30.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : ***** - *****PC
# Gestartet von : D:\AdwCleaner_5.119.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
Ordner gefunden : C:\ProgramData\9768c88e73e60ecb
Ordner gefunden : C:\ProgramData\Application Data\9768c88e73e60ecb
Ordner gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner gefunden : C:\Program Files (x86)\Common Files\Tobit
Ordner gefunden : C:\Users\*****\AppData\Roaming\GrabPro
Ordner gefunden : C:\Users\*****\AppData\Roaming\ProgSense
Ordner gefunden : C:\Users\*****\AppData\Local\CrashRpt
***** [ Dateien ] *****
Datei gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\invalidprefs.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
Wert gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\f
Schlüssel gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel gefunden : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Schlüssel gefunden : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Wert gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Wert gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Schlüssel gefunden : HKCU\Software\APN PIP
Schlüssel gefunden : HKCU\Software\Conduit
Schlüssel gefunden : HKCU\Software\InstallCore
Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : HKCU\Software\ProgSense
Schlüssel gefunden : HKCU\Software\UpToDown
Schlüssel gefunden : HKCU\Software\Yahoo\Companion
Schlüssel gefunden : HKCU\Software\Yahoo\YFriendsBar
Schlüssel gefunden : HKCU\Software\delta
Schlüssel gefunden : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Schlüssel gefunden : HKLM\SOFTWARE\Yahoo\Companion
Schlüssel gefunden : HKLM\SOFTWARE\systweak
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\APN PIP
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Conduit
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\InstallCore
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\OCS
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\ProgSense
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\UpToDown
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Yahoo\Companion
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Yahoo\YFriendsBar
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\delta
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\AppDataLow\Software\Yahoo\Companion
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Daten gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd
***** [ Internetbrowser ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [10784 Bytes] - [03/06/2016 14:00:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [10688 Bytes] - [03/06/2016 14:02:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10762 Bytes] ##########
Geändert von Deuterium (03.06.2016 um 15:15 Uhr) |
|
04.06.2016, 17:18
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
04.06.2016, 18:00
| #3 |
| | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Hallo Jürgen,
__________________hier ist das Logfile von TDSSKiller Code:
ATTFilter 18:46:19.0643 0x27bc TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
18:46:22.0774 0x27bc ============================================================
18:46:22.0774 0x27bc Current date / time: 2016/06/04 18:46:22.0774
18:46:22.0774 0x27bc SystemInfo:
18:46:22.0774 0x27bc
18:46:22.0774 0x27bc OS Version: 6.1.7601 ServicePack: 1.0
18:46:22.0774 0x27bc Product type: Workstation
18:46:22.0774 0x27bc ComputerName: KIWIPC
18:46:22.0774 0x27bc UserName: Kiwi
18:46:22.0774 0x27bc Windows directory: C:\Windows
18:46:22.0774 0x27bc System windows directory: C:\Windows
18:46:22.0774 0x27bc Running under WOW64
18:46:22.0774 0x27bc Processor architecture: Intel x64
18:46:22.0774 0x27bc Number of processors: 4
18:46:22.0774 0x27bc Page size: 0x1000
18:46:22.0774 0x27bc Boot type: Normal boot
18:46:22.0774 0x27bc ============================================================
18:46:23.0918 0x27bc KLMD registered as C:\Windows\system32\drivers\07256082.sys
18:46:24.0294 0x27bc System UUID: {19F6A90A-D270-EDA4-C874-0D5EEE50AE3E}
18:46:24.0695 0x27bc Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:24.0710 0x27bc ============================================================
18:46:24.0710 0x27bc \Device\Harddisk0\DR0:
18:46:24.0711 0x27bc MBR partitions:
18:46:24.0711 0x27bc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:46:24.0711 0x27bc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6401000
18:46:24.0711 0x27bc \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6433800, BlocksNum 0x33F52000
18:46:24.0711 0x27bc ============================================================
18:46:24.0749 0x27bc C: <-> \Device\Harddisk0\DR0\Partition2
18:46:24.0827 0x27bc D: <-> \Device\Harddisk0\DR0\Partition3
18:46:24.0828 0x27bc ============================================================
18:46:24.0828 0x27bc Initialize success
18:46:24.0828 0x27bc ============================================================
18:48:04.0171 0x2e80 ============================================================
18:48:04.0171 0x2e80 Scan started
18:48:04.0171 0x2e80 Mode: Manual; SigCheck; TDLFS;
18:48:04.0171 0x2e80 ============================================================
18:48:04.0171 0x2e80 KSN ping started
18:48:06.0556 0x2e80 KSN ping finished: true
18:48:07.0159 0x2e80 ================ Scan system memory ========================
18:48:07.0159 0x2e80 System memory - ok
18:48:07.0159 0x2e80 ================ Scan services =============================
18:48:07.0319 0x2e80 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:48:07.0393 0x2e80 1394ohci - ok
18:48:07.0418 0x2e80 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:48:07.0442 0x2e80 ACPI - ok
18:48:07.0445 0x2e80 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:48:07.0470 0x2e80 AcpiPmi - ok
18:48:07.0559 0x2e80 [ AAA8E68E685DB1B68747E3DF68F96368, 1A5BE239B2D0C6F727303A98CFFC91070B6A05ECD6B9CD05AB326AC1910ECEBF ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
18:48:07.0594 0x2e80 acsock - ok
18:48:07.0733 0x2e80 [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:07.0751 0x2e80 AdobeARMservice - ok
18:48:07.0789 0x2e80 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:48:07.0828 0x2e80 adp94xx - ok
18:48:07.0876 0x2e80 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:48:07.0908 0x2e80 adpahci - ok
18:48:07.0914 0x2e80 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:48:07.0934 0x2e80 adpu320 - ok
18:48:07.0958 0x2e80 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:48:08.0054 0x2e80 AeLookupSvc - ok
18:48:08.0107 0x2e80 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
18:48:08.0158 0x2e80 AFD - ok
18:48:08.0176 0x2e80 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
18:48:08.0192 0x2e80 agp440 - ok
18:48:08.0212 0x2e80 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
18:48:08.0241 0x2e80 ALG - ok
18:48:08.0269 0x2e80 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
18:48:08.0284 0x2e80 aliide - ok
18:48:08.0362 0x2e80 [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:48:08.0431 0x2e80 AMD External Events Utility - ok
18:48:08.0460 0x2e80 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
18:48:08.0487 0x2e80 amdide - ok
18:48:08.0506 0x2e80 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:48:08.0551 0x2e80 AmdK8 - ok
18:48:08.0554 0x2e80 amdkmdag - ok
18:48:08.0602 0x2e80 [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:48:08.0651 0x2e80 amdkmdap - ok
18:48:08.0654 0x2e80 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:48:08.0680 0x2e80 AmdPPM - ok
18:48:08.0707 0x2e80 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:48:08.0724 0x2e80 amdsata - ok
18:48:08.0745 0x2e80 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:48:08.0765 0x2e80 amdsbs - ok
18:48:08.0777 0x2e80 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:48:08.0791 0x2e80 amdxata - ok
18:48:08.0815 0x2e80 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
18:48:08.0852 0x2e80 AppID - ok
18:48:08.0875 0x2e80 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:48:08.0901 0x2e80 AppIDSvc - ok
18:48:08.0934 0x2e80 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
18:48:08.0952 0x2e80 Appinfo - ok
18:48:09.0050 0x2e80 [ 3B3774C868868257533EC7E715BB6D53, 4AF1DADCEDBD80BE6EDEC696DF59E65B51D31E33F4C84413CA03C7BD959FF4E5 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:48:09.0069 0x2e80 Apple Mobile Device Service - ok
18:48:09.0112 0x2e80 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
18:48:09.0149 0x2e80 AppMgmt - ok
18:48:09.0158 0x2e80 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
18:48:09.0178 0x2e80 arc - ok
18:48:09.0197 0x2e80 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:48:09.0218 0x2e80 arcsas - ok
18:48:09.0416 0x2e80 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:48:09.0437 0x2e80 aspnet_state - ok
18:48:09.0528 0x2e80 [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
18:48:09.0558 0x2e80 aswHwid - ok
18:48:09.0599 0x2e80 [ AECE9E699CAC76DC993BB988652B5AD8, 76DB04A9CA1D2EED9EB50F9D23197B02E9D42D96BF1C239C9EE5FA9CCA36F85A ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
18:48:09.0623 0x2e80 aswKbd - ok
18:48:09.0666 0x2e80 [ 1459AAD5C6A66A458C2D57EE6E080FA5, 6A3D6EBCE1EDCFE307DF915CB0C3183668848BCEAA71EA58AB0F4F650F8EABDA ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
18:48:09.0683 0x2e80 aswMonFlt - ok
18:48:09.0730 0x2e80 [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
18:48:09.0747 0x2e80 aswRdr - ok
18:48:09.0806 0x2e80 [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
18:48:09.0834 0x2e80 aswRvrt - ok
18:48:09.0917 0x2e80 [ 719B704109B933D819093CDDB156A7F1, 3FF75BFA8BBE5C4A817C8166BAD73B1E3C5609D6A1F0AE85B166E30DE61EB901 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
18:48:09.0962 0x2e80 aswSnx - ok
18:48:10.0061 0x2e80 [ 43F46E7D103F46EC345B1056BDD2A60B, 6F8D844F3EBFDC56A319758C88B2C87FBDE185E5B1E08F8627F29158F190DBFF ] aswSP C:\Windows\system32\drivers\aswSP.sys
18:48:10.0104 0x2e80 aswSP - ok
18:48:10.0143 0x2e80 [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm C:\Windows\system32\drivers\aswStm.sys
18:48:10.0155 0x2e80 aswStm - ok
18:48:10.0220 0x2e80 [ 9949BBD5BB70C4D317B7549896132579, DD92AAD8530C04365C24BD540C909FBDCFC92B18CB6ABB0E655F360EBC4DCD1E ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
18:48:10.0256 0x2e80 aswVmm - ok
18:48:10.0272 0x2e80 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:48:10.0314 0x2e80 AsyncMac - ok
18:48:10.0342 0x2e80 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
18:48:10.0356 0x2e80 atapi - ok
18:48:10.0392 0x2e80 [ F270AFC3848C54C67E3BFB892CE9B9C6, BF5F087D2677E8D75DB34335B54496A3C3AFBCE5A019C52B9EB2B1D19A0803B1 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:48:10.0433 0x2e80 AtiHDAudioService - ok
18:48:10.0468 0x2e80 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:48:10.0523 0x2e80 AudioEndpointBuilder - ok
18:48:10.0537 0x2e80 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:48:10.0575 0x2e80 AudioSrv - ok
18:48:10.0662 0x2e80 [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:48:10.0688 0x2e80 avast! Antivirus - ok
18:48:10.0707 0x2e80 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:48:10.0755 0x2e80 AxInstSV - ok
18:48:10.0779 0x2e80 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:48:10.0825 0x2e80 b06bdrv - ok
18:48:10.0846 0x2e80 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:48:10.0888 0x2e80 b57nd60a - ok
18:48:10.0940 0x2e80 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
18:48:10.0969 0x2e80 BDESVC - ok
18:48:10.0980 0x2e80 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
18:48:11.0013 0x2e80 Beep - ok
18:48:11.0093 0x2e80 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
18:48:11.0166 0x2e80 BFE - ok
18:48:11.0207 0x2e80 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
18:48:11.0274 0x2e80 BITS - ok
18:48:11.0300 0x2e80 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:48:11.0322 0x2e80 blbdrive - ok
18:48:11.0420 0x2e80 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:48:11.0439 0x2e80 Bonjour Service - ok
18:48:11.0471 0x2e80 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:48:11.0511 0x2e80 bowser - ok
18:48:11.0526 0x2e80 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:48:11.0553 0x2e80 BrFiltLo - ok
18:48:11.0566 0x2e80 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:48:11.0585 0x2e80 BrFiltUp - ok
18:48:11.0625 0x2e80 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
18:48:11.0643 0x2e80 Browser - ok
18:48:11.0655 0x2e80 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:48:11.0694 0x2e80 Brserid - ok
18:48:11.0704 0x2e80 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:48:11.0728 0x2e80 BrSerWdm - ok
18:48:11.0734 0x2e80 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:48:11.0757 0x2e80 BrUsbMdm - ok
18:48:11.0759 0x2e80 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:48:11.0782 0x2e80 BrUsbSer - ok
18:48:11.0794 0x2e80 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:48:11.0818 0x2e80 BTHMODEM - ok
18:48:11.0850 0x2e80 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
18:48:11.0878 0x2e80 bthserv - ok
18:48:11.0891 0x2e80 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:48:11.0936 0x2e80 cdfs - ok
18:48:11.0952 0x2e80 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:48:11.0973 0x2e80 cdrom - ok
18:48:12.0017 0x2e80 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
18:48:12.0060 0x2e80 CertPropSvc - ok
18:48:12.0070 0x2e80 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
18:48:12.0092 0x2e80 circlass - ok
18:48:12.0122 0x2e80 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
18:48:12.0150 0x2e80 CLFS - ok
18:48:12.0201 0x2e80 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:12.0218 0x2e80 clr_optimization_v2.0.50727_32 - ok
18:48:12.0230 0x2e80 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:48:12.0240 0x2e80 clr_optimization_v2.0.50727_64 - ok
18:48:12.0337 0x2e80 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:48:12.0358 0x2e80 clr_optimization_v4.0.30319_32 - ok
18:48:12.0395 0x2e80 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:48:12.0415 0x2e80 clr_optimization_v4.0.30319_64 - ok
18:48:12.0437 0x2e80 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:48:12.0476 0x2e80 CmBatt - ok
18:48:12.0497 0x2e80 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:48:12.0524 0x2e80 cmdide - ok
18:48:12.0579 0x2e80 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
18:48:12.0617 0x2e80 CNG - ok
18:48:12.0631 0x2e80 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:48:12.0646 0x2e80 Compbatt - ok
18:48:12.0665 0x2e80 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:48:12.0707 0x2e80 CompositeBus - ok
18:48:12.0718 0x2e80 COMSysApp - ok
18:48:12.0730 0x2e80 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:48:12.0753 0x2e80 crcdisk - ok
18:48:12.0783 0x2e80 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:48:12.0823 0x2e80 CryptSvc - ok
18:48:12.0857 0x2e80 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
18:48:12.0906 0x2e80 CSC - ok
18:48:12.0931 0x2e80 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
18:48:12.0968 0x2e80 CscService - ok
18:48:13.0081 0x2e80 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:48:13.0111 0x2e80 cvhsvc - ok
18:48:13.0153 0x2e80 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:48:13.0197 0x2e80 DcomLaunch - ok
18:48:13.0216 0x2e80 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
18:48:13.0258 0x2e80 defragsvc - ok
18:48:13.0277 0x2e80 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:48:13.0319 0x2e80 DfsC - ok
18:48:13.0342 0x2e80 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:48:13.0378 0x2e80 Dhcp - ok
18:48:13.0404 0x2e80 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
18:48:13.0444 0x2e80 discache - ok
18:48:13.0464 0x2e80 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
18:48:13.0480 0x2e80 Disk - ok
18:48:13.0503 0x2e80 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:48:13.0538 0x2e80 dmvsc - ok
18:48:13.0571 0x2e80 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:48:13.0606 0x2e80 Dnscache - ok
18:48:13.0628 0x2e80 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
18:48:13.0667 0x2e80 dot3svc - ok
18:48:13.0685 0x2e80 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
18:48:13.0725 0x2e80 DPS - ok
18:48:13.0757 0x2e80 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:48:13.0806 0x2e80 drmkaud - ok
18:48:13.0862 0x2e80 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:48:13.0907 0x2e80 DXGKrnl - ok
18:48:13.0916 0x2e80 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
18:48:13.0956 0x2e80 EapHost - ok
18:48:14.0059 0x2e80 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:48:14.0193 0x2e80 ebdrv - ok
18:48:14.0231 0x2e80 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
18:48:14.0264 0x2e80 EFS - ok
18:48:14.0323 0x2e80 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:48:14.0366 0x2e80 ehRecvr - ok
18:48:14.0384 0x2e80 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
18:48:14.0403 0x2e80 ehSched - ok
18:48:14.0441 0x2e80 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:48:14.0471 0x2e80 elxstor - ok
18:48:14.0477 0x2e80 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:48:14.0504 0x2e80 ErrDev - ok
18:48:14.0527 0x2e80 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
18:48:14.0571 0x2e80 EventSystem - ok
18:48:14.0602 0x2e80 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
18:48:14.0641 0x2e80 exfat - ok
18:48:14.0660 0x2e80 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:48:14.0703 0x2e80 fastfat - ok
18:48:14.0732 0x2e80 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
18:48:14.0769 0x2e80 Fax - ok
18:48:14.0778 0x2e80 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
18:48:14.0805 0x2e80 fdc - ok
18:48:14.0815 0x2e80 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
18:48:14.0842 0x2e80 fdPHost - ok
18:48:14.0854 0x2e80 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
18:48:14.0880 0x2e80 FDResPub - ok
18:48:14.0913 0x2e80 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:48:14.0929 0x2e80 FileInfo - ok
18:48:14.0936 0x2e80 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:48:14.0979 0x2e80 Filetrace - ok
18:48:14.0990 0x2e80 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:48:15.0007 0x2e80 flpydisk - ok
18:48:15.0020 0x2e80 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:48:15.0042 0x2e80 FltMgr - ok
18:48:15.0113 0x2e80 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
18:48:15.0178 0x2e80 FontCache - ok
18:48:15.0228 0x2e80 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:48:15.0236 0x2e80 FontCache3.0.0.0 - ok
18:48:15.0257 0x2e80 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:48:15.0273 0x2e80 FsDepends - ok
18:48:15.0311 0x2e80 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:48:15.0325 0x2e80 Fs_Rec - ok
18:48:15.0357 0x2e80 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:48:15.0380 0x2e80 fvevol - ok
18:48:15.0403 0x2e80 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:48:15.0420 0x2e80 gagp30kx - ok
18:48:15.0454 0x2e80 [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:48:15.0468 0x2e80 GEARAspiWDM - ok
18:48:15.0510 0x2e80 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
18:48:15.0553 0x2e80 gpsvc - ok
18:48:15.0571 0x2e80 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:48:15.0600 0x2e80 hcw85cir - ok
18:48:15.0621 0x2e80 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:48:15.0661 0x2e80 HdAudAddService - ok
18:48:15.0689 0x2e80 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:48:15.0723 0x2e80 HDAudBus - ok
18:48:15.0728 0x2e80 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:48:15.0754 0x2e80 HidBatt - ok
18:48:15.0765 0x2e80 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:48:15.0786 0x2e80 HidBth - ok
18:48:15.0793 0x2e80 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
18:48:15.0812 0x2e80 HidIr - ok
18:48:15.0834 0x2e80 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
18:48:15.0862 0x2e80 hidserv - ok
18:48:15.0894 0x2e80 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:48:15.0933 0x2e80 HidUsb - ok
18:48:15.0949 0x2e80 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:48:15.0992 0x2e80 hkmsvc - ok
18:48:16.0008 0x2e80 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:48:16.0036 0x2e80 HomeGroupListener - ok
18:48:16.0056 0x2e80 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:48:16.0079 0x2e80 HomeGroupProvider - ok
18:48:16.0107 0x2e80 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:48:16.0124 0x2e80 HpSAMD - ok
18:48:16.0154 0x2e80 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:48:16.0217 0x2e80 HTTP - ok
18:48:16.0227 0x2e80 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:48:16.0241 0x2e80 hwpolicy - ok
18:48:16.0295 0x2e80 [ 4B7423FCC37664954460AC3E71752B62, D334D1C72691C1BF24A4D8133F61AD51B058A080F4501F05F12C673DCFE081F9 ] hxctlflt C:\Windows\system32\DRIVERS\hxctlflt.sys
18:48:16.0321 0x2e80 hxctlflt - detected UnsignedFile.Multi.Generic ( 1 )
18:48:18.0668 0x2e80 Detect skipped due to KSN trusted
18:48:18.0668 0x2e80 hxctlflt - ok
18:48:18.0695 0x2e80 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:48:18.0721 0x2e80 i8042prt - ok
18:48:18.0745 0x2e80 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:48:18.0775 0x2e80 iaStorV - ok
18:48:18.0829 0x2e80 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:48:18.0855 0x2e80 idsvc - ok
18:48:18.0874 0x2e80 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:48:18.0890 0x2e80 iirsp - ok
18:48:18.0943 0x2e80 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
18:48:18.0989 0x2e80 IKEEXT - ok
18:48:19.0378 0x2e80 [ 059DDDEDBE5701DC3B779D32798108AC, 4735C52D5F7A7AC07985835C17955C96418BB3C3316264CF6A44F6150E10755B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:48:19.0505 0x2e80 IntcAzAudAddService - ok
18:48:19.0545 0x2e80 [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:48:19.0563 0x2e80 Intel(R) Capability Licensing Service Interface - ok
18:48:19.0612 0x2e80 [ 16DF912A1C88B7AE46E907661F31AA77, 60E2B8592560E14649F91E96F1CDBFF5870DDD20D8CF595DB9D6D0AB6C316CF0 ] Intel(R) Small Business Advantage C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
18:48:19.0620 0x2e80 Intel(R) Small Business Advantage - ok
18:48:19.0645 0x2e80 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
18:48:19.0660 0x2e80 intelide - ok
18:48:19.0679 0x2e80 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:48:19.0703 0x2e80 intelppm - ok
18:48:19.0728 0x2e80 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:48:19.0764 0x2e80 IPBusEnum - ok
18:48:19.0778 0x2e80 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:48:19.0811 0x2e80 IpFilterDriver - ok
18:48:19.0870 0x2e80 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:48:19.0919 0x2e80 iphlpsvc - ok
18:48:19.0943 0x2e80 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:48:19.0970 0x2e80 IPMIDRV - ok
18:48:19.0978 0x2e80 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:48:20.0022 0x2e80 IPNAT - ok
18:48:20.0078 0x2e80 [ F96B9EDC032E61EB87652896E92ED526, F9E3CD2FA2D963C56034A4F606869467FDC6647B916CF457249270E6C337A8A5 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:48:20.0101 0x2e80 iPod Service - ok
18:48:20.0121 0x2e80 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:48:20.0151 0x2e80 IRENUM - ok
18:48:20.0155 0x2e80 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:48:20.0171 0x2e80 isapnp - ok
18:48:20.0191 0x2e80 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:48:20.0214 0x2e80 iScsiPrt - ok
18:48:20.0232 0x2e80 [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
18:48:20.0245 0x2e80 iusb3hcs - ok
18:48:20.0260 0x2e80 [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
18:48:20.0283 0x2e80 iusb3hub - ok
18:48:20.0312 0x2e80 [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
18:48:20.0347 0x2e80 iusb3xhc - ok
18:48:20.0385 0x2e80 [ 0043D9FB61C35F90886B1E93DD556FAF, B17B993928281252A75997939F2E45E98E7FB9D22941CC76E332AFF8706EDEC9 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:48:20.0395 0x2e80 jhi_service - ok
18:48:20.0425 0x2e80 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:48:20.0440 0x2e80 kbdclass - ok
18:48:20.0463 0x2e80 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:48:20.0487 0x2e80 kbdhid - ok
18:48:20.0499 0x2e80 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
18:48:20.0510 0x2e80 KeyIso - ok
18:48:20.0537 0x2e80 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:48:20.0568 0x2e80 KSecDD - ok
18:48:20.0583 0x2e80 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:48:20.0606 0x2e80 KSecPkg - ok
18:48:20.0619 0x2e80 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:48:20.0663 0x2e80 ksthunk - ok
18:48:20.0692 0x2e80 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
18:48:20.0735 0x2e80 KtmRm - ok
18:48:20.0764 0x2e80 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:48:20.0802 0x2e80 LanmanServer - ok
18:48:20.0822 0x2e80 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:48:20.0857 0x2e80 LanmanWorkstation - ok
18:48:20.0877 0x2e80 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:48:20.0915 0x2e80 lltdio - ok
18:48:20.0947 0x2e80 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:48:20.0990 0x2e80 lltdsvc - ok
18:48:21.0012 0x2e80 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:48:21.0046 0x2e80 lmhosts - ok
18:48:21.0070 0x2e80 [ 2FB262276D1C689C6886B1C0710342FA, 99129F79FB17B7224CF7C8324A12D464D2611BF6B4467A3697B8E3AFE8A95052 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:48:21.0082 0x2e80 LMS - ok
18:48:21.0111 0x2e80 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:48:21.0128 0x2e80 LSI_FC - ok
18:48:21.0142 0x2e80 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:48:21.0160 0x2e80 LSI_SAS - ok
18:48:21.0172 0x2e80 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:48:21.0189 0x2e80 LSI_SAS2 - ok
18:48:21.0206 0x2e80 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:48:21.0224 0x2e80 LSI_SCSI - ok
18:48:21.0239 0x2e80 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
18:48:21.0280 0x2e80 luafv - ok
18:48:21.0302 0x2e80 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:48:21.0323 0x2e80 Mcx2Svc - ok
18:48:21.0334 0x2e80 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
18:48:21.0349 0x2e80 megasas - ok
18:48:21.0367 0x2e80 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:48:21.0389 0x2e80 MegaSR - ok
18:48:21.0414 0x2e80 [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:48:21.0429 0x2e80 MEIx64 - ok
18:48:21.0448 0x2e80 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
18:48:21.0487 0x2e80 MMCSS - ok
18:48:21.0498 0x2e80 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
18:48:21.0535 0x2e80 Modem - ok
18:48:21.0549 0x2e80 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:48:21.0580 0x2e80 monitor - ok
18:48:21.0604 0x2e80 [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
18:48:21.0634 0x2e80 MotioninJoyXFilter - detected UnsignedFile.Multi.Generic ( 1 )
18:48:23.0963 0x2e80 Detect skipped due to KSN trusted
18:48:23.0963 0x2e80 MotioninJoyXFilter - ok
18:48:23.0986 0x2e80 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:48:24.0001 0x2e80 mouclass - ok
18:48:24.0015 0x2e80 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:48:24.0039 0x2e80 mouhid - ok
18:48:24.0059 0x2e80 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:48:24.0077 0x2e80 mountmgr - ok
18:48:24.0093 0x2e80 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
18:48:24.0112 0x2e80 mpio - ok
18:48:24.0123 0x2e80 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:48:24.0158 0x2e80 mpsdrv - ok
18:48:24.0193 0x2e80 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:48:24.0237 0x2e80 MpsSvc - ok
18:48:24.0263 0x2e80 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:48:24.0305 0x2e80 MRxDAV - ok
18:48:24.0330 0x2e80 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:48:24.0365 0x2e80 mrxsmb - ok
18:48:24.0381 0x2e80 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:48:24.0407 0x2e80 mrxsmb10 - ok
18:48:24.0453 0x2e80 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:48:24.0473 0x2e80 mrxsmb20 - ok
18:48:24.0508 0x2e80 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
18:48:24.0524 0x2e80 msahci - ok
18:48:24.0542 0x2e80 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:48:24.0562 0x2e80 msdsm - ok
18:48:24.0572 0x2e80 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
18:48:24.0596 0x2e80 MSDTC - ok
18:48:24.0609 0x2e80 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:48:24.0650 0x2e80 Msfs - ok
18:48:24.0665 0x2e80 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:48:24.0710 0x2e80 mshidkmdf - ok
18:48:24.0718 0x2e80 MSICDSetup - ok
18:48:24.0727 0x2e80 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:48:24.0742 0x2e80 msisadrv - ok
18:48:24.0765 0x2e80 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:48:24.0801 0x2e80 MSiSCSI - ok
18:48:24.0803 0x2e80 msiserver - ok
18:48:24.0820 0x2e80 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:48:24.0863 0x2e80 MSKSSRV - ok
18:48:24.0865 0x2e80 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:48:24.0908 0x2e80 MSPCLOCK - ok
18:48:24.0919 0x2e80 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:48:24.0955 0x2e80 MSPQM - ok
18:48:24.0970 0x2e80 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:48:24.0994 0x2e80 MsRPC - ok
18:48:25.0006 0x2e80 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:48:25.0022 0x2e80 mssmbios - ok
18:48:25.0035 0x2e80 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:48:25.0078 0x2e80 MSTEE - ok
18:48:25.0087 0x2e80 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:48:25.0105 0x2e80 MTConfig - ok
18:48:25.0121 0x2e80 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
18:48:25.0137 0x2e80 Mup - ok
18:48:25.0162 0x2e80 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
18:48:25.0207 0x2e80 napagent - ok
18:48:25.0230 0x2e80 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:48:25.0264 0x2e80 NativeWifiP - ok
18:48:25.0320 0x2e80 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
18:48:25.0362 0x2e80 NDIS - ok
18:48:25.0372 0x2e80 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:48:25.0405 0x2e80 NdisCap - ok
18:48:25.0421 0x2e80 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:48:25.0454 0x2e80 NdisTapi - ok
18:48:25.0467 0x2e80 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:48:25.0503 0x2e80 Ndisuio - ok
18:48:25.0521 0x2e80 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:48:25.0563 0x2e80 NdisWan - ok
18:48:25.0573 0x2e80 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:48:25.0610 0x2e80 NDProxy - ok
18:48:25.0628 0x2e80 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:48:25.0668 0x2e80 NetBIOS - ok
18:48:25.0699 0x2e80 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:48:25.0739 0x2e80 NetBT - ok
18:48:25.0752 0x2e80 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
18:48:25.0762 0x2e80 Netlogon - ok
18:48:25.0790 0x2e80 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
18:48:25.0826 0x2e80 Netman - ok
18:48:25.0885 0x2e80 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:25.0898 0x2e80 NetMsmqActivator - ok
18:48:25.0903 0x2e80 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:25.0915 0x2e80 NetPipeActivator - ok
18:48:25.0942 0x2e80 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
18:48:25.0989 0x2e80 netprofm - ok
18:48:25.0994 0x2e80 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:26.0006 0x2e80 NetTcpActivator - ok
18:48:26.0010 0x2e80 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:26.0021 0x2e80 NetTcpPortSharing - ok
18:48:26.0042 0x2e80 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:48:26.0057 0x2e80 nfrd960 - ok
18:48:26.0092 0x2e80 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:48:26.0120 0x2e80 NlaSvc - ok
18:48:26.0131 0x2e80 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:48:26.0164 0x2e80 Npfs - ok
18:48:26.0184 0x2e80 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
18:48:26.0212 0x2e80 nsi - ok
18:48:26.0224 0x2e80 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:48:26.0267 0x2e80 nsiproxy - ok
18:48:26.0324 0x2e80 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:48:26.0400 0x2e80 Ntfs - ok
18:48:26.0402 0x2e80 NTIOLib_1_0_C - ok
18:48:26.0413 0x2e80 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
18:48:26.0451 0x2e80 Null - ok
18:48:26.0472 0x2e80 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:48:26.0491 0x2e80 nvraid - ok
18:48:26.0501 0x2e80 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:48:26.0520 0x2e80 nvstor - ok
18:48:26.0539 0x2e80 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:48:26.0557 0x2e80 nv_agp - ok
18:48:26.0569 0x2e80 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:48:26.0600 0x2e80 ohci1394 - ok
18:48:26.0701 0x2e80 [ 7D006FC340B301A1DEAFB5878C078A12, 245A4647DEB2CD5D0C3FF07B45D50D6EE039733000C7F7FEC0A1B58162594B9D ] Origin Client Service D:\Origin\OriginClientService.exe
18:48:26.0766 0x2e80 Origin Client Service - ok
18:48:26.0822 0x2e80 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:48:26.0832 0x2e80 ose - ok
18:48:26.0980 0x2e80 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:48:27.0127 0x2e80 osppsvc - ok
18:48:27.0155 0x2e80 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:48:27.0196 0x2e80 p2pimsvc - ok
18:48:27.0213 0x2e80 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
18:48:27.0234 0x2e80 p2psvc - ok
18:48:27.0284 0x2e80 [ B87EFC9994F53124622FA2A0CAA6D828, A0F761A6BE9B44CE0E87B270DC2745C092226B1431B6C360FCFF9D299E0E6B63 ] PAC7302 C:\Windows\system32\DRIVERS\PAC7302.SYS
18:48:27.0312 0x2e80 PAC7302 - detected UnsignedFile.Multi.Generic ( 1 )
18:48:29.0642 0x2e80 Detect skipped due to KSN trusted
18:48:29.0642 0x2e80 PAC7302 - ok
18:48:29.0670 0x2e80 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:48:29.0697 0x2e80 Parport - ok
18:48:29.0731 0x2e80 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:48:29.0748 0x2e80 partmgr - ok
18:48:29.0771 0x2e80 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
18:48:29.0803 0x2e80 PcaSvc - ok
18:48:29.0828 0x2e80 pccsmcfd - ok
18:48:29.0845 0x2e80 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
18:48:29.0867 0x2e80 pci - ok
18:48:29.0895 0x2e80 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
18:48:29.0911 0x2e80 pciide - ok
18:48:29.0930 0x2e80 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:48:29.0953 0x2e80 pcmcia - ok
18:48:29.0965 0x2e80 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
18:48:29.0983 0x2e80 pcw - ok
18:48:30.0006 0x2e80 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:48:30.0062 0x2e80 PEAUTH - ok
18:48:30.0110 0x2e80 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:48:30.0185 0x2e80 PeerDistSvc - ok
18:48:30.0236 0x2e80 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:48:30.0260 0x2e80 PerfHost - ok
18:48:30.0311 0x2e80 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
18:48:30.0394 0x2e80 pla - ok
18:48:30.0428 0x2e80 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:48:30.0467 0x2e80 PlugPlay - ok
18:48:30.0475 0x2e80 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:48:30.0496 0x2e80 PNRPAutoReg - ok
18:48:30.0511 0x2e80 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:48:30.0529 0x2e80 PNRPsvc - ok
18:48:30.0559 0x2e80 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:48:30.0604 0x2e80 PolicyAgent - ok
18:48:30.0631 0x2e80 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
18:48:30.0669 0x2e80 Power - ok
18:48:30.0695 0x2e80 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:48:30.0736 0x2e80 PptpMiniport - ok
18:48:30.0752 0x2e80 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
18:48:30.0782 0x2e80 Processor - ok
18:48:30.0813 0x2e80 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
18:48:30.0846 0x2e80 ProfSvc - ok
18:48:30.0855 0x2e80 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:48:30.0868 0x2e80 ProtectedStorage - ok
18:48:30.0879 0x2e80 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:48:30.0927 0x2e80 Psched - ok
18:48:30.0982 0x2e80 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:48:31.0058 0x2e80 ql2300 - ok
18:48:31.0069 0x2e80 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:48:31.0090 0x2e80 ql40xx - ok
18:48:31.0110 0x2e80 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
18:48:31.0133 0x2e80 QWAVE - ok
18:48:31.0144 0x2e80 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:48:31.0176 0x2e80 QWAVEdrv - ok
18:48:31.0189 0x2e80 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:48:31.0225 0x2e80 RasAcd - ok
18:48:31.0247 0x2e80 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:48:31.0285 0x2e80 RasAgileVpn - ok
18:48:31.0298 0x2e80 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
18:48:31.0340 0x2e80 RasAuto - ok
18:48:31.0355 0x2e80 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:48:31.0403 0x2e80 Rasl2tp - ok
18:48:31.0418 0x2e80 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
18:48:31.0455 0x2e80 RasMan - ok
18:48:31.0465 0x2e80 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:48:31.0507 0x2e80 RasPppoe - ok
18:48:31.0521 0x2e80 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:48:31.0568 0x2e80 RasSstp - ok
18:48:31.0585 0x2e80 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:48:31.0629 0x2e80 rdbss - ok
18:48:31.0643 0x2e80 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:48:31.0665 0x2e80 rdpbus - ok
18:48:31.0686 0x2e80 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:48:31.0719 0x2e80 RDPCDD - ok
18:48:31.0734 0x2e80 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:48:31.0769 0x2e80 RDPDR - ok
18:48:31.0775 0x2e80 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:48:31.0814 0x2e80 RDPENCDD - ok
18:48:31.0825 0x2e80 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:48:31.0868 0x2e80 RDPREFMP - ok
18:48:31.0902 0x2e80 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:48:31.0942 0x2e80 RDPWD - ok
18:48:31.0968 0x2e80 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:48:31.0991 0x2e80 rdyboost - ok
18:48:32.0013 0x2e80 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:48:32.0046 0x2e80 RemoteAccess - ok
18:48:32.0057 0x2e80 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:48:32.0095 0x2e80 RemoteRegistry - ok
18:48:32.0110 0x2e80 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:48:32.0141 0x2e80 RpcEptMapper - ok
18:48:32.0156 0x2e80 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
18:48:32.0168 0x2e80 RpcLocator - ok
18:48:32.0191 0x2e80 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
18:48:32.0231 0x2e80 RpcSs - ok
18:48:32.0251 0x2e80 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:48:32.0295 0x2e80 rspndr - ok
18:48:32.0334 0x2e80 [ 6CF9DB101A75360E98659F823852E540, A7D48DF41A831EEF9978B51786EF80DB9CC40602BE66D46CA11BE1548BC2D10C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:48:32.0366 0x2e80 RTL8167 - ok
18:48:32.0384 0x2e80 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:48:32.0406 0x2e80 s3cap - ok
18:48:32.0420 0x2e80 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
18:48:32.0432 0x2e80 SamSs - ok
18:48:32.0446 0x2e80 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:48:32.0464 0x2e80 sbp2port - ok
18:48:32.0486 0x2e80 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:48:32.0518 0x2e80 SCardSvr - ok
18:48:32.0538 0x2e80 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:48:32.0578 0x2e80 scfilter - ok
18:48:32.0615 0x2e80 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
18:48:32.0688 0x2e80 Schedule - ok
18:48:32.0711 0x2e80 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:48:32.0738 0x2e80 SCPolicySvc - ok
18:48:32.0752 0x2e80 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:48:32.0779 0x2e80 SDRSVC - ok
18:48:32.0803 0x2e80 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:48:32.0847 0x2e80 secdrv - ok
18:48:32.0855 0x2e80 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
18:48:32.0883 0x2e80 seclogon - ok
18:48:32.0891 0x2e80 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
18:48:32.0930 0x2e80 SENS - ok
18:48:32.0944 0x2e80 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:48:32.0978 0x2e80 SensrSvc - ok
18:48:33.0001 0x2e80 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:48:33.0024 0x2e80 Serenum - ok
18:48:33.0042 0x2e80 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:48:33.0074 0x2e80 Serial - ok
18:48:33.0094 0x2e80 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:48:33.0121 0x2e80 sermouse - ok
18:48:33.0145 0x2e80 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
18:48:33.0188 0x2e80 SessionEnv - ok
18:48:33.0193 0x2e80 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:48:33.0214 0x2e80 sffdisk - ok
18:48:33.0226 0x2e80 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:48:33.0247 0x2e80 sffp_mmc - ok
18:48:33.0261 0x2e80 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:48:33.0292 0x2e80 sffp_sd - ok
18:48:33.0299 0x2e80 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:48:33.0318 0x2e80 sfloppy - ok
18:48:33.0372 0x2e80 [ C223B55F2F8519FAC4F5739371903368, EA9EAF4FF9AD73810919679F9C69F0349F3A51454CD730D44253789937612C2B ] Sftfs C:\Windows\system32\DRIVERS\Sftfswin7.sys
18:48:33.0409 0x2e80 Sftfs - ok
18:48:33.0485 0x2e80 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:48:33.0505 0x2e80 sftlist - ok
18:48:33.0521 0x2e80 [ 1E8506E53926342D579843AB32DB0432, 38F66AC035CCB5495C5329BC99D3CED57FCDC83607C3340CDB7F2DE17FCF3931 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaywin7.sys
18:48:33.0544 0x2e80 Sftplay - ok
18:48:33.0552 0x2e80 [ 1CCD26CB834F7FF81C135CE6D9C10867, ACCB8E7DE2A0CFEA88B88B7E232CAB9C5A90DDBBC476DE939E98162CE81C5F62 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirwin7.sys
18:48:33.0568 0x2e80 Sftredir - ok
18:48:33.0573 0x2e80 [ 58CE0B3F38F8B95CCDEC056ABE1A8F66, 4D922BF417AFBDBF676A8863AC00DCEED780FAE52716B073E45526C6E90D23F8 ] Sftvol C:\Windows\system32\DRIVERS\Sftvolwin7.sys
18:48:33.0588 0x2e80 Sftvol - ok
18:48:33.0623 0x2e80 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:48:33.0636 0x2e80 sftvsa - ok
18:48:33.0662 0x2e80 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:48:33.0702 0x2e80 SharedAccess - ok
18:48:33.0728 0x2e80 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:48:33.0765 0x2e80 ShellHWDetection - ok
18:48:33.0793 0x2e80 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:48:33.0809 0x2e80 SiSRaid2 - ok
18:48:33.0818 0x2e80 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:48:33.0835 0x2e80 SiSRaid4 - ok
18:48:33.0885 0x2e80 [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate D:\Skype\Updater\Updater.exe
18:48:33.0901 0x2e80 SkypeUpdate - ok
18:48:33.0925 0x2e80 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:48:33.0966 0x2e80 Smb - ok
18:48:33.0986 0x2e80 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:48:34.0000 0x2e80 SNMPTRAP - ok
18:48:34.0008 0x2e80 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
18:48:34.0024 0x2e80 spldr - ok
18:48:34.0064 0x2e80 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
18:48:34.0099 0x2e80 Spooler - ok
18:48:34.0189 0x2e80 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
18:48:34.0337 0x2e80 sppsvc - ok
18:48:34.0356 0x2e80 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:48:34.0385 0x2e80 sppuinotify - ok
18:48:34.0457 0x2e80 [ A15860E920B02C9A7CE8F3A6C2FF1E3A, EC88ACD75D1423553C66E6706AD640A4BECD09E436172058FE137B0D7D339FB7 ] sptd C:\Windows\System32\Drivers\sptd.sys
18:48:34.0486 0x2e80 sptd - ok
18:48:34.0525 0x2e80 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:48:34.0573 0x2e80 srv - ok
18:48:34.0595 0x2e80 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:48:34.0637 0x2e80 srv2 - ok
18:48:34.0655 0x2e80 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:48:34.0677 0x2e80 srvnet - ok
18:48:34.0702 0x2e80 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:48:34.0734 0x2e80 SSDPSRV - ok
18:48:34.0740 0x2e80 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:48:34.0770 0x2e80 SstpSvc - ok
18:48:34.0821 0x2e80 [ EF806D212D34B0E173BAEB3564D53E37, 6EF229A7B7AFF0268CDF47B77F961BD44335C3B35499BB00CBA494A22B2BA39E ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
18:48:34.0839 0x2e80 ss_bbus - ok
18:48:34.0861 0x2e80 [ 08B1B34ABEBEB6AC2DEA06900C56411E, 928EF9B9F194DB07049BA2D7127756B021C2729F562E54F7FECD0F2B2FF5A209 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:48:34.0875 0x2e80 ss_bmdfl - ok
18:48:34.0889 0x2e80 [ 71A9DA6BEAA4CB54DFB827FB78600A5D, 6393CA17CF6A6F30447FF599B2D27CAB44BA1A709D986AC5E14463303094BE5F ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:48:34.0907 0x2e80 ss_bmdm - ok
18:48:34.0911 0x2e80 StarOpen - ok
18:48:34.0953 0x2e80 [ BE826A247D22F2FDF24B92AD40049F89, 06996ECCE5A694DEFDC99DB56F45DD0ABD9A2150581F1FD132FBBD863C474DE3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:48:34.0978 0x2e80 Steam Client Service - ok
18:48:34.0998 0x2e80 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:48:35.0014 0x2e80 stexstor - ok
18:48:35.0047 0x2e80 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
18:48:35.0088 0x2e80 stisvc - ok
18:48:35.0105 0x2e80 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:48:35.0121 0x2e80 storflt - ok
18:48:35.0132 0x2e80 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
18:48:35.0165 0x2e80 StorSvc - ok
18:48:35.0171 0x2e80 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:48:35.0188 0x2e80 storvsc - ok
18:48:35.0196 0x2e80 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:48:35.0210 0x2e80 swenum - ok
18:48:35.0236 0x2e80 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
18:48:35.0276 0x2e80 swprv - ok
18:48:35.0323 0x2e80 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
18:48:35.0411 0x2e80 SysMain - ok
18:48:35.0512 0x2e80 [ D7E795032847A6E6E9FBC5E296AE0838, E8554342A41CFDCC08730A95569F289649432EDD7A2A888DBDD0DABEE49C9165 ] SystemStore C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
18:48:35.0521 0x2e80 SystemStore - detected UnsignedFile.Multi.Generic ( 1 )
18:48:37.0849 0x2e80 Detect skipped due to KSN trusted
18:48:37.0849 0x2e80 SystemStore - ok
18:48:37.0876 0x2e80 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:48:37.0895 0x2e80 TabletInputService - ok
18:48:37.0921 0x2e80 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
18:48:37.0936 0x2e80 tap0901 - ok
18:48:37.0959 0x2e80 [ F33FDC72298DF4BF9813A55D21F4EB31, 34AADF5115CA1B275FEF4238B420FE424F0E1D0FFD1606B24A0D594D7305CF1F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
18:48:37.0977 0x2e80 taphss - ok
18:48:38.0018 0x2e80 [ B7D10C680D4C9D2224525B10E64DE6F1, 036263FEA76478B35099C2EF854B4AB8785EA40C3053FC7B2533ADC907E5A324 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
18:48:38.0032 0x2e80 taphss6 - ok
18:48:38.0049 0x2e80 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:48:38.0095 0x2e80 TapiSrv - ok
18:48:38.0135 0x2e80 [ E91BCBD521606E60C2807813D8EAC579, 9B9329535AF753E5922BD53DEF08E5E99C51927923C7DF87112A0E293DE47FAC ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
18:48:38.0150 0x2e80 tbhsd - ok
18:48:38.0161 0x2e80 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
18:48:38.0190 0x2e80 TBS - ok
18:48:38.0252 0x2e80 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:48:38.0340 0x2e80 Tcpip - ok
18:48:38.0402 0x2e80 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:48:38.0475 0x2e80 TCPIP6 - ok
18:48:38.0491 0x2e80 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:48:38.0508 0x2e80 tcpipreg - ok
18:48:38.0525 0x2e80 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:48:38.0552 0x2e80 TDPIPE - ok
18:48:38.0566 0x2e80 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:48:38.0594 0x2e80 TDTCP - ok
18:48:38.0608 0x2e80 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:48:38.0643 0x2e80 tdx - ok
18:48:38.0663 0x2e80 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:48:38.0679 0x2e80 TermDD - ok
18:48:38.0710 0x2e80 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
18:48:38.0763 0x2e80 TermService - ok
18:48:38.0798 0x2e80 [ 48D9D00C2E0E72C3D4F52772C80355F6, 86F281C7F5FA2FCF1A36C69DD6561531E48483CACB8A873B955F7E93D9A1D259 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
18:48:38.0812 0x2e80 TFsExDisk - ok
18:48:38.0825 0x2e80 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
18:48:38.0842 0x2e80 Themes - ok
18:48:38.0862 0x2e80 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
18:48:38.0891 0x2e80 THREADORDER - ok
18:48:38.0896 0x2e80 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
18:48:38.0931 0x2e80 TrkWks - ok
18:48:38.0972 0x2e80 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:48:39.0001 0x2e80 TrustedInstaller - ok
18:48:39.0027 0x2e80 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:48:39.0053 0x2e80 tssecsrv - ok
18:48:39.0080 0x2e80 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:48:39.0109 0x2e80 TsUsbFlt - ok
18:48:39.0118 0x2e80 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:48:39.0144 0x2e80 TsUsbGD - ok
18:48:39.0160 0x2e80 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:48:39.0210 0x2e80 tunnel - ok
18:48:39.0213 0x2e80 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:48:39.0229 0x2e80 uagp35 - ok
18:48:39.0244 0x2e80 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:48:39.0294 0x2e80 udfs - ok
18:48:39.0317 0x2e80 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:48:39.0332 0x2e80 UI0Detect - ok
18:48:39.0347 0x2e80 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:48:39.0363 0x2e80 uliagpkx - ok
18:48:39.0379 0x2e80 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:48:39.0403 0x2e80 umbus - ok
18:48:39.0424 0x2e80 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:48:39.0444 0x2e80 UmPass - ok
18:48:39.0460 0x2e80 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
18:48:39.0487 0x2e80 UmRdpService - ok
18:48:39.0522 0x2e80 [ CABEC311CEA77EAEA3DC04A1ADFC0459, EC857EB3E22941E8915709B2E2CFB7BB662004121EC7DBE495FC40597BF194CB ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:48:39.0536 0x2e80 UNS - ok
18:48:39.0564 0x2e80 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
18:48:39.0611 0x2e80 upnphost - ok
18:48:39.0647 0x2e80 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:48:39.0677 0x2e80 USBAAPL64 - ok
18:48:39.0716 0x2e80 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:48:39.0759 0x2e80 usbaudio - ok
18:48:39.0806 0x2e80 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:48:39.0836 0x2e80 usbccgp - ok
18:48:39.0861 0x2e80 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:48:39.0899 0x2e80 usbcir - ok
18:48:39.0911 0x2e80 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:48:39.0942 0x2e80 usbehci - ok
18:48:39.0970 0x2e80 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:48:40.0002 0x2e80 usbhub - ok
18:48:40.0016 0x2e80 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:48:40.0033 0x2e80 usbohci - ok
18:48:40.0064 0x2e80 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:48:40.0092 0x2e80 usbprint - ok
18:48:40.0129 0x2e80 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:48:40.0156 0x2e80 usbscan - ok
18:48:40.0191 0x2e80 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:48:40.0234 0x2e80 USBSTOR - ok
18:48:40.0276 0x2e80 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:48:40.0305 0x2e80 usbuhci - ok
18:48:40.0324 0x2e80 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
18:48:40.0362 0x2e80 UxSms - ok
18:48:40.0369 0x2e80 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
18:48:40.0381 0x2e80 VaultSvc - ok
18:48:40.0413 0x2e80 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:48:40.0429 0x2e80 vdrvroot - ok
18:48:40.0446 0x2e80 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
18:48:40.0496 0x2e80 vds - ok
18:48:40.0502 0x2e80 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:48:40.0521 0x2e80 vga - ok
18:48:40.0534 0x2e80 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:48:40.0576 0x2e80 VgaSave - ok
18:48:40.0592 0x2e80 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:48:40.0614 0x2e80 vhdmp - ok
18:48:40.0635 0x2e80 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
18:48:40.0651 0x2e80 viaide - ok
18:48:40.0675 0x2e80 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:48:40.0713 0x2e80 vmbus - ok
18:48:40.0723 0x2e80 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:48:40.0749 0x2e80 VMBusHID - ok
18:48:40.0771 0x2e80 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:48:40.0788 0x2e80 volmgr - ok
18:48:40.0801 0x2e80 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:48:40.0827 0x2e80 volmgrx - ok
18:48:40.0839 0x2e80 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:48:40.0864 0x2e80 volsnap - ok
18:48:40.0894 0x2e80 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61, 1EAA4D8D35008E4D5C4AEA91C3ABD3D5BB5F8DF2D95D35792B3F3BB31EABB7CF ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
18:48:40.0917 0x2e80 vpcbus - ok
18:48:40.0955 0x2e80 [ 8ACDA395841538CE9713A67FE8B2A3EB, D74D6AF8059C1CD59A5DDB03095BC46FF7808DA358FB64D71B53940DEE6356D9 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:48:40.0971 0x2e80 vpcnfltr - ok
18:48:40.0986 0x2e80 [ 31924E31BC315773E6D149B157DB46D5, 8E2A8785D2D7327F9DE046E6245F233280395AA42D5BAD1048021109628840C2 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
18:48:41.0012 0x2e80 vpcusb - ok
18:48:41.0050 0x2e80 [ C5B651E52540E6F46DA66574C74B4898, 4292E1D574FB0AF1D61F17F88D82A1A77738A3F7ECECB49FF20997FEC99078B2 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
18:48:41.0075 0x2e80 vpcvmm - ok
18:48:41.0148 0x2e80 [ F3EC4EC08EC0C3F7023F0C662107CA7B, FC043142B4634E2AEA258690317B9892E8E1FDDF443846D6A2E4F4BDF2AD0056 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
18:48:41.0168 0x2e80 vpnagent - ok
18:48:41.0211 0x2e80 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\Windows\system32\DRIVERS\vpnva64-6.sys
18:48:41.0227 0x2e80 vpnva - ok
18:48:41.0250 0x2e80 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:48:41.0270 0x2e80 vsmraid - ok
18:48:41.0323 0x2e80 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
18:48:41.0406 0x2e80 VSS - ok
18:48:41.0435 0x2e80 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:48:41.0461 0x2e80 vwifibus - ok
18:48:41.0488 0x2e80 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
18:48:41.0526 0x2e80 W32Time - ok
18:48:41.0554 0x2e80 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:48:41.0585 0x2e80 WacomPen - ok
18:48:41.0625 0x2e80 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:48:41.0662 0x2e80 WANARP - ok
18:48:41.0665 0x2e80 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:48:41.0698 0x2e80 Wanarpv6 - ok
18:48:41.0786 0x2e80 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:48:41.0832 0x2e80 WatAdminSvc - ok
18:48:41.0891 0x2e80 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
18:48:41.0970 0x2e80 wbengine - ok
18:48:41.0990 0x2e80 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:48:42.0010 0x2e80 WbioSrvc - ok
18:48:42.0028 0x2e80 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:48:42.0059 0x2e80 wcncsvc - ok
18:48:42.0071 0x2e80 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:48:42.0104 0x2e80 WcsPlugInService - ok
18:48:42.0124 0x2e80 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
18:48:42.0141 0x2e80 Wd - ok
18:48:42.0191 0x2e80 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:48:42.0231 0x2e80 Wdf01000 - ok
18:48:42.0244 0x2e80 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:48:42.0307 0x2e80 WdiServiceHost - ok
18:48:42.0311 0x2e80 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:48:42.0328 0x2e80 WdiSystemHost - ok
18:48:42.0350 0x2e80 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
18:48:42.0377 0x2e80 WebClient - ok
18:48:42.0396 0x2e80 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:48:42.0437 0x2e80 Wecsvc - ok
18:48:42.0453 0x2e80 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:48:42.0483 0x2e80 wercplsupport - ok
18:48:42.0497 0x2e80 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
18:48:42.0529 0x2e80 WerSvc - ok
18:48:42.0562 0x2e80 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:48:42.0598 0x2e80 WfpLwf - ok
18:48:42.0614 0x2e80 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:48:42.0629 0x2e80 WIMMount - ok
18:48:42.0654 0x2e80 WinDefend - ok
18:48:42.0665 0x2e80 WinHttpAutoProxySvc - ok
18:48:42.0711 0x2e80 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:48:42.0744 0x2e80 Winmgmt - ok
18:48:42.0810 0x2e80 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
18:48:42.0912 0x2e80 WinRM - ok
18:48:42.0940 0x2e80 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:48:42.0975 0x2e80 WinUsb - ok
18:48:43.0012 0x2e80 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:48:43.0059 0x2e80 Wlansvc - ok
18:48:43.0076 0x2e80 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:48:43.0094 0x2e80 WmiAcpi - ok
18:48:43.0121 0x2e80 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:48:43.0145 0x2e80 wmiApSrv - ok
18:48:43.0166 0x2e80 WMPNetworkSvc - ok
18:48:43.0178 0x2e80 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:48:43.0203 0x2e80 WPCSvc - ok
18:48:43.0215 0x2e80 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:48:43.0232 0x2e80 WPDBusEnum - ok
18:48:43.0242 0x2e80 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:48:43.0287 0x2e80 ws2ifsl - ok
18:48:43.0300 0x2e80 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
18:48:43.0326 0x2e80 wscsvc - ok
18:48:43.0329 0x2e80 WSearch - ok
18:48:43.0408 0x2e80 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
18:48:43.0497 0x2e80 wuauserv - ok
18:48:43.0528 0x2e80 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:48:43.0557 0x2e80 WudfPf - ok
18:48:43.0582 0x2e80 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:48:43.0614 0x2e80 WUDFRd - ok
18:48:43.0647 0x2e80 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:48:43.0661 0x2e80 wudfsvc - ok
18:48:43.0695 0x2e80 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
18:48:43.0721 0x2e80 WwanSvc - ok
18:48:43.0752 0x2e80 [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:48:43.0769 0x2e80 xusb21 - ok
18:48:43.0784 0x2e80 ================ Scan global ===============================
18:48:43.0801 0x2e80 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:48:43.0833 0x2e80 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:48:43.0844 0x2e80 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:48:43.0866 0x2e80 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:48:43.0885 0x2e80 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:48:43.0893 0x2e80 [ Global ] - ok
18:48:43.0893 0x2e80 ================ Scan MBR ==================================
18:48:43.0904 0x2e80 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:48:44.0124 0x2e80 \Device\Harddisk0\DR0 - ok
18:48:44.0124 0x2e80 ================ Scan VBR ==================================
18:48:44.0126 0x2e80 [ FDF1AE1543E23C6938B146999C30F6CB ] \Device\Harddisk0\DR0\Partition1
18:48:44.0127 0x2e80 \Device\Harddisk0\DR0\Partition1 - ok
18:48:44.0129 0x2e80 [ 621E9EF8F3DDE51F18A61C5410BDBCAA ] \Device\Harddisk0\DR0\Partition2
18:48:44.0131 0x2e80 \Device\Harddisk0\DR0\Partition2 - ok
18:48:44.0132 0x2e80 [ D01CED3B954531A26D420DBAC1DE08CB ] \Device\Harddisk0\DR0\Partition3
18:48:44.0134 0x2e80 \Device\Harddisk0\DR0\Partition3 - ok
18:48:44.0134 0x2e80 ================ Scan generic autorun ======================
18:48:44.0338 0x2e80 [ F9E8F9104C629608470B2E6D6A3AC59A, BA848885F031A505A69BDA59888CE858FBBF856F1DF9C47068D0A6142602E74C ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
18:48:44.0534 0x2e80 RTHDVCPL - ok
18:48:44.0583 0x2e80 [ CC9823AA6E3F6229CD6DA193551314A5, 76BCD2BCA391C2114BF9D28FA290D9B39D16379C410070E0E3A6376FDEE51CE1 ] D:\itunes (1)\iTunesHelper.exe
18:48:44.0595 0x2e80 iTunesHelper - ok
18:48:44.0632 0x2e80 [ F442241ED1840450DE1572BAAACC0EE0, 8878637DF4475BA967120470037CFDB147C46D8B4ED1661D4379D30EB3341135 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
18:48:44.0641 0x2e80 IMSS - ok
18:48:44.0678 0x2e80 [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
18:48:44.0690 0x2e80 USB3MON - ok
18:48:44.0731 0x2e80 [ A8D90CF5DC9878D7CA6FEDB0EC730F59, 08FFA3882C76D9C73480B5741F41C62589A1E5B5F11F4C5EC55D13BB284F922F ] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe
18:48:44.0739 0x2e80 IntelSBA - ok
18:48:44.0802 0x2e80 [ E971C2901BC0E9934D01D84AD127FAAF, 2DC4B1D898430CD152B16D0909C9DEF252579F91E093632E78D47F77CBFDC843 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
18:48:44.0811 0x2e80 APSDaemon - ok
18:48:44.0812 0x2e80 QuickTime Plugin Install - ok
18:48:44.0885 0x2e80 [ 4CB7CEE3F7540B0BEDBD158D75F06509, 73348467A976AF06928B402E12A622BB1B5BD8BB2AC6446117E1FD1EEAFED217 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
18:48:44.0911 0x2e80 StartCCC - ok
18:48:45.0112 0x2e80 [ 82B7AE85A3C197514055DA16D658D8C1, 6FB05B89FBD5FA39F86B7A260CF2C6A692F01FAF79828B18B00735D5A59BC81B ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
18:48:45.0272 0x2e80 AvastUI.exe - ok
18:48:45.0326 0x2e80 [ F62FC64D77CDC71BDA5ED9E34A7D73A8, FA840AA440519C3D9ED4406EF169E8B72B1913E525A49B4DAFBB1F8831C50C45 ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
18:48:45.0353 0x2e80 Cisco AnyConnect Secure Mobility Agent for Windows - ok
18:48:45.0396 0x2e80 [ 6513807FEE68E6C32E67437EE3FFB6C8, 2AB388BD68E984C38EAAF2D42DE918A64B42DA229627FC0B1A896A8AD60B5F91 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:48:45.0415 0x2e80 SunJavaUpdateSched - ok
18:48:45.0469 0x2e80 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:48:45.0534 0x2e80 Sidebar - ok
18:48:45.0552 0x2e80 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:48:45.0576 0x2e80 mctadmin - ok
18:48:45.0611 0x2e80 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:48:45.0647 0x2e80 Sidebar - ok
18:48:45.0651 0x2e80 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:48:45.0667 0x2e80 mctadmin - ok
18:48:45.0669 0x2e80 CyberGhost - ok
18:48:45.0669 0x2e80 HydraVisionDesktopManager - ok
18:48:45.0684 0x2e80 AutoStartNPSAgent - ok
18:48:45.0685 0x2e80 Waiting for KSN requests completion. In queue: 210
18:48:46.0685 0x2e80 Waiting for KSN requests completion. In queue: 210
18:48:47.0686 0x2e80 Waiting for KSN requests completion. In queue: 210
18:48:48.0725 0x2e80 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
18:48:48.0728 0x2e80 Win FW state via NFP2: enabled ( trusted )
18:48:51.0201 0x2e80 ============================================================
18:48:51.0201 0x2e80 Scan finished
18:48:51.0201 0x2e80 ============================================================
18:48:51.0206 0x2d80 Detected object count: 0
18:48:51.0206 0x2d80 Actual detected object count: 0
|
|
04.06.2016, 18:04
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Scans nach Anleitung wiederholen: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2  
Schritt 3 Downloade Dir HitmanPro  auf Deinen Desktop:HitmanPro-32 Bit Version HitmanPro-64 Bit Version
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.06.2016, 01:51
| #5 |
| | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an AdwCleaner Code:
ATTFilter # AdwCleaner v5.119 - Bericht erstellt am 05/06/2016 um 01:16:04
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-06-03.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : Kiwi - KIWIPC
# Gestartet von : C:\Users\Kiwi\Desktop\AdwCleaner_5.119.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht : C:\ProgramData\9768c88e73e60ecb
[#] Ordner gelöscht : C:\ProgramData\Application Data\9768c88e73e60ecb
[-] Ordner gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
[-] Ordner gelöscht : C:\Program Files (x86)\Common Files\Tobit
[-] Ordner gelöscht : C:\Users\Kiwi\AppData\Roaming\GrabPro
[-] Ordner gelöscht : C:\Users\Kiwi\AppData\Roaming\ProgSense
[-] Ordner gelöscht : C:\Users\Kiwi\AppData\Local\CrashRpt
***** [ Dateien ] *****
[-] Datei gelöscht : C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\invalidprefs.js
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Wert gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\f
[-] Schlüssel gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Schlüssel gelöscht : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
[-] Wert gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
[-] Schlüssel gelöscht : HKCU\Software\APN PIP
[-] Schlüssel gelöscht : HKCU\Software\Conduit
[-] Schlüssel gelöscht : HKCU\Software\InstallCore
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKCU\Software\ProgSense
[-] Schlüssel gelöscht : HKCU\Software\UpToDown
[-] Schlüssel gelöscht : HKCU\Software\Yahoo\Companion
[-] Schlüssel gelöscht : HKCU\Software\Yahoo\YFriendsBar
[-] Schlüssel gelöscht : HKCU\Software\delta
[-] Schlüssel gelöscht : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Yahoo\Companion
[-] Schlüssel gelöscht : HKLM\SOFTWARE\systweak
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Daten wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Schlüssel gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
[-] Schlüssel gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [10230 Bytes] - [05/06/2016 01:16:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [10784 Bytes] - [03/06/2016 14:00:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [10858 Bytes] - [03/06/2016 14:02:03]
C:\AdwCleaner\AdwCleaner[S3].txt - [10951 Bytes] - [05/06/2016 01:11:04]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10526 Bytes] ##########
MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 05.06.2016 Suchlaufzeit: 01:38 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.06.04.06 Rootkit-Datenbank: v2016.05.27.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kiwi Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 339283 Abgelaufene Zeit: 15 Min., 54 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Tiefer Rootkit-Suchlauf: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 21 PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, In Quarantäne, [ed09e1174851fa3c92fd05788082946c], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, In Quarantäne, [ed09e1174851fa3c92fd05788082946c], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, In Quarantäne, [f8fe35c306932e08504182fbc63cd927], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, In Quarantäne, [f8fe35c306932e08504182fbc63cd927], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, In Quarantäne, [c333d028c3d674c24c42add018ea8b75], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}, In Quarantäne, [8c6a7a7e524744f26e804163f310c739], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [eb0bae4a69303105f774a9e6986b6d93], Registrierungswerte: 8 PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}|OSDFileURL, file:///C:/Users/Kiwi/AppData/Local/TNT2/Profiles/10557/yah10557.xml, In Quarantäne, [8c6a7a7e524744f26e804163f310c739] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, In Quarantäne, [eb0bae4a69303105f774a9e6986b6d93] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, In Quarantäne, [d224fefa1089bc7ab7b4206f0102619f] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, In Quarantäne, [51a514e44c4d86b09fccf19ea063d729] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, In Quarantäne, [6690a75195049e982b406b24fb08847c] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, In Quarantäne, [a155c4343861191d0d5e9ef1ab58619f] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, In Quarantäne, [b1455b9d1a7fa59171fa3b54bd464cb4] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, In Quarantäne, [688e2bcd4b4eca6c5d0ed3bc2fd4827e] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) HitmanPro Code:
ATTFilter HitmanPro 3.7.14.265
www.hitmanpro.com
Computer name . . . . : KIWIPC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : KIWIPC\Kiwi
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2016-06-05 02:02:14
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 22s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 7
Objects scanned . . . : 1.545.619
Files scanned . . . . : 67.876
Remnants scanned . . : 328.809 files / 1.148.934 keys
Miniport ____________________________________________________________________
Primary
DriverObject . . . : FFFFFA800718ED30
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFFA800667F2C0 +0
Solution
DriverObject . . . : FFFFFA800718ED30
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFF880012A34D8 \SystemRoot\system32\drivers\ataport.SYS+29912
Suspicious files ____________________________________________________________
C:\Users\Kiwi\Desktop\Virus\FRST64.exe
Size . . . . . . . : 2.383.872 bytes
Age . . . . . . . : 1.2 days (2016-06-03 20:58:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 68D3444DC8EED7750F78DB574D0714A4811794E9A57AE09D259711ED79A431EA
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.1s C:\Users\Kiwi\Desktop\Virus\mbam-setup-2.2.1.1043.exe
0.0s C:\Users\Kiwi\Desktop\Virus\FRST64.exe
11.6s C:\Users\Kiwi\Desktop\Virus\AdwCleaner_5.119.exe
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}\ (YahooToolbar)
HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}\ (YahooToolbar)
HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}\ (YahooToolbar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\ (AdBlocker)
HKU\S-1-5-21-1078192431-239819200-2145751044-1001\Software\Conduit\ (Conduit)
HKU\S-1-5-21-1078192431-239819200-2145751044-1001\Software\Delta\ (SpeedUpMyPC)
|
|
05.06.2016, 11:02
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner anGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Schritt 1   Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ --> Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an |
|
05.06.2016, 14:03
| #7 |
| | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Also Probleme kann ich nicht feststellen, aber mir ist auch vorher nichts beim alltäglichen Gebrauch aufgefallen, bis auf einmal mein E-Mail-Konto gehackt wurde. Deshalb poste ich die Logs noch mal FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 01
durchgeführt von Kiwi (Administrator) auf KIWIPC (05-06-2016 14:58:25)
Gestartet von C:\Users\Kiwi\Desktop
Geladene Profile: Kiwi (Verfügbare Profile: Kiwi & Mcx1-KIWI-PC)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) D:\itunes (1)\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() Q:\140066.enu\Office14\WINWORDC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() Q:\140066.ENU\OFFICE14\OffSpon.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\itunes (1)\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] => D:\Quicktime\Plugins\DeleteMe1.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-04] (AVAST Software)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10]
ShortcutTarget: Audible Download Manager.lnk -> D:\Audible\Bin\AudibleDownloadHelper.exe (Keine Datei)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F8CE8708-5C3F-48FF-996E-AFF92665AD4C}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {07D56749-CE28-4EAD-98CF-98486A8E78D3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\Kiwi\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-04] (AVAST Software)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-04] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104
FF Homepage: google.de
FF NetworkProxy: "backup.ftp", "212.29.229.21"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "212.29.229.21"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "212.29.229.21"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "198.50.129.9"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "119.4.115.51"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "198.50.129.9"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "198.50.129.9"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "198.50.129.9"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-16] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08]
FF Extension: Modify Headers - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-04-27]
FF Extension: Video DownloadHelper - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: DownThemAll! - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-04]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-06-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-04] (AVAST Software)
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-04-28] (Electronic Arts)
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation) [Datei ist nicht signiert]
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.) [Datei ist nicht signiert]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-23] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.)
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2010-11-21] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-05 14:58 - 2016-06-05 14:58 - 00018429 _____ C:\Users\Kiwi\Desktop\FRST.txt
2016-06-05 14:58 - 2016-06-05 14:58 - 00000000 ____D C:\Users\Kiwi\Desktop\FRST-OlderVersion
2016-06-05 11:57 - 2016-06-04 18:52 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF5F2.tmp
2016-06-05 02:00 - 2016-06-05 02:46 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-05 01:59 - 2016-06-05 01:59 - 00007040 _____ C:\Users\Kiwi\Desktop\mbam.txt
2016-06-05 01:16 - 2016-06-05 01:16 - 00010622 _____ C:\Users\Kiwi\Desktop\AdwCleaner[C1].txt
2016-06-05 01:07 - 2016-06-05 01:07 - 03677248 _____ C:\Users\Kiwi\Desktop\AdwCleaner_5.119.exe
2016-06-04 21:00 - 2016-06-04 21:00 - 11438608 _____ (SurfRight B.V.) C:\Users\Kiwi\Desktop\HitmanPro_x64.exe
2016-06-04 20:59 - 2016-06-04 21:00 - 22851472 _____ (Malwarebytes ) C:\Users\Kiwi\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-04 18:52 - 2016-06-04 18:52 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-04 18:52 - 2016-06-04 18:52 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-04 18:46 - 2016-06-04 19:01 - 00214646 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_18.46.19_log.txt
2016-06-04 18:46 - 2016-06-04 18:46 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Kiwi\Desktop\tdsskiller.exe
2016-06-04 11:26 - 2016-06-04 11:26 - 00076769 _____ C:\Users\Kiwi\Desktop\Zunehmen-Ernährungsplan-mit-Fleisch.pdf
2016-06-03 21:19 - 2016-06-05 14:57 - 00000000 ____D C:\Users\Kiwi\Desktop\L
2016-06-03 20:58 - 2016-06-05 14:58 - 02384896 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64.exe
2016-06-03 18:06 - 2016-06-03 18:06 - 00131792 _____ C:\Users\Kiwi\AppData\Local\recently-used.xbel
2016-06-03 13:59 - 2016-06-05 01:42 - 00000000 ____D C:\AdwCleaner
2016-06-03 11:46 - 2016-06-05 14:58 - 00000000 ____D C:\FRST
2016-06-03 11:18 - 2016-06-05 01:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-03 11:18 - 2016-06-03 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-06-03 11:17 - 2016-06-03 11:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-03 11:17 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-03 11:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-03 11:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-02 21:21 - 2016-06-02 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16
2016-06-01 21:34 - 2016-06-04 00:26 - 00000000 ____D C:\Users\Kiwi\Documents\Citavi 5
2016-06-01 21:34 - 2016-06-01 21:47 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Swiss Academic Software
2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2016-06-01 21:32 - 2016-06-01 21:32 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Downloaded Installations
2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\Public\CyberLink
2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\Kiwi\Documents\CyberLink
2016-05-30 23:40 - 2016-05-30 23:40 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Cyberlink
2016-05-30 23:33 - 2016-06-03 01:50 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-05-30 23:33 - 2016-05-30 23:33 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-05-30 23:30 - 2016-06-03 01:50 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-05-30 23:30 - 2016-05-30 23:41 - 00000000 ____D C:\ProgramData\CyberLink
2016-05-30 23:30 - 2016-05-30 23:30 - 00000000 ____D C:\ProgramData\install_clap
2016-05-26 00:28 - 2016-06-02 20:11 - 00149015 _____ C:\Users\Kiwi\Desktop\2016_06rechnung_5616687642.pdf
2016-05-11 11:35 - 2016-05-11 11:35 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\com.bby.cinemanowca
2016-05-11 01:18 - 2016-05-15 12:14 - 00000000 ____D C:\Users\Kiwi\Desktop\Rupp 2013
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-05 12:56 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-05 12:56 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-05 11:57 - 2012-04-20 18:12 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-05 11:41 - 2012-09-17 12:04 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-05 11:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-05 02:55 - 2013-03-25 22:46 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\SoftGrid Client
2016-06-05 02:03 - 2013-12-18 02:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\vlc
2016-06-05 01:55 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-06-05 01:16 - 2012-06-03 14:00 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-04 18:52 - 2014-08-01 00:03 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-04 18:52 - 2014-08-01 00:03 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-04 18:52 - 2013-08-03 22:49 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-04 18:52 - 2013-08-03 22:49 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-04 18:52 - 2012-09-17 12:04 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-04 18:52 - 2012-09-17 12:04 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-04 18:52 - 2012-09-17 12:04 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-04 18:52 - 2012-09-17 12:04 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-04 11:21 - 2015-08-05 14:55 - 00000000 ____D C:\Users\Kiwi\Desktop\Neuer Ordner (6)
2016-06-04 01:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-06-04 00:29 - 2015-11-06 00:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 18:48 - 2016-01-28 12:27 - 00000000 ____D C:\Users\Kiwi\.gimp-2.8
2016-06-03 18:06 - 2014-01-07 20:51 - 00000000 ____D C:\Users\Kiwi\AppData\Local\gtk-2.0
2016-06-03 01:50 - 2012-04-20 17:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-03 00:08 - 2014-07-30 23:58 - 00000000 ____D C:\ProgramData\Origin
2016-06-02 21:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-02 15:35 - 2014-09-10 00:10 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-02 00:05 - 2016-05-03 14:14 - 00000000 ____D C:\Users\Kiwi\Desktop\BA-Arbeit Kapitel
2016-06-01 17:04 - 2011-04-12 09:43 - 00701778 _____ C:\Windows\system32\perfh007.dat
2016-06-01 17:04 - 2011-04-12 09:43 - 00150420 _____ C:\Windows\system32\perfc007.dat
2016-06-01 17:04 - 2009-07-14 07:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-01 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-30 16:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-18 00:02 - 2016-04-26 13:39 - 00000000 ____D C:\Users\Kiwi\Desktop\Transkripte für BA-Arbeit
2016-05-16 11:14 - 2013-03-11 20:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-16 11:14 - 2013-03-11 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 14:31 - 2015-11-13 18:50 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Clan_prefs
2016-05-13 01:11 - 2014-12-27 13:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-09 22:58 - 2014-05-27 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-09 22:56 - 2015-04-29 12:02 - 00000000 ____D C:\Users\Kiwi\dwhelper
2016-05-09 13:48 - 2015-05-29 22:41 - 00000000 __SHD C:\AI_RecycleBin
2016-05-08 16:56 - 2015-12-26 13:16 - 00000000 ____D C:\Users\Kiwi\AppData\Local\UnrealEngine
2016-05-08 11:45 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-02-24 00:43 - 2016-03-28 16:51 - 0001456 _____ () C:\Users\Kiwi\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2016-06-03 18:06 - 2016-06-03 18:06 - 0131792 _____ () C:\Users\Kiwi\AppData\Local\recently-used.xbel
2015-06-07 02:41 - 2015-06-07 02:41 - 0007605 _____ () C:\Users\Kiwi\AppData\Local\Resmon.ResmonCfg
2014-06-08 16:27 - 2016-05-15 02:23 - 0002703 _____ () C:\ProgramData\flcd_proxy.log
2013-03-30 00:02 - 2013-03-30 00:14 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
Einige Dateien in TEMP:
====================
C:\Users\Kiwi\AppData\Local\Temp\libeay32.dll
C:\Users\Kiwi\AppData\Local\Temp\msvcr120.dll
C:\Users\Kiwi\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-05-28 00:28
==================== Ende von FRST.txt ============================
Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-06-2016 01
durchgeführt von Kiwi (2016-06-05 14:58:56)
Gestartet von C:\Users\Kiwi\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-04-20 15:20:37)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1078192431-239819200-2145751044-500 - Administrator - Disabled)
Gast (S-1-5-21-1078192431-239819200-2145751044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1078192431-239819200-2145751044-1003 - Limited - Enabled)
Kiwi (S-1-5-21-1078192431-239819200-2145751044-1000 - Administrator - Enabled) => C:\Users\Kiwi
Mcx1-KIWI-PC (S-1-5-21-1078192431-239819200-2145751044-1001 - Limited - Enabled) => C:\Users\Mcx1-KIWI-PC
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Access 97rt PAN EURO G (HKLM-x32\...\Access 97rt PAN EURO G) (Version: - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version: - )
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.08005 - Cisco Systems, Inc.) Hidden
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
CLAN (HKLM-x32\...\{00868CD9-BEB1-4D2C-8307-4AD82C48501A}) (Version: 2.11.00 - CMU)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.42.13482.16 - Electronic Arts)
Fragen-Lern-CD 4.3 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1) (Version: 4.3.5 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.3 (x32 Version: 4.3.5 - Wendel-Verlag GmbH) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: - Intel(R) Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6134.5007 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Yu-Gi-Oh! The Dawn of a New Era Version 5.0.18.3673 (HKLM-x32\...\{1F276EF8-ACD8-4805-845C-BA1FC14DCB3B}_is1) (Version: 5.0.18.3673 - Kaiba Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0071A13B-6B94-46F2-9FB6-ADE22483D5A5} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-KIWI-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {0CC6A309-3F84-4134-8FFB-9171C1FE2932} - System32\Tasks\{1DBE5654-06A6-4930-B238-0DF98147764A} => pcalua.exe -a C:\Users\Kiwi\AppData\Local\TNT2\2.0.0.1627\TNT2User.exe -c /UNINSTALL PARTNER=10557
Task: {172DF47C-9163-4CC4-AB32-7BB276417631} - System32\Tasks\{45912AD4-8F33-4D8D-9554-A80AA320F031} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {1AE6AEA5-5C3E-4F4B-BC06-6AAD7A21D250} - System32\Tasks\{173E985D-BE0F-4425-BDB3-341AF9AB4146} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SSBCUninstall.exe
Task: {2191EFF0-B8A4-4E70-AB0C-A64B67600B84} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {2585F3CA-5711-4D62-B6F5-A199FED58DC7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2B2EA069-9304-4BDF-AF20-4B017C27CC4C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {2B428C53-209C-48C4-A188-624C9CA70FF9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3C96134A-FC2F-4E4B-9EF9-2700AD0D00E6} - System32\Tasks\{66823191-2EB3-47EC-A19A-02C731EA27C2} => pcalua.exe -a E:\dx7ager.exe -d E:\
Task: {4ABB64DA-07A2-46BD-A64B-3E69D48CEC3E} - System32\Tasks\{8CE18D4A-43FB-4D4B-BD63-0B634CDFAFA1} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {4C7DC039-C318-4A43-B7A9-728234D2A737} - System32\Tasks\{AF90126A-79C8-4274-AD4E-38A1B3BDC08D} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {5CEE0A7A-9A24-42B3-A8C4-B264A07E3434} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6672CE13-36D9-4D89-A012-3893126F7B86} - System32\Tasks\{3F24D816-EF75-43E8-9F64-50F1E3DB735E} => pcalua.exe -a C:\Users\Kiwi\Desktop\PESEdit.com_2012_Patch_3.3.1\Installer.exe -d C:\Users\Kiwi\Desktop\PESEdit.com_2012_Patch_3.3.1
Task: {7466DEB7-CB2E-42E6-8A50-621C46C0643E} - System32\Tasks\{60731E58-7FFB-4725-8A0E-4938AF74C082} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {803F5571-B947-425E-A2A9-40FFBEC293E0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {83CE7615-E7E2-40A5-A872-AC1C004B734C} - System32\Tasks\{79A0981F-23F9-4972-A067-D5910A7DAAE0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Task: {883A3927-A45D-4675-BF91-F2EFFA4ACB36} - System32\Tasks\{3670FBCA-2A3C-470A-B293-977CB288DA46} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -c -runfromtemp -l0x0407 -removeonly
Task: {91981B81-7214-48D1-A774-78CBDD928779} - System32\Tasks\{045A154F-0301-4AE9-858C-C7E12566F748} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {99519820-DA6F-4713-802E-8FF328DFC9A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A5ED77AC-6AED-406F-9953-2B16D36EB5F3} - System32\Tasks\{EE93492B-829F-46B8-8BA2-7225EA8C38FE} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {AB7F177B-533D-4559-A658-B5260C43D430} - System32\Tasks\{05376299-63E3-40B4-B000-3BAC939D67C1} => pcalua.exe -a C:\Users\Kiwi\Desktop\epson375890eu.exe -d C:\Users\Kiwi\Desktop
Task: {B6E36C48-A49B-486E-B433-02EA71117731} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-04] (AVAST Software)
Task: {BA07FC55-F1EB-4D5A-8725-902184DD8A13} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BCAB8935-3339-458D-8B1B-0C0E79442CB0} - System32\Tasks\{B1D11270-DC0A-443F-A2C2-7886CB6545AC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {C04C3B6E-DB4A-4790-9455-7A5DB41505BC} - System32\Tasks\{5877E4B1-A854-461D-A464-83E4E03E4047} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {C515F816-D0D4-48C2-81DE-84D0EAB44AC6} - System32\Tasks\{87B8B25C-F246-4C50-A323-E5115EC007AB} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {D2100B8D-CFCF-4F46-B4C7-38B6BF8FF944} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe
Task: {D31D2427-00AE-4BC4-8DF4-2F9F421DDFBA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {DB898384-D1F3-4649-9244-0A6C28D7214B} - System32\Tasks\{C4C55CCC-9DBF-451F-B551-657EA06F68C0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {DC416041-539F-4378-B0DE-9585A0443A5A} - System32\Tasks\{D3869556-B4D2-45ED-9BB6-9B033BF40786} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {E69AC183-3C16-4AB6-BE2C-67EEFE889F79} - System32\Tasks\{8FE250CF-A532-4D2A-89E2-D971EBC570C8} => pcalua.exe -a C:\Users\Kiwi\Desktop\epson29817eu.exe -d C:\Users\Kiwi\Desktop
Task: {E88DA03D-B7F8-4978-9C38-D24035CD37F9} - System32\Tasks\{6E7BB2E2-DB0B-46AD-A7FD-CD4EBAE55CA1} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.64.105/de/abandoninstall?page=tsProgressBar
Task: {EB234CD3-AE7B-4C04-BA18-B6510C3CA55B} - System32\Tasks\{BCDD38EF-0904-43CC-B055-D9F7168A70CD} => D:\StreamTransport\StreamTransport.exe
Task: {F2679F97-D496-4E85-BCBD-70F9956D2763} - System32\Tasks\{B08A6FA7-7E3B-4CDF-8D07-44CDA2804BD1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {F560CC06-3682-441B-A3E7-77352D1C586D} - System32\Tasks\{78685E25-AE26-47B9-BD42-866A20EDC10B} => pcalua.exe -a C:\Users\Kiwi\Downloads\streaming_optimizer_setup.exe -d C:\Users\Kiwi\Downloads
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2012-02-07 21:54 - 2012-02-07 21:54 - 00078624 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-11-03 12:21 - 2015-11-03 12:21 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-06-04 18:52 - 2016-06-04 18:52 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-04 18:52 - 2016-06-04 18:52 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-04 18:51 - 2016-06-04 18:51 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\16060402\algo.dll
2016-06-05 11:41 - 2016-06-05 11:41 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\16060500\algo.dll
2016-06-04 18:52 - 2016-06-04 18:52 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-04 18:52 - 2016-06-04 18:52 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-15 13:06 - 2016-01-15 13:06 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll
2012-04-20 17:58 - 2012-02-21 06:09 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\ProcessPrivileges.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\System.ComponentModel.Composition.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Interop.TaskScheduler.dll
2016-05-16 11:14 - 2016-05-16 11:14 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94298785-BBE7-4803-9808-176D43C4E216}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9688D9CD-38B3-4C6C-85A2-93D8171E3856}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{A6853C33-7D72-4FBC-8627-2A87A55919CA}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [UDP Query User{E0A83EAB-E379-46B6-827E-F0CB77D07E10}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [TCP Query User{01277258-7A3B-4271-9FE7-D4C8607EFA3C}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [UDP Query User{05AF7882-6A87-4B7F-985A-466333B07AC9}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [TCP Query User{D4FD44CC-6F86-465D-9660-EE25780533C4}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [UDP Query User{F5DB8AF0-02B2-47B5-B66A-FD4CD46F78C6}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [TCP Query User{ABDBE795-B056-45E6-9256-94B5C1A48326}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{6B65D548-037A-4A83-8228-4BE7B053A9CC}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{4A90897E-CD4A-4603-A076-2F7603EC17D8}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{8F60A005-04AB-475E-A786-8BFE92808589}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [TCP Query User{49375053-5C68-432F-9781-AC33999F0008}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{4AD3975C-C6E2-4052-AC09-49C919E916C0}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{76CCD08E-FDC4-45B3-BBE4-7F35660D2830}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6177E29A-7E97-423E-9E31-7D391AC1DB6F}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{AF591D2A-0520-4C36-93B3-14AEDAF3A549}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{F983E86F-E76F-4B3D-A004-ACA22CB80938}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{9E4C7613-42CC-4CE2-A645-F2BF96921709}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{30B4081A-2283-41D8-9FBB-B08E8024C881}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{36FD5D36-DF53-4F09-9EDD-152F3F4BA620}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{09310F29-FC7C-4CB4-AB3C-5CA3164757C9}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{EB6E2773-E0F1-4B00-9466-22FB253C88ED}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{E34E6481-9AD7-43AC-AD41-2D8092EDD9CB}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{B6D4044F-D5C8-4087-9B41-7C656EFD9149}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FD68BD03-E04C-4AF5-AEEE-5DAB69C75FB0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C43B7741-5F17-4FBD-BD41-891C55C5ACAD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{E59ABD5C-70B2-4F9C-9BB8-B01DBD44F9EF}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [UDP Query User{98E8DCE4-788A-4E6B-93D6-5579ED579B1E}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [TCP Query User{E71AEEB1-01BD-41AA-8F36-CFF524807B0C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A8BDF807-1C34-419B-A7F5-0D1075FD766C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{DF9C7B38-72C8-4905-BF17-15E3D33793AC}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [UDP Query User{0394E352-ADD2-4B0C-B227-441231BCE97D}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [{8DC61941-EEDE-4959-9AA0-EAD07FDC4DE9}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7D198C55-19F3-4229-8FD4-E8894F94A13D}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F74C777F-9F65-4418-9779-CBFA100AE30E}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{98DFE08A-1684-455A-A9A4-6264C9E3F784}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{77167C1C-9004-42E2-9BA7-1FBC770B7E89}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{C324AD62-C264-434E-AD50-8685C9A654C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{46242EFF-72ED-474C-A15E-17507B313216}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DFD8F70A-D886-49EE-BDA7-ECAB1088734E}C:\users\kiwi\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\kiwi\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [UDP Query User{5D149EAF-08DC-4881-953D-68177630FAE6}C:\users\kiwi\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\kiwi\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [{98C691AC-BCA1-43BD-9DF9-86705F0542F8}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{64A1F775-9F00-4698-BB1C-30234E5E4C75}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{2FF169A4-6B8B-47B4-8724-AE2FCC1B5015}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{F35D6A8D-B3A8-4C01-8956-EBA0A2DF5B1B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{C93155AD-0155-461F-9200-3B8A9E14577B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF829D10-FEE8-4A39-895B-5A270CB8193F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{556741C3-6B18-407D-A36B-2E33091DB2CD}] => (Allow) D:\npsasvr.exe
FirewallRules: [{E36BC25E-DAF0-4A7E-89B8-6EEB3D37F4C7}] => (Allow) D:\npsasvr.exe
FirewallRules: [{4068BB2E-1E2B-4B35-A5F3-830CC0C31A87}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{06CE6F3F-592D-40F3-9352-212C5AF4B359}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{9EA2F439-5C3C-4CC5-A09F-71ABF4F3AB84}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{A69E688A-D28D-4D8A-92D0-74756BE0349B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0A5FCF11-E7F2-4F81-9F43-71AF4D6374F6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{9D2AAA30-7887-4F75-B937-F8B714C15C8C}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{7ECB53BC-7C99-47EC-83B1-9E05FC1B6A23}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{97DB5C82-F495-4902-ACD7-510997B2EE11}] => (Allow) D:\StreamTransport\StreamTransport.exe
FirewallRules: [{716BC0D0-1D25-43E9-A230-8EA33CE2D2A5}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{08418CE3-8F62-44A4-8427-9FEBFFE542FB}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{4DB46D3E-89B2-4A48-97DA-D4B31BB69641}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2B73FA99-F875-4992-9F10-37F78CD7C608}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{839203F3-6FB1-4A71-A6D8-55A3530559BE}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{931D8042-D7F8-4BAC-AF66-577D7C07848B}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [{24D79C9B-F04D-4DD1-9AC8-DE551E973D29}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{DB568B39-2853-4E83-86ED-072619304E66}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{9BC2BE4F-CBA0-452C-ADB7-C843FAEC4C4B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{58F6E409-1128-40CF-A0B4-CCF101E13DB9}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{8C338048-DB27-4E2D-AB8A-EF82FE816AD8}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{4A2AAC95-CF70-474E-8F42-93ADB0BBACEA}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{2FF460ED-3A3F-42C9-B13C-C4F4BCFCA5FB}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{9F962D63-AAB8-4A21-9AB1-AAB1E92CD4DF}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{7BD7B874-0A59-4FC8-8A51-FCCBEDB68F2B}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{9E5E263C-06E1-47A5-A607-570E8913142E}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [TCP Query User{AF1BE002-5DF9-49DB-9145-04F4668498F6}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [UDP Query User{F4D10470-C05D-491B-BB38-A505DC6CCC69}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{CB0C0078-85B0-4BF4-BBC0-630D2D2202DC}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{59363F5C-D949-438C-8544-4D249C34DC65}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{C70883A0-C343-41E3-B6BD-7D75865A5D5B}] => (Allow) D:\Skype\Phone\Skype.exe
FirewallRules: [{7A33FBBA-2C4D-4668-9632-DF6FC4552E40}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{70753751-3DB1-40ED-8051-0596499DD5B1}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{E6DDD641-730A-4647-AD3B-E24C9EBCCB4B}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{182BB2E6-6C64-471C-8223-2505E76A5767}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{230FAD66-FB36-4227-A0C8-BF67D7A62877}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{A2D05491-07CD-4924-8153-BC7A29505700}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{DAAF45B6-8A2F-473C-9BB7-04244E6D50CF}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{5B58AC55-CA8F-452E-B796-F9E7DF687BDB}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{547129D6-5A14-46E5-B11B-3F6E0BB6B0A4}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{CD4EAC82-11C2-41B7-86B1-5FC4CF7619D2}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{7A2DA5E6-C4A7-4F59-B65D-AC48A61064E1}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{187A1EF0-5558-447C-ABEE-625AC07A723B}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{1EFB4A3A-6113-464D-9528-6EFA205A6E65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADFE4FBE-FA82-47D6-BE12-EBA70E0FEABF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C4698300-FE10-4715-ABB4-759C70195532}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{565E985C-046A-435D-9649-07DF5E0AAC93}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{120151B5-E836-42AA-A43F-F12932CF806B}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CD028901-4F2F-450B-91FE-A8B8511A3286}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E57FF4CC-B1B1-4B8F-BD57-76A4C85D51E4}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{6E64CD84-569D-4E8E-A92A-1C23B704609A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{9493AB36-6106-4E5A-8BDF-7EBAC795628B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{BF076DB4-D3A7-4E77-AAF4-3839952B55CE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{D876D33F-1264-49BE-9A61-B16E46CAF5E6}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{BC86322E-CB9C-41A2-9B64-10C49211D7DE}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{80AB14D5-B8B1-404B-B0EF-C5A0771A73C4}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [UDP Query User{616A93E8-729A-4587-9737-1CCCC073ED67}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{853CB42B-6954-4CB0-A55F-85113F6167D9}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{79697550-E990-4CB2-B1D3-DDD86435FDD1}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [TCP Query User{C987FDDC-F65B-449B-BFF2-4FA740BC63A7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [UDP Query User{73F40D76-BDD1-4270-82AD-B45115637DA7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{B3907EE7-BC18-4B43-AFF5-F98C05A393B4}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{5D0EC131-F3A2-441C-879B-65985643F81C}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{2F0557AB-20B4-46A3-B1FA-D078CCA96F34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2952665-C19C-4084-AFBA-A48D1D4A9B3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B0839F3-9AAE-466B-845D-9F77E52F6AC2}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{3B7FB2AB-AAF6-4B4D-83CB-B6CBD1D7C406}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [TCP Query User{333F4A8D-430F-4B7E-ADF2-59365C8CF461}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{EB132654-F851-4A98-8A41-0EB2F2AE92C3}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{D86ACBF1-3A3D-4A4D-84CB-5EB369FC731F}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{23BFFDB7-A160-4F4E-B04B-287A8C85404D}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{A072177C-7188-4EB4-9846-1CD55AD8E934}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [UDP Query User{87EFAD7E-30EF-4BB3-BD5F-5856BD2137FB}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{767A0D3E-6CDA-4093-A469-3A663F938684}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{616DC7E5-3F34-4A8B-B0FA-6103B60F28FC}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{29D906A8-E74A-4DA3-ACBC-45028C63EA40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC24542D-87FB-4406-A45F-253E11FBC154}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99A9A41A-755D-43C9-8C04-46EB23AFF018}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14AADFB8-C9E9-45A1-8A3C-41637D7193A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{867181B9-03AF-45B7-8A7F-766A660EB38E}] => (Allow) D:\itunes (1)\iTunes.exe
FirewallRules: [TCP Query User{445EBC5A-5F72-45F8-9CDE-396279860252}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{48A911E9-B5BC-47ED-B564-05B06D084A4B}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{CA96D09B-8060-4B2D-81B8-E34C4152E478}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{315A886A-E2EB-418F-A831-FA16E3DF8731}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{50FC1106-9F83-42E5-8EEB-61B864B36071}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{81B05483-E256-4251-B0F4-B14AC17CA6DB}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
==================== Wiederherstellungspunkte =========================
05-06-2016 02:28:06 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/05/2016 11:52:11 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (06/05/2016 11:42:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2016 02:05:51 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (06/05/2016 01:55:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2016 01:28:18 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (06/05/2016 01:18:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2016 09:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9033
Error: (06/04/2016 09:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9033
Error: (06/04/2016 09:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/04/2016 09:18:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019
Systemfehler:
=============
Error: (06/05/2016 11:42:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (06/05/2016 11:41:04 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/05/2016 01:55:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (06/05/2016 01:55:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/05/2016 01:18:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (06/05/2016 01:17:23 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/05/2016 01:17:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intel(R) Small Business Advantage" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1115
Error: (06/05/2016 01:17:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Error: (06/05/2016 01:17:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Error: (06/05/2016 01:17:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 8130.21 MB
Verfügbarer physikalischer RAM: 5341.07 MB
Summe virtueller Speicher: 8828.38 MB
Verfügbarer virtueller Speicher: 5716.97 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:50 GB) (Free:2.69 GB) NTFS
Drive d: () (Fixed) (Total:415.66 GB) (Free:39.8 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1FE31042)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=415.7 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
05.06.2016, 14:16
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Was ist den mit den Proxyeinträgen beim Firefox? Können die weg?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.06.2016, 17:11
| #9 |
| | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Ja, die werden nicht mehr gebraucht |
|
05.06.2016, 17:18
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Onlinepasswörter regelmäßig ändern. Accounts werden meist online gehackt und nicht über den PC. Sind Daten mal im Internet, kannste nichts dagegen machen. Schritt 1  Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses:
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\Kiwi\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei
FF NetworkProxy:
EmptyTemp:
 Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.   Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung:  Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.06.2016, 20:35
| #11 |
| | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Hier noch der Inhalt aus der Fixlog-Datei Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
durchgeführt von Kiwi (2016-06-05 21:19:52) Run:2
Gestartet von C:\Users\Kiwi\Desktop
Geladene Profile: Kiwi (Verfügbare Profile: Kiwi & Mcx1-KIWI-PC)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\Kiwi\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei
FF NetworkProxy:
EmptyTemp:
*****************
Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => Wert nicht gefunden.
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Wert nicht gefunden.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk => nicht gefunden.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => Wert nicht gefunden.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Wert nicht gefunden.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden.
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden.
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert nicht gefunden.
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Wert nicht gefunden.
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908} => Schlüssel nicht gefunden.
HKCR\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Schlüssel nicht gefunden.
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Wert nicht gefunden.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Schlüssel nicht gefunden.
FF NetworkProxy: => nicht gefunden
EmptyTemp: => 59.7 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 21:20:24 ====
Und die Dateien, die nach dem Scan mit Malwarebytes in die Quarantäne verschoben wurden, werden doch sicher auch komplett gelöscht und verbleiben nicht auf dem PC, falls ich das Programm deinstallieren sollte? Ansonsten kann ich nur sagen, vielen Dank für die schnelle und gute Hilfe  Geändert von Deuterium (05.06.2016 um 20:46 Uhr) |
|
06.06.2016, 10:36
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Hat Dir der Fix so gut gefallen, dass ihn gleich zweimal gemacht hast was?  Das was MBAM "gelöscht" hat waren Registryeinträge. Das sind keine Dateien die zurückbleiben können. Stell Dir vor, Du hast ein Textdokument und die löschst Wörter und speicherst die Datei dann wieder. Die Wörter sind weg.... Online Banking ist doch immer sicher, solange Du bei der TAN Eingabe vorsichtig bist.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an |
| anti-malware, avast, datei, dnsapi.dll, eset, fremden, gehackt, guten, logfiles, löschen, microsoft, namen, online, relativ, scan, scanner, schadprogramme, suche, trojaner, verschickt, viren, win, win32, windows, windows 7, wrapper, yahoo |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
