Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an

Deuterium · 03.06.2016, 15:03

Einen guten Tag wünsche ich allen,

ich habe gestern Abend einen Anruf bekommen, dass von meiner E-Mail-Adresse bei Yahoo Spam-Mails verschickt wurden. Als ich nachgeschaut habe, habe ich gesehen, dass die Mail von einer fremden Adresse kam, die aber meinen vollen Namen enthielt und dass zudem Adressen aus meinem Adressbuch verwendet wurden. Bei einem Scan mit Avast wurde mir Win32:Hupigon-ONX als Trojaner angezeigt mit dem Dateinamen C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb

Eine Suche mit dem ESET Online Scanner hat keine Ergebnisse gezeigt, Scans mit AdwCleaner und Anti-Malware haben dagegen relativ viele Ergebnisse gezeigt. Ich bin daher ein bisschen in Sorge, dass sich einige Viren oder sonstige Schadprogramme auf meinem PC befinden. Allerdings wollte ich mich vor dem Löschen erst mal an euch wenden, bevor ich irgendetwas unnötigerweise lösche.

Hier die Logfiles

FRST

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
durchgeführt von ***** (Administrator) auf ***** (03-06-2016 11:46:12)
Gestartet von D:\
Geladene Profile: ***** (Verfügbare Profile: ***** & *****)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) D:\itunes (1)\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() Q:\140066.enu\Office14\WINWORDC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() Q:\140066.enu\Office14\OffSpon.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Malwarebytes) D:\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\itunes (1)\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] => D:\Quicktime\Plugins\DeleteMe1.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-12] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10]
ShortcutTarget: Audible Download Manager.lnk -> D:\Audible\Bin\AudibleDownloadHelper.exe (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyServer: [S-1-5-21-1078192431-239819200-2145751044-1000] => http=5.133.176.199:3128
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F8CE8708-5C3F-48FF-996E-AFF92665AD4C}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {07D56749-CE28-4EAD-98CF-98486A8E78D3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\*****\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-12] (AVAST Software)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei
BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Kein Name -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-12] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -  Keine Datei
Toolbar: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Kein Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104
FF Homepage: google.de
FF NetworkProxy: "backup.ftp", "212.29.229.21"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "212.29.229.21"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "212.29.229.21"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "198.50.129.9"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "119.4.115.51"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "198.50.129.9"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "198.50.129.9"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "198.50.129.9"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-16] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08]
FF Extension: Modify Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-04-27]
FF Extension: Video DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: DownThemAll! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-05-27] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-13]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-06-01]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden>
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden>
CHR HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden>
CHR HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-12]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-12] (AVAST Software)
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-04-28] (Electronic Arts)
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-12] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation) [Datei ist nicht signiert]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-03] (Malwarebytes)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.) [Datei ist nicht signiert]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-23] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.)
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2010-11-21] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-03 11:46 - 2016-06-03 11:46 - 00000000 ____D C:\FRST
2016-06-03 11:32 - 2016-06-03 11:44 - 00022232 _____ C:\Users\*****\Desktop\mbam.txt
2016-06-03 11:18 - 2016-06-03 11:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-03 11:18 - 2016-06-03 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-03 11:17 - 2016-06-03 11:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-03 11:17 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-03 11:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-03 11:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-02 21:21 - 2016-06-02 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16
2016-06-01 21:34 - 2016-06-02 15:15 - 00000000 ____D C:\Users\*****\Documents\Citavi 5
2016-06-01 21:34 - 2016-06-01 21:47 - 00000000 ____D C:\Users\*****\AppData\Roaming\Swiss Academic Software
2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2016-06-01 21:32 - 2016-06-01 21:32 - 00000000 ____D C:\Users\*****\AppData\Local\Downloaded Installations
2016-05-31 18:22 - 2016-05-31 18:22 - 00135152 _____ C:\Users\*****\AppData\Local\recently-used.xbel
2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\Public\CyberLink
2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\*****\Documents\CyberLink
2016-05-30 23:40 - 2016-05-30 23:40 - 00000000 ____D C:\Users\*****\AppData\Local\Cyberlink
2016-05-30 23:33 - 2016-06-03 01:50 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-05-30 23:33 - 2016-05-30 23:33 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-05-30 23:30 - 2016-06-03 01:50 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-05-30 23:30 - 2016-05-30 23:41 - 00000000 ____D C:\ProgramData\CyberLink
2016-05-30 23:30 - 2016-05-30 23:30 - 00000000 ____D C:\ProgramData\install_clap
2016-05-26 00:28 - 2016-06-02 20:11 - 00149015 _____ C:\Users\*****\Desktop\2016_06rechnung_5616687642.pdf
2016-05-11 11:35 - 2016-05-11 11:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\com.bby.cinemanowca
2016-05-11 01:18 - 2016-05-15 12:14 - 00000000 ____D C:\Users\*****\Desktop\Rupp 2013

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-03 10:43 - 2015-08-05 14:55 - 00000000 ____D C:\Users\*****\Desktop\Neuer Ordner (6)
2016-06-03 10:24 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-03 10:24 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-03 10:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-03 02:18 - 2013-03-25 22:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client
2016-06-03 01:50 - 2012-04-20 17:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-03 00:08 - 2014-07-30 23:58 - 00000000 ____D C:\ProgramData\Origin
2016-06-02 21:22 - 2013-12-18 02:18 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2016-06-02 21:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-02 15:35 - 2014-09-10 00:10 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-02 00:05 - 2016-05-03 14:14 - 00000000 ____D C:\Users\*****\Desktop\BA-Arbeit Kapitel
2016-06-01 17:04 - 2011-04-12 09:43 - 00701778 _____ C:\Windows\system32\perfh007.dat
2016-06-01 17:04 - 2011-04-12 09:43 - 00150420 _____ C:\Windows\system32\perfc007.dat
2016-06-01 17:04 - 2009-07-14 07:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-01 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-31 22:27 - 2016-01-28 12:27 - 00000000 ____D C:\Users\*****\.gimp-2.8
2016-05-31 18:22 - 2014-01-07 20:51 - 00000000 ____D C:\Users\*****\AppData\Local\gtk-2.0
2016-05-30 16:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-22 11:45 - 2012-09-17 12:04 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-19 18:40 - 2015-11-06 00:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-18 00:02 - 2016-04-26 13:39 - 00000000 ____D C:\Users\*****\Desktop\Transkripte für BA-Arbeit
2016-05-16 11:14 - 2013-03-11 20:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-16 11:14 - 2013-03-11 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 14:31 - 2015-11-13 18:50 - 00000000 ____D C:\Users\*****\AppData\Local\Clan_prefs
2016-05-13 01:11 - 2014-12-27 13:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-09 22:58 - 2014-05-27 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-09 22:56 - 2015-04-29 12:02 - 00000000 ____D C:\Users\*****\dwhelper
2016-05-09 13:48 - 2015-05-29 22:41 - 00000000 __SHD C:\AI_RecycleBin
2016-05-08 16:56 - 2015-12-26 13:16 - 00000000 ____D C:\Users\*****\AppData\Local\UnrealEngine
2016-05-08 11:45 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-04 00:17 - 2016-04-12 22:56 - 00000000 ____D C:\Users\*****\Desktop\KGS

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-02-24 00:43 - 2016-03-28 16:51 - 0001456 _____ () C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2016-05-31 18:22 - 2016-05-31 18:22 - 0135152 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2015-06-07 02:41 - 2015-06-07 02:41 - 0007605 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-06-08 16:27 - 2016-05-15 02:23 - 0002703 _____ () C:\ProgramData\flcd_proxy.log
2013-03-30 00:02 - 2013-03-30 00:14 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-28 00:28

==================== Ende von FRST.txt ============================

Addition

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-06-2016
durchgeführt von ***** (2016-06-03 11:46:36)
Gestartet von D:\
Windows 7 Professional Service Pack 1 (X64) (2012-04-20 15:20:37)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1078192431-239819200-2145751044-500 - Administrator - Disabled)
Gast (S-1-5-21-1078192431-239819200-2145751044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1078192431-239819200-2145751044-1003 - Limited - Enabled)
***** (S-1-5-21-1078192431-239819200-2145751044-1000 - Administrator - Enabled) => C:\Users\*****
Mcx1-*****-PC (S-1-5-21-1078192431-239819200-2145751044-1001 - Limited - Enabled) => C:\Users\Mcx1-*****-PC

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Access 97rt PAN EURO G (HKLM-x32\...\Access 97rt PAN EURO G) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.08005 - Cisco Systems, Inc.) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
CLAN (HKLM-x32\...\{00868CD9-BEB1-4D2C-8307-4AD82C48501A}) (Version: 2.11.00 - CMU)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.42.13482.16 - Electronic Arts)
Fragen-Lern-CD 4.3 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1) (Version: 4.3.5 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.3 (x32 Version: 4.3.5 - Wendel-Verlag GmbH) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version:  - Intel(R) Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6134.5007 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Yu-Gi-Oh! The Dawn of a New Era Version 5.0.18.3673 (HKLM-x32\...\{1F276EF8-ACD8-4805-845C-BA1FC14DCB3B}_is1) (Version: 5.0.18.3673 - Kaiba Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0071A13B-6B94-46F2-9FB6-ADE22483D5A5} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for *****-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {0CC6A309-3F84-4134-8FFB-9171C1FE2932} - System32\Tasks\{1DBE5654-06A6-4930-B238-0DF98147764A} => pcalua.exe -a C:\Users\*****\AppData\Local\TNT2\2.0.0.1627\TNT2User.exe -c /UNINSTALL PARTNER=10557
Task: {172DF47C-9163-4CC4-AB32-7BB276417631} - System32\Tasks\{45912AD4-8F33-4D8D-9554-A80AA320F031} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {1AE6AEA5-5C3E-4F4B-BC06-6AAD7A21D250} - System32\Tasks\{173E985D-BE0F-4425-BDB3-341AF9AB4146} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SSBCUninstall.exe
Task: {2191EFF0-B8A4-4E70-AB0C-A64B67600B84} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {2585F3CA-5711-4D62-B6F5-A199FED58DC7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2B2EA069-9304-4BDF-AF20-4B017C27CC4C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {2B428C53-209C-48C4-A188-624C9CA70FF9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3C96134A-FC2F-4E4B-9EF9-2700AD0D00E6} - System32\Tasks\{66823191-2EB3-47EC-A19A-02C731EA27C2} => pcalua.exe -a E:\dx7ager.exe -d E:\
Task: {3E76700B-2384-4F18-834F-35983FBB8F26} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-12] (AVAST Software)
Task: {4ABB64DA-07A2-46BD-A64B-3E69D48CEC3E} - System32\Tasks\{8CE18D4A-43FB-4D4B-BD63-0B634CDFAFA1} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {4C7DC039-C318-4A43-B7A9-728234D2A737} - System32\Tasks\{AF90126A-79C8-4274-AD4E-38A1B3BDC08D} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {5CEE0A7A-9A24-42B3-A8C4-B264A07E3434} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6672CE13-36D9-4D89-A012-3893126F7B86} - System32\Tasks\{3F24D816-EF75-43E8-9F64-50F1E3DB735E} => pcalua.exe -a C:\Users\*****\Desktop\PESEdit.com_2012_Patch_3.3.1\Installer.exe -d C:\Users\*****\Desktop\PESEdit.com_2012_Patch_3.3.1
Task: {7466DEB7-CB2E-42E6-8A50-621C46C0643E} - System32\Tasks\{60731E58-7FFB-4725-8A0E-4938AF74C082} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {803F5571-B947-425E-A2A9-40FFBEC293E0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {83CE7615-E7E2-40A5-A872-AC1C004B734C} - System32\Tasks\{79A0981F-23F9-4972-A067-D5910A7DAAE0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Task: {883A3927-A45D-4675-BF91-F2EFFA4ACB36} - System32\Tasks\{3670FBCA-2A3C-470A-B293-977CB288DA46} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -c -runfromtemp -l0x0407 -removeonly
Task: {91981B81-7214-48D1-A774-78CBDD928779} - System32\Tasks\{045A154F-0301-4AE9-858C-C7E12566F748} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {99519820-DA6F-4713-802E-8FF328DFC9A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A5ED77AC-6AED-406F-9953-2B16D36EB5F3} - System32\Tasks\{EE93492B-829F-46B8-8BA2-7225EA8C38FE} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {AB7F177B-533D-4559-A658-B5260C43D430} - System32\Tasks\{05376299-63E3-40B4-B000-3BAC939D67C1} => pcalua.exe -a C:\Users\*****\Desktop\epson375890eu.exe -d C:\Users\*****\Desktop
Task: {BA07FC55-F1EB-4D5A-8725-902184DD8A13} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BCAB8935-3339-458D-8B1B-0C0E79442CB0} - System32\Tasks\{B1D11270-DC0A-443F-A2C2-7886CB6545AC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {C04C3B6E-DB4A-4790-9455-7A5DB41505BC} - System32\Tasks\{5877E4B1-A854-461D-A464-83E4E03E4047} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {C515F816-D0D4-48C2-81DE-84D0EAB44AC6} - System32\Tasks\{87B8B25C-F246-4C50-A323-E5115EC007AB} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {D2100B8D-CFCF-4F46-B4C7-38B6BF8FF944} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe 
Task: {D31D2427-00AE-4BC4-8DF4-2F9F421DDFBA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {DB898384-D1F3-4649-9244-0A6C28D7214B} - System32\Tasks\{C4C55CCC-9DBF-451F-B551-657EA06F68C0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {DC416041-539F-4378-B0DE-9585A0443A5A} - System32\Tasks\{D3869556-B4D2-45ED-9BB6-9B033BF40786} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {E69AC183-3C16-4AB6-BE2C-67EEFE889F79} - System32\Tasks\{8FE250CF-A532-4D2A-89E2-D971EBC570C8} => pcalua.exe -a C:\Users\*****\Desktop\epson29817eu.exe -d C:\Users\*****\Desktop
Task: {E88DA03D-B7F8-4978-9C38-D24035CD37F9} - System32\Tasks\{6E7BB2E2-DB0B-46AD-A7FD-CD4EBAE55CA1} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.64.105/de/abandoninstall?page=tsProgressBar
Task: {EB234CD3-AE7B-4C04-BA18-B6510C3CA55B} - System32\Tasks\{BCDD38EF-0904-43CC-B055-D9F7168A70CD} => D:\StreamTransport\StreamTransport.exe
Task: {F2679F97-D496-4E85-BCBD-70F9956D2763} - System32\Tasks\{B08A6FA7-7E3B-4CDF-8D07-44CDA2804BD1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {F560CC06-3682-441B-A3E7-77352D1C586D} - System32\Tasks\{78685E25-AE26-47B9-BD42-866A20EDC10B} => pcalua.exe -a C:\Users\*****\Downloads\streaming_optimizer_setup.exe -d C:\Users\*****\Downloads

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2012-02-07 21:54 - 2012-02-07 21:54 - 00078624 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-11-03 12:21 - 2015-11-03 12:21 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-12 14:29 - 2016-02-12 14:29 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-12 14:29 - 2016-02-12 14:29 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-02 11:15 - 2016-06-02 11:15 - 02984152 _____ () C:\Program Files\AVAST Software\Avast\defs\16060200\algo.dll
2016-04-14 18:04 - 2016-04-14 18:04 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll
2016-01-15 13:06 - 2016-01-15 13:06 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-04-20 17:58 - 2012-02-21 06:09 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\ProcessPrivileges.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\System.ComponentModel.Composition.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Interop.TaskScheduler.dll
2016-05-16 11:14 - 2016-05-16 11:14 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94298785-BBE7-4803-9808-176D43C4E216}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9688D9CD-38B3-4C6C-85A2-93D8171E3856}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{A6853C33-7D72-4FBC-8627-2A87A55919CA}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [UDP Query User{E0A83EAB-E379-46B6-827E-F0CB77D07E10}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [TCP Query User{01277258-7A3B-4271-9FE7-D4C8607EFA3C}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [UDP Query User{05AF7882-6A87-4B7F-985A-466333B07AC9}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [TCP Query User{D4FD44CC-6F86-465D-9660-EE25780533C4}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [UDP Query User{F5DB8AF0-02B2-47B5-B66A-FD4CD46F78C6}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [TCP Query User{ABDBE795-B056-45E6-9256-94B5C1A48326}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{6B65D548-037A-4A83-8228-4BE7B053A9CC}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{4A90897E-CD4A-4603-A076-2F7603EC17D8}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{8F60A005-04AB-475E-A786-8BFE92808589}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [TCP Query User{49375053-5C68-432F-9781-AC33999F0008}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{4AD3975C-C6E2-4052-AC09-49C919E916C0}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{76CCD08E-FDC4-45B3-BBE4-7F35660D2830}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6177E29A-7E97-423E-9E31-7D391AC1DB6F}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{AF591D2A-0520-4C36-93B3-14AEDAF3A549}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{F983E86F-E76F-4B3D-A004-ACA22CB80938}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{9E4C7613-42CC-4CE2-A645-F2BF96921709}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{30B4081A-2283-41D8-9FBB-B08E8024C881}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{36FD5D36-DF53-4F09-9EDD-152F3F4BA620}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{09310F29-FC7C-4CB4-AB3C-5CA3164757C9}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{EB6E2773-E0F1-4B00-9466-22FB253C88ED}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{E34E6481-9AD7-43AC-AD41-2D8092EDD9CB}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{B6D4044F-D5C8-4087-9B41-7C656EFD9149}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FD68BD03-E04C-4AF5-AEEE-5DAB69C75FB0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C43B7741-5F17-4FBD-BD41-891C55C5ACAD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{E59ABD5C-70B2-4F9C-9BB8-B01DBD44F9EF}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [UDP Query User{98E8DCE4-788A-4E6B-93D6-5579ED579B1E}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [TCP Query User{E71AEEB1-01BD-41AA-8F36-CFF524807B0C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A8BDF807-1C34-419B-A7F5-0D1075FD766C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{DF9C7B38-72C8-4905-BF17-15E3D33793AC}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [UDP Query User{0394E352-ADD2-4B0C-B227-441231BCE97D}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [{8DC61941-EEDE-4959-9AA0-EAD07FDC4DE9}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7D198C55-19F3-4229-8FD4-E8894F94A13D}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F74C777F-9F65-4418-9779-CBFA100AE30E}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{98DFE08A-1684-455A-A9A4-6264C9E3F784}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{77167C1C-9004-42E2-9BA7-1FBC770B7E89}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{C324AD62-C264-434E-AD50-8685C9A654C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{46242EFF-72ED-474C-A15E-17507B313216}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DFD8F70A-D886-49EE-BDA7-ECAB1088734E}C:\users\*****\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\*****\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [UDP Query User{5D149EAF-08DC-4881-953D-68177630FAE6}C:\users\*****\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\*****\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [{98C691AC-BCA1-43BD-9DF9-86705F0542F8}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{64A1F775-9F00-4698-BB1C-30234E5E4C75}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{2FF169A4-6B8B-47B4-8724-AE2FCC1B5015}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{F35D6A8D-B3A8-4C01-8956-EBA0A2DF5B1B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{C93155AD-0155-461F-9200-3B8A9E14577B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF829D10-FEE8-4A39-895B-5A270CB8193F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{556741C3-6B18-407D-A36B-2E33091DB2CD}] => (Allow) D:\npsasvr.exe
FirewallRules: [{E36BC25E-DAF0-4A7E-89B8-6EEB3D37F4C7}] => (Allow) D:\npsasvr.exe
FirewallRules: [{4068BB2E-1E2B-4B35-A5F3-830CC0C31A87}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{06CE6F3F-592D-40F3-9352-212C5AF4B359}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{9EA2F439-5C3C-4CC5-A09F-71ABF4F3AB84}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{A69E688A-D28D-4D8A-92D0-74756BE0349B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0A5FCF11-E7F2-4F81-9F43-71AF4D6374F6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{9D2AAA30-7887-4F75-B937-F8B714C15C8C}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{7ECB53BC-7C99-47EC-83B1-9E05FC1B6A23}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{97DB5C82-F495-4902-ACD7-510997B2EE11}] => (Allow) D:\StreamTransport\StreamTransport.exe
FirewallRules: [{716BC0D0-1D25-43E9-A230-8EA33CE2D2A5}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{08418CE3-8F62-44A4-8427-9FEBFFE542FB}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{4DB46D3E-89B2-4A48-97DA-D4B31BB69641}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2B73FA99-F875-4992-9F10-37F78CD7C608}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{839203F3-6FB1-4A71-A6D8-55A3530559BE}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{931D8042-D7F8-4BAC-AF66-577D7C07848B}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [{24D79C9B-F04D-4DD1-9AC8-DE551E973D29}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{DB568B39-2853-4E83-86ED-072619304E66}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{9BC2BE4F-CBA0-452C-ADB7-C843FAEC4C4B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{58F6E409-1128-40CF-A0B4-CCF101E13DB9}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{8C338048-DB27-4E2D-AB8A-EF82FE816AD8}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{4A2AAC95-CF70-474E-8F42-93ADB0BBACEA}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{2FF460ED-3A3F-42C9-B13C-C4F4BCFCA5FB}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{9F962D63-AAB8-4A21-9AB1-AAB1E92CD4DF}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{7BD7B874-0A59-4FC8-8A51-FCCBEDB68F2B}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{9E5E263C-06E1-47A5-A607-570E8913142E}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [TCP Query User{AF1BE002-5DF9-49DB-9145-04F4668498F6}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [UDP Query User{F4D10470-C05D-491B-BB38-A505DC6CCC69}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{CB0C0078-85B0-4BF4-BBC0-630D2D2202DC}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{59363F5C-D949-438C-8544-4D249C34DC65}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{C70883A0-C343-41E3-B6BD-7D75865A5D5B}] => (Allow) D:\Skype\Phone\Skype.exe
FirewallRules: [{7A33FBBA-2C4D-4668-9632-DF6FC4552E40}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{70753751-3DB1-40ED-8051-0596499DD5B1}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{E6DDD641-730A-4647-AD3B-E24C9EBCCB4B}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{182BB2E6-6C64-471C-8223-2505E76A5767}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{230FAD66-FB36-4227-A0C8-BF67D7A62877}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{A2D05491-07CD-4924-8153-BC7A29505700}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{DAAF45B6-8A2F-473C-9BB7-04244E6D50CF}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{5B58AC55-CA8F-452E-B796-F9E7DF687BDB}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{547129D6-5A14-46E5-B11B-3F6E0BB6B0A4}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{CD4EAC82-11C2-41B7-86B1-5FC4CF7619D2}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{7A2DA5E6-C4A7-4F59-B65D-AC48A61064E1}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{187A1EF0-5558-447C-ABEE-625AC07A723B}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{1EFB4A3A-6113-464D-9528-6EFA205A6E65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADFE4FBE-FA82-47D6-BE12-EBA70E0FEABF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C4698300-FE10-4715-ABB4-759C70195532}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{565E985C-046A-435D-9649-07DF5E0AAC93}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{120151B5-E836-42AA-A43F-F12932CF806B}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CD028901-4F2F-450B-91FE-A8B8511A3286}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E57FF4CC-B1B1-4B8F-BD57-76A4C85D51E4}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{6E64CD84-569D-4E8E-A92A-1C23B704609A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{9493AB36-6106-4E5A-8BDF-7EBAC795628B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{BF076DB4-D3A7-4E77-AAF4-3839952B55CE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{D876D33F-1264-49BE-9A61-B16E46CAF5E6}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{BC86322E-CB9C-41A2-9B64-10C49211D7DE}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{80AB14D5-B8B1-404B-B0EF-C5A0771A73C4}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [UDP Query User{616A93E8-729A-4587-9737-1CCCC073ED67}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{853CB42B-6954-4CB0-A55F-85113F6167D9}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{79697550-E990-4CB2-B1D3-DDD86435FDD1}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [TCP Query User{C987FDDC-F65B-449B-BFF2-4FA740BC63A7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [UDP Query User{73F40D76-BDD1-4270-82AD-B45115637DA7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{B3907EE7-BC18-4B43-AFF5-F98C05A393B4}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{5D0EC131-F3A2-441C-879B-65985643F81C}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{2F0557AB-20B4-46A3-B1FA-D078CCA96F34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2952665-C19C-4084-AFBA-A48D1D4A9B3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B0839F3-9AAE-466B-845D-9F77E52F6AC2}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{3B7FB2AB-AAF6-4B4D-83CB-B6CBD1D7C406}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [TCP Query User{333F4A8D-430F-4B7E-ADF2-59365C8CF461}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{EB132654-F851-4A98-8A41-0EB2F2AE92C3}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{D86ACBF1-3A3D-4A4D-84CB-5EB369FC731F}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{23BFFDB7-A160-4F4E-B04B-287A8C85404D}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{A072177C-7188-4EB4-9846-1CD55AD8E934}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [UDP Query User{87EFAD7E-30EF-4BB3-BD5F-5856BD2137FB}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{767A0D3E-6CDA-4093-A469-3A663F938684}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{616DC7E5-3F34-4A8B-B0FA-6103B60F28FC}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{29D906A8-E74A-4DA3-ACBC-45028C63EA40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC24542D-87FB-4406-A45F-253E11FBC154}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99A9A41A-755D-43C9-8C04-46EB23AFF018}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14AADFB8-C9E9-45A1-8A3C-41637D7193A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{867181B9-03AF-45B7-8A7F-766A660EB38E}] => (Allow) D:\itunes (1)\iTunes.exe
FirewallRules: [TCP Query User{445EBC5A-5F72-45F8-9CDE-396279860252}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{48A911E9-B5BC-47ED-B564-05B06D084A4B}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{CA96D09B-8060-4B2D-81B8-E34C4152E478}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{315A886A-E2EB-418F-A831-FA16E3DF8731}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{50FC1106-9F83-42E5-8EEB-61B864B36071}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{81B05483-E256-4251-B0F4-B14AC17CA6DB}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe

==================== Wiederherstellungspunkte =========================

03-06-2016 11:43:57 Windows Modules Installer

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/03/2016 10:27:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (06/03/2016 10:17:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2016 01:28:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/03/2016 01:28:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/02/2016 09:51:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (06/02/2016 09:41:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2016 05:14:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 3.42.16.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7d0

Startzeit: 01d1bcca1f38bce6

Endzeit: 27

Anwendungspfad: D:\steam\Steam.exe

Berichts-ID: a546ba08-28d4-11e6-b68b-00059a3c7a00

Error: (06/02/2016 01:15:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/02/2016 01:15:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/02/2016 11:25:58 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.


Systemfehler:
=============
Error: (06/03/2016 10:17:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (06/03/2016 10:16:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/02/2016 09:41:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (06/02/2016 09:38:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/02/2016 08:41:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/02/2016 01:17:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/02/2016 11:15:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (06/02/2016 11:14:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/01/2016 01:09:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/01/2016 11:32:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 8130.21 MB
Verfügbarer physikalischer RAM: 4700.46 MB
Summe virtueller Speicher: 8930.34 MB
Verfügbarer virtueller Speicher: 5280.95 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:50 GB) (Free:2.08 GB) NTFS
Drive d: () (Fixed) (Total:415.66 GB) (Free:39.64 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1FE31042)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=415.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Malwarebytes Anti-Malware

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 03.06.2016
Suchlaufzeit: 11:19
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.03.01
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 337625
Abgelaufene Zeit: 10 Min., 14 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 96
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], 
Adware.1ClickDownload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], 
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\f, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\f, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [7419ef097c1de94d0445038be61d47b9], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [0885f503e4b5c076e16a1b7302019b65], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [632a2fc9aeebb97dd772ef9fca39e11f], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [b6d79563f5a413239caf2d6138cbcf31], 
PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, , [46471cdc1683e0563386217bba492ad6], 
PUP.Optional.InstallCore, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\InstallCore, , [d2bb1fd9841551e564bce1b1d52e5ca4], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [a1ec758332671422d96dd1bdb54e946c], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [abe28573a0f9ce68c1863f4fcb38966a], 
PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}, , [c4c9aa4ea4f59b9b329acdd6927150b0], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [0c81c0389bfe43f359eecdc1de252ed2], 

Registrierungswerte: 30
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Funmoods Toolbar, , [1c714cac6633d561343ba2da3fc37f81]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [17767c7c7f1ac76f313ebfbd986aed13], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [0885f503e4b5c076e16a1b7302019b65]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [b6d732c66c2d251119323d514ab943bd]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [45487781c6d3f04643089df1c93a6997]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [6d208573693096a053f8c4ca62a1ee12]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [94f9c5330c8d3ff77fcc1c721ae9a55b]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [2e5f46b2a0f9b185a7a4d4ba6f94cc34]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [fd90c533bddcb97d0d3edfaf857e0cf4]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [b6d79563f5a413239caf2d6138cbcf31]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [008d1fd925743ff777d4018d46bdb24e]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [187528d0fe9b49edba910c82d231946c]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [2766ec0c6d2c3df90a414846798a20e0]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [fc917e7a03962e0860eb3658a3600ff1]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [1c71c038e4b5f640a1aac3cb05fee818]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [8607c0384851211545065f2f20e3c43c]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [abe28573a0f9ce68c1863f4fcb38966a]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [335a1ddb8019f73fb88f4d41a261aa56]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [385536c29009e353ef5835595ea5cc34]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [1c718078ddbcfe3865e2137b808352ae]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [f89515e31f7a330379ce1876dd269d63]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [1a730aee1881b4820047f39be221f30d]
PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}|OSDFileURL, file:///C:/Users/*****/AppData/Local/TNT2/Profiles/10557/yah10557.xml, , [c4c9aa4ea4f59b9b329acdd6927150b0]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [0c81c0389bfe43f359eecdc1de252ed2]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [6825e0181782b87e88bfb4dab94a2dd3]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [1677c434910843f3b5926a24a16213ed]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [7d100deb1c7dd95d2b1c820c17ec926e]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [8c0124d44c4d93a3d374bad4ae558d73]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [67263bbdd3c6e74fcf78a7e717ecb050]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [8b022ecabddca096a2a5cdc144bf837d]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

AdwCleaner

Code:

ATTFilter

# AdwCleaner v5.119 - Bericht erstellt am 03/06/2016 um 14:02:03
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-05-30.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : ***** - *****PC
# Gestartet von : D:\AdwCleaner_5.119.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

Ordner gefunden : C:\ProgramData\9768c88e73e60ecb
Ordner gefunden : C:\ProgramData\Application Data\9768c88e73e60ecb
Ordner gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner gefunden : C:\Program Files (x86)\Common Files\Tobit
Ordner gefunden : C:\Users\*****\AppData\Roaming\GrabPro
Ordner gefunden : C:\Users\*****\AppData\Roaming\ProgSense
Ordner gefunden : C:\Users\*****\AppData\Local\CrashRpt

***** [ Dateien ] *****

Datei gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\invalidprefs.js

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Wert gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\f
Schlüssel gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel gefunden : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Schlüssel gefunden : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Wert gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Wert gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Schlüssel gefunden : HKCU\Software\APN PIP
Schlüssel gefunden : HKCU\Software\Conduit
Schlüssel gefunden : HKCU\Software\InstallCore
Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : HKCU\Software\ProgSense
Schlüssel gefunden : HKCU\Software\UpToDown
Schlüssel gefunden : HKCU\Software\Yahoo\Companion
Schlüssel gefunden : HKCU\Software\Yahoo\YFriendsBar
Schlüssel gefunden : HKCU\Software\delta
Schlüssel gefunden : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Schlüssel gefunden : HKLM\SOFTWARE\Yahoo\Companion
Schlüssel gefunden : HKLM\SOFTWARE\systweak
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\APN PIP
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Conduit
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\InstallCore
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\OCS
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\ProgSense
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\UpToDown
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Yahoo\Companion
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Yahoo\YFriendsBar
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\delta
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\AppDataLow\Software\Yahoo\Companion
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Daten gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd

***** [ Internetbrowser ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [10784 Bytes] - [03/06/2016 14:00:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [10688 Bytes] - [03/06/2016 14:02:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10762 Bytes] ##########

deeprybka · 04.06.2016, 17:18

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Deuterium · 04.06.2016, 18:00

Hallo Jürgen,

hier ist das Logfile von TDSSKiller

Code:

ATTFilter

18:46:19.0643 0x27bc  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
18:46:22.0774 0x27bc  ============================================================
18:46:22.0774 0x27bc  Current date / time: 2016/06/04 18:46:22.0774
18:46:22.0774 0x27bc  SystemInfo:
18:46:22.0774 0x27bc  
18:46:22.0774 0x27bc  OS Version: 6.1.7601 ServicePack: 1.0
18:46:22.0774 0x27bc  Product type: Workstation
18:46:22.0774 0x27bc  ComputerName: KIWIPC
18:46:22.0774 0x27bc  UserName: Kiwi
18:46:22.0774 0x27bc  Windows directory: C:\Windows
18:46:22.0774 0x27bc  System windows directory: C:\Windows
18:46:22.0774 0x27bc  Running under WOW64
18:46:22.0774 0x27bc  Processor architecture: Intel x64
18:46:22.0774 0x27bc  Number of processors: 4
18:46:22.0774 0x27bc  Page size: 0x1000
18:46:22.0774 0x27bc  Boot type: Normal boot
18:46:22.0774 0x27bc  ============================================================
18:46:23.0918 0x27bc  KLMD registered as C:\Windows\system32\drivers\07256082.sys
18:46:24.0294 0x27bc  System UUID: {19F6A90A-D270-EDA4-C874-0D5EEE50AE3E}
18:46:24.0695 0x27bc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:24.0710 0x27bc  ============================================================
18:46:24.0710 0x27bc  \Device\Harddisk0\DR0:
18:46:24.0711 0x27bc  MBR partitions:
18:46:24.0711 0x27bc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:46:24.0711 0x27bc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6401000
18:46:24.0711 0x27bc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6433800, BlocksNum 0x33F52000
18:46:24.0711 0x27bc  ============================================================
18:46:24.0749 0x27bc  C: <-> \Device\Harddisk0\DR0\Partition2
18:46:24.0827 0x27bc  D: <-> \Device\Harddisk0\DR0\Partition3
18:46:24.0828 0x27bc  ============================================================
18:46:24.0828 0x27bc  Initialize success
18:46:24.0828 0x27bc  ============================================================
18:48:04.0171 0x2e80  ============================================================
18:48:04.0171 0x2e80  Scan started
18:48:04.0171 0x2e80  Mode: Manual; SigCheck; TDLFS; 
18:48:04.0171 0x2e80  ============================================================
18:48:04.0171 0x2e80  KSN ping started
18:48:06.0556 0x2e80  KSN ping finished: true
18:48:07.0159 0x2e80  ================ Scan system memory ========================
18:48:07.0159 0x2e80  System memory - ok
18:48:07.0159 0x2e80  ================ Scan services =============================
18:48:07.0319 0x2e80  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:48:07.0393 0x2e80  1394ohci - ok
18:48:07.0418 0x2e80  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:48:07.0442 0x2e80  ACPI - ok
18:48:07.0445 0x2e80  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:48:07.0470 0x2e80  AcpiPmi - ok
18:48:07.0559 0x2e80  [ AAA8E68E685DB1B68747E3DF68F96368, 1A5BE239B2D0C6F727303A98CFFC91070B6A05ECD6B9CD05AB326AC1910ECEBF ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
18:48:07.0594 0x2e80  acsock - ok
18:48:07.0733 0x2e80  [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:07.0751 0x2e80  AdobeARMservice - ok
18:48:07.0789 0x2e80  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:48:07.0828 0x2e80  adp94xx - ok
18:48:07.0876 0x2e80  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:48:07.0908 0x2e80  adpahci - ok
18:48:07.0914 0x2e80  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:48:07.0934 0x2e80  adpu320 - ok
18:48:07.0958 0x2e80  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:48:08.0054 0x2e80  AeLookupSvc - ok
18:48:08.0107 0x2e80  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
18:48:08.0158 0x2e80  AFD - ok
18:48:08.0176 0x2e80  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:48:08.0192 0x2e80  agp440 - ok
18:48:08.0212 0x2e80  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:48:08.0241 0x2e80  ALG - ok
18:48:08.0269 0x2e80  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:48:08.0284 0x2e80  aliide - ok
18:48:08.0362 0x2e80  [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:48:08.0431 0x2e80  AMD External Events Utility - ok
18:48:08.0460 0x2e80  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:48:08.0487 0x2e80  amdide - ok
18:48:08.0506 0x2e80  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:48:08.0551 0x2e80  AmdK8 - ok
18:48:08.0554 0x2e80  amdkmdag - ok
18:48:08.0602 0x2e80  [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:48:08.0651 0x2e80  amdkmdap - ok
18:48:08.0654 0x2e80  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:48:08.0680 0x2e80  AmdPPM - ok
18:48:08.0707 0x2e80  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:48:08.0724 0x2e80  amdsata - ok
18:48:08.0745 0x2e80  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:48:08.0765 0x2e80  amdsbs - ok
18:48:08.0777 0x2e80  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:48:08.0791 0x2e80  amdxata - ok
18:48:08.0815 0x2e80  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
18:48:08.0852 0x2e80  AppID - ok
18:48:08.0875 0x2e80  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:48:08.0901 0x2e80  AppIDSvc - ok
18:48:08.0934 0x2e80  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:48:08.0952 0x2e80  Appinfo - ok
18:48:09.0050 0x2e80  [ 3B3774C868868257533EC7E715BB6D53, 4AF1DADCEDBD80BE6EDEC696DF59E65B51D31E33F4C84413CA03C7BD959FF4E5 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:48:09.0069 0x2e80  Apple Mobile Device Service - ok
18:48:09.0112 0x2e80  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:48:09.0149 0x2e80  AppMgmt - ok
18:48:09.0158 0x2e80  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:48:09.0178 0x2e80  arc - ok
18:48:09.0197 0x2e80  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:48:09.0218 0x2e80  arcsas - ok
18:48:09.0416 0x2e80  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:48:09.0437 0x2e80  aspnet_state - ok
18:48:09.0528 0x2e80  [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
18:48:09.0558 0x2e80  aswHwid - ok
18:48:09.0599 0x2e80  [ AECE9E699CAC76DC993BB988652B5AD8, 76DB04A9CA1D2EED9EB50F9D23197B02E9D42D96BF1C239C9EE5FA9CCA36F85A ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
18:48:09.0623 0x2e80  aswKbd - ok
18:48:09.0666 0x2e80  [ 1459AAD5C6A66A458C2D57EE6E080FA5, 6A3D6EBCE1EDCFE307DF915CB0C3183668848BCEAA71EA58AB0F4F650F8EABDA ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:48:09.0683 0x2e80  aswMonFlt - ok
18:48:09.0730 0x2e80  [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
18:48:09.0747 0x2e80  aswRdr - ok
18:48:09.0806 0x2e80  [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:48:09.0834 0x2e80  aswRvrt - ok
18:48:09.0917 0x2e80  [ 719B704109B933D819093CDDB156A7F1, 3FF75BFA8BBE5C4A817C8166BAD73B1E3C5609D6A1F0AE85B166E30DE61EB901 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:48:09.0962 0x2e80  aswSnx - ok
18:48:10.0061 0x2e80  [ 43F46E7D103F46EC345B1056BDD2A60B, 6F8D844F3EBFDC56A319758C88B2C87FBDE185E5B1E08F8627F29158F190DBFF ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:48:10.0104 0x2e80  aswSP - ok
18:48:10.0143 0x2e80  [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
18:48:10.0155 0x2e80  aswStm - ok
18:48:10.0220 0x2e80  [ 9949BBD5BB70C4D317B7549896132579, DD92AAD8530C04365C24BD540C909FBDCFC92B18CB6ABB0E655F360EBC4DCD1E ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:48:10.0256 0x2e80  aswVmm - ok
18:48:10.0272 0x2e80  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:48:10.0314 0x2e80  AsyncMac - ok
18:48:10.0342 0x2e80  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:48:10.0356 0x2e80  atapi - ok
18:48:10.0392 0x2e80  [ F270AFC3848C54C67E3BFB892CE9B9C6, BF5F087D2677E8D75DB34335B54496A3C3AFBCE5A019C52B9EB2B1D19A0803B1 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:48:10.0433 0x2e80  AtiHDAudioService - ok
18:48:10.0468 0x2e80  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:48:10.0523 0x2e80  AudioEndpointBuilder - ok
18:48:10.0537 0x2e80  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:48:10.0575 0x2e80  AudioSrv - ok
18:48:10.0662 0x2e80  [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:48:10.0688 0x2e80  avast! Antivirus - ok
18:48:10.0707 0x2e80  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:48:10.0755 0x2e80  AxInstSV - ok
18:48:10.0779 0x2e80  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:48:10.0825 0x2e80  b06bdrv - ok
18:48:10.0846 0x2e80  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:48:10.0888 0x2e80  b57nd60a - ok
18:48:10.0940 0x2e80  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:48:10.0969 0x2e80  BDESVC - ok
18:48:10.0980 0x2e80  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:48:11.0013 0x2e80  Beep - ok
18:48:11.0093 0x2e80  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:48:11.0166 0x2e80  BFE - ok
18:48:11.0207 0x2e80  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:48:11.0274 0x2e80  BITS - ok
18:48:11.0300 0x2e80  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:48:11.0322 0x2e80  blbdrive - ok
18:48:11.0420 0x2e80  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:48:11.0439 0x2e80  Bonjour Service - ok
18:48:11.0471 0x2e80  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:48:11.0511 0x2e80  bowser - ok
18:48:11.0526 0x2e80  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:48:11.0553 0x2e80  BrFiltLo - ok
18:48:11.0566 0x2e80  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:48:11.0585 0x2e80  BrFiltUp - ok
18:48:11.0625 0x2e80  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:48:11.0643 0x2e80  Browser - ok
18:48:11.0655 0x2e80  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:48:11.0694 0x2e80  Brserid - ok
18:48:11.0704 0x2e80  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:48:11.0728 0x2e80  BrSerWdm - ok
18:48:11.0734 0x2e80  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:48:11.0757 0x2e80  BrUsbMdm - ok
18:48:11.0759 0x2e80  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:48:11.0782 0x2e80  BrUsbSer - ok
18:48:11.0794 0x2e80  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:48:11.0818 0x2e80  BTHMODEM - ok
18:48:11.0850 0x2e80  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:48:11.0878 0x2e80  bthserv - ok
18:48:11.0891 0x2e80  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:48:11.0936 0x2e80  cdfs - ok
18:48:11.0952 0x2e80  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:48:11.0973 0x2e80  cdrom - ok
18:48:12.0017 0x2e80  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:48:12.0060 0x2e80  CertPropSvc - ok
18:48:12.0070 0x2e80  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:48:12.0092 0x2e80  circlass - ok
18:48:12.0122 0x2e80  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
18:48:12.0150 0x2e80  CLFS - ok
18:48:12.0201 0x2e80  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:12.0218 0x2e80  clr_optimization_v2.0.50727_32 - ok
18:48:12.0230 0x2e80  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:48:12.0240 0x2e80  clr_optimization_v2.0.50727_64 - ok
18:48:12.0337 0x2e80  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:48:12.0358 0x2e80  clr_optimization_v4.0.30319_32 - ok
18:48:12.0395 0x2e80  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:48:12.0415 0x2e80  clr_optimization_v4.0.30319_64 - ok
18:48:12.0437 0x2e80  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:48:12.0476 0x2e80  CmBatt - ok
18:48:12.0497 0x2e80  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:48:12.0524 0x2e80  cmdide - ok
18:48:12.0579 0x2e80  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:48:12.0617 0x2e80  CNG - ok
18:48:12.0631 0x2e80  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:48:12.0646 0x2e80  Compbatt - ok
18:48:12.0665 0x2e80  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:48:12.0707 0x2e80  CompositeBus - ok
18:48:12.0718 0x2e80  COMSysApp - ok
18:48:12.0730 0x2e80  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:48:12.0753 0x2e80  crcdisk - ok
18:48:12.0783 0x2e80  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:48:12.0823 0x2e80  CryptSvc - ok
18:48:12.0857 0x2e80  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
18:48:12.0906 0x2e80  CSC - ok
18:48:12.0931 0x2e80  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
18:48:12.0968 0x2e80  CscService - ok
18:48:13.0081 0x2e80  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:48:13.0111 0x2e80  cvhsvc - ok
18:48:13.0153 0x2e80  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:48:13.0197 0x2e80  DcomLaunch - ok
18:48:13.0216 0x2e80  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:48:13.0258 0x2e80  defragsvc - ok
18:48:13.0277 0x2e80  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:48:13.0319 0x2e80  DfsC - ok
18:48:13.0342 0x2e80  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:48:13.0378 0x2e80  Dhcp - ok
18:48:13.0404 0x2e80  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:48:13.0444 0x2e80  discache - ok
18:48:13.0464 0x2e80  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:48:13.0480 0x2e80  Disk - ok
18:48:13.0503 0x2e80  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
18:48:13.0538 0x2e80  dmvsc - ok
18:48:13.0571 0x2e80  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:48:13.0606 0x2e80  Dnscache - ok
18:48:13.0628 0x2e80  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:48:13.0667 0x2e80  dot3svc - ok
18:48:13.0685 0x2e80  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:48:13.0725 0x2e80  DPS - ok
18:48:13.0757 0x2e80  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:48:13.0806 0x2e80  drmkaud - ok
18:48:13.0862 0x2e80  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:48:13.0907 0x2e80  DXGKrnl - ok
18:48:13.0916 0x2e80  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:48:13.0956 0x2e80  EapHost - ok
18:48:14.0059 0x2e80  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:48:14.0193 0x2e80  ebdrv - ok
18:48:14.0231 0x2e80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
18:48:14.0264 0x2e80  EFS - ok
18:48:14.0323 0x2e80  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:48:14.0366 0x2e80  ehRecvr - ok
18:48:14.0384 0x2e80  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:48:14.0403 0x2e80  ehSched - ok
18:48:14.0441 0x2e80  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:48:14.0471 0x2e80  elxstor - ok
18:48:14.0477 0x2e80  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:48:14.0504 0x2e80  ErrDev - ok
18:48:14.0527 0x2e80  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:48:14.0571 0x2e80  EventSystem - ok
18:48:14.0602 0x2e80  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:48:14.0641 0x2e80  exfat - ok
18:48:14.0660 0x2e80  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:48:14.0703 0x2e80  fastfat - ok
18:48:14.0732 0x2e80  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:48:14.0769 0x2e80  Fax - ok
18:48:14.0778 0x2e80  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:48:14.0805 0x2e80  fdc - ok
18:48:14.0815 0x2e80  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:48:14.0842 0x2e80  fdPHost - ok
18:48:14.0854 0x2e80  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:48:14.0880 0x2e80  FDResPub - ok
18:48:14.0913 0x2e80  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:48:14.0929 0x2e80  FileInfo - ok
18:48:14.0936 0x2e80  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:48:14.0979 0x2e80  Filetrace - ok
18:48:14.0990 0x2e80  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:48:15.0007 0x2e80  flpydisk - ok
18:48:15.0020 0x2e80  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:48:15.0042 0x2e80  FltMgr - ok
18:48:15.0113 0x2e80  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
18:48:15.0178 0x2e80  FontCache - ok
18:48:15.0228 0x2e80  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:48:15.0236 0x2e80  FontCache3.0.0.0 - ok
18:48:15.0257 0x2e80  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:48:15.0273 0x2e80  FsDepends - ok
18:48:15.0311 0x2e80  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:48:15.0325 0x2e80  Fs_Rec - ok
18:48:15.0357 0x2e80  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:48:15.0380 0x2e80  fvevol - ok
18:48:15.0403 0x2e80  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:48:15.0420 0x2e80  gagp30kx - ok
18:48:15.0454 0x2e80  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:48:15.0468 0x2e80  GEARAspiWDM - ok
18:48:15.0510 0x2e80  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:48:15.0553 0x2e80  gpsvc - ok
18:48:15.0571 0x2e80  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:48:15.0600 0x2e80  hcw85cir - ok
18:48:15.0621 0x2e80  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:48:15.0661 0x2e80  HdAudAddService - ok
18:48:15.0689 0x2e80  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:48:15.0723 0x2e80  HDAudBus - ok
18:48:15.0728 0x2e80  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:48:15.0754 0x2e80  HidBatt - ok
18:48:15.0765 0x2e80  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:48:15.0786 0x2e80  HidBth - ok
18:48:15.0793 0x2e80  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:48:15.0812 0x2e80  HidIr - ok
18:48:15.0834 0x2e80  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:48:15.0862 0x2e80  hidserv - ok
18:48:15.0894 0x2e80  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:48:15.0933 0x2e80  HidUsb - ok
18:48:15.0949 0x2e80  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:48:15.0992 0x2e80  hkmsvc - ok
18:48:16.0008 0x2e80  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:48:16.0036 0x2e80  HomeGroupListener - ok
18:48:16.0056 0x2e80  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:48:16.0079 0x2e80  HomeGroupProvider - ok
18:48:16.0107 0x2e80  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:48:16.0124 0x2e80  HpSAMD - ok
18:48:16.0154 0x2e80  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:48:16.0217 0x2e80  HTTP - ok
18:48:16.0227 0x2e80  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:48:16.0241 0x2e80  hwpolicy - ok
18:48:16.0295 0x2e80  [ 4B7423FCC37664954460AC3E71752B62, D334D1C72691C1BF24A4D8133F61AD51B058A080F4501F05F12C673DCFE081F9 ] hxctlflt        C:\Windows\system32\DRIVERS\hxctlflt.sys
18:48:16.0321 0x2e80  hxctlflt - detected UnsignedFile.Multi.Generic ( 1 )
18:48:18.0668 0x2e80  Detect skipped due to KSN trusted
18:48:18.0668 0x2e80  hxctlflt - ok
18:48:18.0695 0x2e80  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:48:18.0721 0x2e80  i8042prt - ok
18:48:18.0745 0x2e80  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:48:18.0775 0x2e80  iaStorV - ok
18:48:18.0829 0x2e80  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:48:18.0855 0x2e80  idsvc - ok
18:48:18.0874 0x2e80  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:48:18.0890 0x2e80  iirsp - ok
18:48:18.0943 0x2e80  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:48:18.0989 0x2e80  IKEEXT - ok
18:48:19.0378 0x2e80  [ 059DDDEDBE5701DC3B779D32798108AC, 4735C52D5F7A7AC07985835C17955C96418BB3C3316264CF6A44F6150E10755B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:48:19.0505 0x2e80  IntcAzAudAddService - ok
18:48:19.0545 0x2e80  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:48:19.0563 0x2e80  Intel(R) Capability Licensing Service Interface - ok
18:48:19.0612 0x2e80  [ 16DF912A1C88B7AE46E907661F31AA77, 60E2B8592560E14649F91E96F1CDBFF5870DDD20D8CF595DB9D6D0AB6C316CF0 ] Intel(R) Small Business Advantage C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
18:48:19.0620 0x2e80  Intel(R) Small Business Advantage - ok
18:48:19.0645 0x2e80  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:48:19.0660 0x2e80  intelide - ok
18:48:19.0679 0x2e80  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:48:19.0703 0x2e80  intelppm - ok
18:48:19.0728 0x2e80  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:48:19.0764 0x2e80  IPBusEnum - ok
18:48:19.0778 0x2e80  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:48:19.0811 0x2e80  IpFilterDriver - ok
18:48:19.0870 0x2e80  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:48:19.0919 0x2e80  iphlpsvc - ok
18:48:19.0943 0x2e80  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:48:19.0970 0x2e80  IPMIDRV - ok
18:48:19.0978 0x2e80  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:48:20.0022 0x2e80  IPNAT - ok
18:48:20.0078 0x2e80  [ F96B9EDC032E61EB87652896E92ED526, F9E3CD2FA2D963C56034A4F606869467FDC6647B916CF457249270E6C337A8A5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:48:20.0101 0x2e80  iPod Service - ok
18:48:20.0121 0x2e80  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:48:20.0151 0x2e80  IRENUM - ok
18:48:20.0155 0x2e80  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:48:20.0171 0x2e80  isapnp - ok
18:48:20.0191 0x2e80  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:48:20.0214 0x2e80  iScsiPrt - ok
18:48:20.0232 0x2e80  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
18:48:20.0245 0x2e80  iusb3hcs - ok
18:48:20.0260 0x2e80  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
18:48:20.0283 0x2e80  iusb3hub - ok
18:48:20.0312 0x2e80  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
18:48:20.0347 0x2e80  iusb3xhc - ok
18:48:20.0385 0x2e80  [ 0043D9FB61C35F90886B1E93DD556FAF, B17B993928281252A75997939F2E45E98E7FB9D22941CC76E332AFF8706EDEC9 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:48:20.0395 0x2e80  jhi_service - ok
18:48:20.0425 0x2e80  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:48:20.0440 0x2e80  kbdclass - ok
18:48:20.0463 0x2e80  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:48:20.0487 0x2e80  kbdhid - ok
18:48:20.0499 0x2e80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
18:48:20.0510 0x2e80  KeyIso - ok
18:48:20.0537 0x2e80  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:48:20.0568 0x2e80  KSecDD - ok
18:48:20.0583 0x2e80  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:48:20.0606 0x2e80  KSecPkg - ok
18:48:20.0619 0x2e80  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:48:20.0663 0x2e80  ksthunk - ok
18:48:20.0692 0x2e80  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:48:20.0735 0x2e80  KtmRm - ok
18:48:20.0764 0x2e80  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:48:20.0802 0x2e80  LanmanServer - ok
18:48:20.0822 0x2e80  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:48:20.0857 0x2e80  LanmanWorkstation - ok
18:48:20.0877 0x2e80  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:48:20.0915 0x2e80  lltdio - ok
18:48:20.0947 0x2e80  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:48:20.0990 0x2e80  lltdsvc - ok
18:48:21.0012 0x2e80  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:48:21.0046 0x2e80  lmhosts - ok
18:48:21.0070 0x2e80  [ 2FB262276D1C689C6886B1C0710342FA, 99129F79FB17B7224CF7C8324A12D464D2611BF6B4467A3697B8E3AFE8A95052 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:48:21.0082 0x2e80  LMS - ok
18:48:21.0111 0x2e80  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:48:21.0128 0x2e80  LSI_FC - ok
18:48:21.0142 0x2e80  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:48:21.0160 0x2e80  LSI_SAS - ok
18:48:21.0172 0x2e80  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:48:21.0189 0x2e80  LSI_SAS2 - ok
18:48:21.0206 0x2e80  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:48:21.0224 0x2e80  LSI_SCSI - ok
18:48:21.0239 0x2e80  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:48:21.0280 0x2e80  luafv - ok
18:48:21.0302 0x2e80  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:48:21.0323 0x2e80  Mcx2Svc - ok
18:48:21.0334 0x2e80  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:48:21.0349 0x2e80  megasas - ok
18:48:21.0367 0x2e80  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:48:21.0389 0x2e80  MegaSR - ok
18:48:21.0414 0x2e80  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:48:21.0429 0x2e80  MEIx64 - ok
18:48:21.0448 0x2e80  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:48:21.0487 0x2e80  MMCSS - ok
18:48:21.0498 0x2e80  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:48:21.0535 0x2e80  Modem - ok
18:48:21.0549 0x2e80  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:48:21.0580 0x2e80  monitor - ok
18:48:21.0604 0x2e80  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
18:48:21.0634 0x2e80  MotioninJoyXFilter - detected UnsignedFile.Multi.Generic ( 1 )
18:48:23.0963 0x2e80  Detect skipped due to KSN trusted
18:48:23.0963 0x2e80  MotioninJoyXFilter - ok
18:48:23.0986 0x2e80  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:48:24.0001 0x2e80  mouclass - ok
18:48:24.0015 0x2e80  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:48:24.0039 0x2e80  mouhid - ok
18:48:24.0059 0x2e80  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:48:24.0077 0x2e80  mountmgr - ok
18:48:24.0093 0x2e80  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:48:24.0112 0x2e80  mpio - ok
18:48:24.0123 0x2e80  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:48:24.0158 0x2e80  mpsdrv - ok
18:48:24.0193 0x2e80  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:48:24.0237 0x2e80  MpsSvc - ok
18:48:24.0263 0x2e80  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:48:24.0305 0x2e80  MRxDAV - ok
18:48:24.0330 0x2e80  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:48:24.0365 0x2e80  mrxsmb - ok
18:48:24.0381 0x2e80  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:48:24.0407 0x2e80  mrxsmb10 - ok
18:48:24.0453 0x2e80  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:48:24.0473 0x2e80  mrxsmb20 - ok
18:48:24.0508 0x2e80  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:48:24.0524 0x2e80  msahci - ok
18:48:24.0542 0x2e80  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:48:24.0562 0x2e80  msdsm - ok
18:48:24.0572 0x2e80  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:48:24.0596 0x2e80  MSDTC - ok
18:48:24.0609 0x2e80  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:48:24.0650 0x2e80  Msfs - ok
18:48:24.0665 0x2e80  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:48:24.0710 0x2e80  mshidkmdf - ok
18:48:24.0718 0x2e80  MSICDSetup - ok
18:48:24.0727 0x2e80  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:48:24.0742 0x2e80  msisadrv - ok
18:48:24.0765 0x2e80  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:48:24.0801 0x2e80  MSiSCSI - ok
18:48:24.0803 0x2e80  msiserver - ok
18:48:24.0820 0x2e80  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:48:24.0863 0x2e80  MSKSSRV - ok
18:48:24.0865 0x2e80  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:48:24.0908 0x2e80  MSPCLOCK - ok
18:48:24.0919 0x2e80  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:48:24.0955 0x2e80  MSPQM - ok
18:48:24.0970 0x2e80  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:48:24.0994 0x2e80  MsRPC - ok
18:48:25.0006 0x2e80  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:48:25.0022 0x2e80  mssmbios - ok
18:48:25.0035 0x2e80  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:48:25.0078 0x2e80  MSTEE - ok
18:48:25.0087 0x2e80  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:48:25.0105 0x2e80  MTConfig - ok
18:48:25.0121 0x2e80  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:48:25.0137 0x2e80  Mup - ok
18:48:25.0162 0x2e80  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:48:25.0207 0x2e80  napagent - ok
18:48:25.0230 0x2e80  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:48:25.0264 0x2e80  NativeWifiP - ok
18:48:25.0320 0x2e80  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:48:25.0362 0x2e80  NDIS - ok
18:48:25.0372 0x2e80  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:48:25.0405 0x2e80  NdisCap - ok
18:48:25.0421 0x2e80  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:48:25.0454 0x2e80  NdisTapi - ok
18:48:25.0467 0x2e80  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:48:25.0503 0x2e80  Ndisuio - ok
18:48:25.0521 0x2e80  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:48:25.0563 0x2e80  NdisWan - ok
18:48:25.0573 0x2e80  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:48:25.0610 0x2e80  NDProxy - ok
18:48:25.0628 0x2e80  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:48:25.0668 0x2e80  NetBIOS - ok
18:48:25.0699 0x2e80  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:48:25.0739 0x2e80  NetBT - ok
18:48:25.0752 0x2e80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
18:48:25.0762 0x2e80  Netlogon - ok
18:48:25.0790 0x2e80  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:48:25.0826 0x2e80  Netman - ok
18:48:25.0885 0x2e80  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:25.0898 0x2e80  NetMsmqActivator - ok
18:48:25.0903 0x2e80  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:25.0915 0x2e80  NetPipeActivator - ok
18:48:25.0942 0x2e80  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:48:25.0989 0x2e80  netprofm - ok
18:48:25.0994 0x2e80  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:26.0006 0x2e80  NetTcpActivator - ok
18:48:26.0010 0x2e80  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:26.0021 0x2e80  NetTcpPortSharing - ok
18:48:26.0042 0x2e80  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:48:26.0057 0x2e80  nfrd960 - ok
18:48:26.0092 0x2e80  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:48:26.0120 0x2e80  NlaSvc - ok
18:48:26.0131 0x2e80  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:48:26.0164 0x2e80  Npfs - ok
18:48:26.0184 0x2e80  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:48:26.0212 0x2e80  nsi - ok
18:48:26.0224 0x2e80  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:48:26.0267 0x2e80  nsiproxy - ok
18:48:26.0324 0x2e80  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:48:26.0400 0x2e80  Ntfs - ok
18:48:26.0402 0x2e80  NTIOLib_1_0_C - ok
18:48:26.0413 0x2e80  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:48:26.0451 0x2e80  Null - ok
18:48:26.0472 0x2e80  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:48:26.0491 0x2e80  nvraid - ok
18:48:26.0501 0x2e80  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:48:26.0520 0x2e80  nvstor - ok
18:48:26.0539 0x2e80  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:48:26.0557 0x2e80  nv_agp - ok
18:48:26.0569 0x2e80  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:48:26.0600 0x2e80  ohci1394 - ok
18:48:26.0701 0x2e80  [ 7D006FC340B301A1DEAFB5878C078A12, 245A4647DEB2CD5D0C3FF07B45D50D6EE039733000C7F7FEC0A1B58162594B9D ] Origin Client Service D:\Origin\OriginClientService.exe
18:48:26.0766 0x2e80  Origin Client Service - ok
18:48:26.0822 0x2e80  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:48:26.0832 0x2e80  ose - ok
18:48:26.0980 0x2e80  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:48:27.0127 0x2e80  osppsvc - ok
18:48:27.0155 0x2e80  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:48:27.0196 0x2e80  p2pimsvc - ok
18:48:27.0213 0x2e80  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:48:27.0234 0x2e80  p2psvc - ok
18:48:27.0284 0x2e80  [ B87EFC9994F53124622FA2A0CAA6D828, A0F761A6BE9B44CE0E87B270DC2745C092226B1431B6C360FCFF9D299E0E6B63 ] PAC7302         C:\Windows\system32\DRIVERS\PAC7302.SYS
18:48:27.0312 0x2e80  PAC7302 - detected UnsignedFile.Multi.Generic ( 1 )
18:48:29.0642 0x2e80  Detect skipped due to KSN trusted
18:48:29.0642 0x2e80  PAC7302 - ok
18:48:29.0670 0x2e80  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:48:29.0697 0x2e80  Parport - ok
18:48:29.0731 0x2e80  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:48:29.0748 0x2e80  partmgr - ok
18:48:29.0771 0x2e80  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:48:29.0803 0x2e80  PcaSvc - ok
18:48:29.0828 0x2e80  pccsmcfd - ok
18:48:29.0845 0x2e80  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:48:29.0867 0x2e80  pci - ok
18:48:29.0895 0x2e80  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:48:29.0911 0x2e80  pciide - ok
18:48:29.0930 0x2e80  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:48:29.0953 0x2e80  pcmcia - ok
18:48:29.0965 0x2e80  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:48:29.0983 0x2e80  pcw - ok
18:48:30.0006 0x2e80  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:48:30.0062 0x2e80  PEAUTH - ok
18:48:30.0110 0x2e80  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:48:30.0185 0x2e80  PeerDistSvc - ok
18:48:30.0236 0x2e80  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:48:30.0260 0x2e80  PerfHost - ok
18:48:30.0311 0x2e80  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:48:30.0394 0x2e80  pla - ok
18:48:30.0428 0x2e80  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:48:30.0467 0x2e80  PlugPlay - ok
18:48:30.0475 0x2e80  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:48:30.0496 0x2e80  PNRPAutoReg - ok
18:48:30.0511 0x2e80  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:48:30.0529 0x2e80  PNRPsvc - ok
18:48:30.0559 0x2e80  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:48:30.0604 0x2e80  PolicyAgent - ok
18:48:30.0631 0x2e80  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:48:30.0669 0x2e80  Power - ok
18:48:30.0695 0x2e80  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:48:30.0736 0x2e80  PptpMiniport - ok
18:48:30.0752 0x2e80  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:48:30.0782 0x2e80  Processor - ok
18:48:30.0813 0x2e80  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:48:30.0846 0x2e80  ProfSvc - ok
18:48:30.0855 0x2e80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:48:30.0868 0x2e80  ProtectedStorage - ok
18:48:30.0879 0x2e80  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:48:30.0927 0x2e80  Psched - ok
18:48:30.0982 0x2e80  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:48:31.0058 0x2e80  ql2300 - ok
18:48:31.0069 0x2e80  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:48:31.0090 0x2e80  ql40xx - ok
18:48:31.0110 0x2e80  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:48:31.0133 0x2e80  QWAVE - ok
18:48:31.0144 0x2e80  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:48:31.0176 0x2e80  QWAVEdrv - ok
18:48:31.0189 0x2e80  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:48:31.0225 0x2e80  RasAcd - ok
18:48:31.0247 0x2e80  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:48:31.0285 0x2e80  RasAgileVpn - ok
18:48:31.0298 0x2e80  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:48:31.0340 0x2e80  RasAuto - ok
18:48:31.0355 0x2e80  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:48:31.0403 0x2e80  Rasl2tp - ok
18:48:31.0418 0x2e80  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:48:31.0455 0x2e80  RasMan - ok
18:48:31.0465 0x2e80  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:48:31.0507 0x2e80  RasPppoe - ok
18:48:31.0521 0x2e80  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:48:31.0568 0x2e80  RasSstp - ok
18:48:31.0585 0x2e80  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:48:31.0629 0x2e80  rdbss - ok
18:48:31.0643 0x2e80  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:48:31.0665 0x2e80  rdpbus - ok
18:48:31.0686 0x2e80  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:48:31.0719 0x2e80  RDPCDD - ok
18:48:31.0734 0x2e80  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:48:31.0769 0x2e80  RDPDR - ok
18:48:31.0775 0x2e80  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:48:31.0814 0x2e80  RDPENCDD - ok
18:48:31.0825 0x2e80  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:48:31.0868 0x2e80  RDPREFMP - ok
18:48:31.0902 0x2e80  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:48:31.0942 0x2e80  RDPWD - ok
18:48:31.0968 0x2e80  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:48:31.0991 0x2e80  rdyboost - ok
18:48:32.0013 0x2e80  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:48:32.0046 0x2e80  RemoteAccess - ok
18:48:32.0057 0x2e80  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:48:32.0095 0x2e80  RemoteRegistry - ok
18:48:32.0110 0x2e80  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:48:32.0141 0x2e80  RpcEptMapper - ok
18:48:32.0156 0x2e80  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:48:32.0168 0x2e80  RpcLocator - ok
18:48:32.0191 0x2e80  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:48:32.0231 0x2e80  RpcSs - ok
18:48:32.0251 0x2e80  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:48:32.0295 0x2e80  rspndr - ok
18:48:32.0334 0x2e80  [ 6CF9DB101A75360E98659F823852E540, A7D48DF41A831EEF9978B51786EF80DB9CC40602BE66D46CA11BE1548BC2D10C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:48:32.0366 0x2e80  RTL8167 - ok
18:48:32.0384 0x2e80  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:48:32.0406 0x2e80  s3cap - ok
18:48:32.0420 0x2e80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
18:48:32.0432 0x2e80  SamSs - ok
18:48:32.0446 0x2e80  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:48:32.0464 0x2e80  sbp2port - ok
18:48:32.0486 0x2e80  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:48:32.0518 0x2e80  SCardSvr - ok
18:48:32.0538 0x2e80  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:48:32.0578 0x2e80  scfilter - ok
18:48:32.0615 0x2e80  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:48:32.0688 0x2e80  Schedule - ok
18:48:32.0711 0x2e80  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:48:32.0738 0x2e80  SCPolicySvc - ok
18:48:32.0752 0x2e80  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:48:32.0779 0x2e80  SDRSVC - ok
18:48:32.0803 0x2e80  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:48:32.0847 0x2e80  secdrv - ok
18:48:32.0855 0x2e80  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:48:32.0883 0x2e80  seclogon - ok
18:48:32.0891 0x2e80  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:48:32.0930 0x2e80  SENS - ok
18:48:32.0944 0x2e80  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:48:32.0978 0x2e80  SensrSvc - ok
18:48:33.0001 0x2e80  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:48:33.0024 0x2e80  Serenum - ok
18:48:33.0042 0x2e80  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:48:33.0074 0x2e80  Serial - ok
18:48:33.0094 0x2e80  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:48:33.0121 0x2e80  sermouse - ok
18:48:33.0145 0x2e80  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:48:33.0188 0x2e80  SessionEnv - ok
18:48:33.0193 0x2e80  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:48:33.0214 0x2e80  sffdisk - ok
18:48:33.0226 0x2e80  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:48:33.0247 0x2e80  sffp_mmc - ok
18:48:33.0261 0x2e80  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:48:33.0292 0x2e80  sffp_sd - ok
18:48:33.0299 0x2e80  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:48:33.0318 0x2e80  sfloppy - ok
18:48:33.0372 0x2e80  [ C223B55F2F8519FAC4F5739371903368, EA9EAF4FF9AD73810919679F9C69F0349F3A51454CD730D44253789937612C2B ] Sftfs           C:\Windows\system32\DRIVERS\Sftfswin7.sys
18:48:33.0409 0x2e80  Sftfs - ok
18:48:33.0485 0x2e80  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:48:33.0505 0x2e80  sftlist - ok
18:48:33.0521 0x2e80  [ 1E8506E53926342D579843AB32DB0432, 38F66AC035CCB5495C5329BC99D3CED57FCDC83607C3340CDB7F2DE17FCF3931 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaywin7.sys
18:48:33.0544 0x2e80  Sftplay - ok
18:48:33.0552 0x2e80  [ 1CCD26CB834F7FF81C135CE6D9C10867, ACCB8E7DE2A0CFEA88B88B7E232CAB9C5A90DDBBC476DE939E98162CE81C5F62 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirwin7.sys
18:48:33.0568 0x2e80  Sftredir - ok
18:48:33.0573 0x2e80  [ 58CE0B3F38F8B95CCDEC056ABE1A8F66, 4D922BF417AFBDBF676A8863AC00DCEED780FAE52716B073E45526C6E90D23F8 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvolwin7.sys
18:48:33.0588 0x2e80  Sftvol - ok
18:48:33.0623 0x2e80  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:48:33.0636 0x2e80  sftvsa - ok
18:48:33.0662 0x2e80  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:48:33.0702 0x2e80  SharedAccess - ok
18:48:33.0728 0x2e80  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:48:33.0765 0x2e80  ShellHWDetection - ok
18:48:33.0793 0x2e80  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:48:33.0809 0x2e80  SiSRaid2 - ok
18:48:33.0818 0x2e80  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:48:33.0835 0x2e80  SiSRaid4 - ok
18:48:33.0885 0x2e80  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     D:\Skype\Updater\Updater.exe
18:48:33.0901 0x2e80  SkypeUpdate - ok
18:48:33.0925 0x2e80  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:48:33.0966 0x2e80  Smb - ok
18:48:33.0986 0x2e80  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:48:34.0000 0x2e80  SNMPTRAP - ok
18:48:34.0008 0x2e80  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:48:34.0024 0x2e80  spldr - ok
18:48:34.0064 0x2e80  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:48:34.0099 0x2e80  Spooler - ok
18:48:34.0189 0x2e80  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:48:34.0337 0x2e80  sppsvc - ok
18:48:34.0356 0x2e80  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:48:34.0385 0x2e80  sppuinotify - ok
18:48:34.0457 0x2e80  [ A15860E920B02C9A7CE8F3A6C2FF1E3A, EC88ACD75D1423553C66E6706AD640A4BECD09E436172058FE137B0D7D339FB7 ] sptd            C:\Windows\System32\Drivers\sptd.sys
18:48:34.0486 0x2e80  sptd - ok
18:48:34.0525 0x2e80  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:48:34.0573 0x2e80  srv - ok
18:48:34.0595 0x2e80  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:48:34.0637 0x2e80  srv2 - ok
18:48:34.0655 0x2e80  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:48:34.0677 0x2e80  srvnet - ok
18:48:34.0702 0x2e80  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:48:34.0734 0x2e80  SSDPSRV - ok
18:48:34.0740 0x2e80  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:48:34.0770 0x2e80  SstpSvc - ok
18:48:34.0821 0x2e80  [ EF806D212D34B0E173BAEB3564D53E37, 6EF229A7B7AFF0268CDF47B77F961BD44335C3B35499BB00CBA494A22B2BA39E ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
18:48:34.0839 0x2e80  ss_bbus - ok
18:48:34.0861 0x2e80  [ 08B1B34ABEBEB6AC2DEA06900C56411E, 928EF9B9F194DB07049BA2D7127756B021C2729F562E54F7FECD0F2B2FF5A209 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:48:34.0875 0x2e80  ss_bmdfl - ok
18:48:34.0889 0x2e80  [ 71A9DA6BEAA4CB54DFB827FB78600A5D, 6393CA17CF6A6F30447FF599B2D27CAB44BA1A709D986AC5E14463303094BE5F ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:48:34.0907 0x2e80  ss_bmdm - ok
18:48:34.0911 0x2e80  StarOpen - ok
18:48:34.0953 0x2e80  [ BE826A247D22F2FDF24B92AD40049F89, 06996ECCE5A694DEFDC99DB56F45DD0ABD9A2150581F1FD132FBBD863C474DE3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:48:34.0978 0x2e80  Steam Client Service - ok
18:48:34.0998 0x2e80  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:48:35.0014 0x2e80  stexstor - ok
18:48:35.0047 0x2e80  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:48:35.0088 0x2e80  stisvc - ok
18:48:35.0105 0x2e80  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:48:35.0121 0x2e80  storflt - ok
18:48:35.0132 0x2e80  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
18:48:35.0165 0x2e80  StorSvc - ok
18:48:35.0171 0x2e80  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:48:35.0188 0x2e80  storvsc - ok
18:48:35.0196 0x2e80  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:48:35.0210 0x2e80  swenum - ok
18:48:35.0236 0x2e80  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:48:35.0276 0x2e80  swprv - ok
18:48:35.0323 0x2e80  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:48:35.0411 0x2e80  SysMain - ok
18:48:35.0512 0x2e80  [ D7E795032847A6E6E9FBC5E296AE0838, E8554342A41CFDCC08730A95569F289649432EDD7A2A888DBDD0DABEE49C9165 ] SystemStore     C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
18:48:35.0521 0x2e80  SystemStore - detected UnsignedFile.Multi.Generic ( 1 )
18:48:37.0849 0x2e80  Detect skipped due to KSN trusted
18:48:37.0849 0x2e80  SystemStore - ok
18:48:37.0876 0x2e80  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:48:37.0895 0x2e80  TabletInputService - ok
18:48:37.0921 0x2e80  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
18:48:37.0936 0x2e80  tap0901 - ok
18:48:37.0959 0x2e80  [ F33FDC72298DF4BF9813A55D21F4EB31, 34AADF5115CA1B275FEF4238B420FE424F0E1D0FFD1606B24A0D594D7305CF1F ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
18:48:37.0977 0x2e80  taphss - ok
18:48:38.0018 0x2e80  [ B7D10C680D4C9D2224525B10E64DE6F1, 036263FEA76478B35099C2EF854B4AB8785EA40C3053FC7B2533ADC907E5A324 ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
18:48:38.0032 0x2e80  taphss6 - ok
18:48:38.0049 0x2e80  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:48:38.0095 0x2e80  TapiSrv - ok
18:48:38.0135 0x2e80  [ E91BCBD521606E60C2807813D8EAC579, 9B9329535AF753E5922BD53DEF08E5E99C51927923C7DF87112A0E293DE47FAC ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
18:48:38.0150 0x2e80  tbhsd - ok
18:48:38.0161 0x2e80  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:48:38.0190 0x2e80  TBS - ok
18:48:38.0252 0x2e80  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:48:38.0340 0x2e80  Tcpip - ok
18:48:38.0402 0x2e80  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:48:38.0475 0x2e80  TCPIP6 - ok
18:48:38.0491 0x2e80  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:48:38.0508 0x2e80  tcpipreg - ok
18:48:38.0525 0x2e80  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:48:38.0552 0x2e80  TDPIPE - ok
18:48:38.0566 0x2e80  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:48:38.0594 0x2e80  TDTCP - ok
18:48:38.0608 0x2e80  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:48:38.0643 0x2e80  tdx - ok
18:48:38.0663 0x2e80  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:48:38.0679 0x2e80  TermDD - ok
18:48:38.0710 0x2e80  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
18:48:38.0763 0x2e80  TermService - ok
18:48:38.0798 0x2e80  [ 48D9D00C2E0E72C3D4F52772C80355F6, 86F281C7F5FA2FCF1A36C69DD6561531E48483CACB8A873B955F7E93D9A1D259 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
18:48:38.0812 0x2e80  TFsExDisk - ok
18:48:38.0825 0x2e80  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:48:38.0842 0x2e80  Themes - ok
18:48:38.0862 0x2e80  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:48:38.0891 0x2e80  THREADORDER - ok
18:48:38.0896 0x2e80  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:48:38.0931 0x2e80  TrkWks - ok
18:48:38.0972 0x2e80  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:48:39.0001 0x2e80  TrustedInstaller - ok
18:48:39.0027 0x2e80  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:48:39.0053 0x2e80  tssecsrv - ok
18:48:39.0080 0x2e80  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:48:39.0109 0x2e80  TsUsbFlt - ok
18:48:39.0118 0x2e80  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:48:39.0144 0x2e80  TsUsbGD - ok
18:48:39.0160 0x2e80  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:48:39.0210 0x2e80  tunnel - ok
18:48:39.0213 0x2e80  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:48:39.0229 0x2e80  uagp35 - ok
18:48:39.0244 0x2e80  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:48:39.0294 0x2e80  udfs - ok
18:48:39.0317 0x2e80  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:48:39.0332 0x2e80  UI0Detect - ok
18:48:39.0347 0x2e80  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:48:39.0363 0x2e80  uliagpkx - ok
18:48:39.0379 0x2e80  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:48:39.0403 0x2e80  umbus - ok
18:48:39.0424 0x2e80  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:48:39.0444 0x2e80  UmPass - ok
18:48:39.0460 0x2e80  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:48:39.0487 0x2e80  UmRdpService - ok
18:48:39.0522 0x2e80  [ CABEC311CEA77EAEA3DC04A1ADFC0459, EC857EB3E22941E8915709B2E2CFB7BB662004121EC7DBE495FC40597BF194CB ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:48:39.0536 0x2e80  UNS - ok
18:48:39.0564 0x2e80  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:48:39.0611 0x2e80  upnphost - ok
18:48:39.0647 0x2e80  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:48:39.0677 0x2e80  USBAAPL64 - ok
18:48:39.0716 0x2e80  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:48:39.0759 0x2e80  usbaudio - ok
18:48:39.0806 0x2e80  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:48:39.0836 0x2e80  usbccgp - ok
18:48:39.0861 0x2e80  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:48:39.0899 0x2e80  usbcir - ok
18:48:39.0911 0x2e80  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:48:39.0942 0x2e80  usbehci - ok
18:48:39.0970 0x2e80  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:48:40.0002 0x2e80  usbhub - ok
18:48:40.0016 0x2e80  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:48:40.0033 0x2e80  usbohci - ok
18:48:40.0064 0x2e80  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:48:40.0092 0x2e80  usbprint - ok
18:48:40.0129 0x2e80  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:48:40.0156 0x2e80  usbscan - ok
18:48:40.0191 0x2e80  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:48:40.0234 0x2e80  USBSTOR - ok
18:48:40.0276 0x2e80  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:48:40.0305 0x2e80  usbuhci - ok
18:48:40.0324 0x2e80  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:48:40.0362 0x2e80  UxSms - ok
18:48:40.0369 0x2e80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
18:48:40.0381 0x2e80  VaultSvc - ok
18:48:40.0413 0x2e80  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:48:40.0429 0x2e80  vdrvroot - ok
18:48:40.0446 0x2e80  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:48:40.0496 0x2e80  vds - ok
18:48:40.0502 0x2e80  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:48:40.0521 0x2e80  vga - ok
18:48:40.0534 0x2e80  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:48:40.0576 0x2e80  VgaSave - ok
18:48:40.0592 0x2e80  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:48:40.0614 0x2e80  vhdmp - ok
18:48:40.0635 0x2e80  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:48:40.0651 0x2e80  viaide - ok
18:48:40.0675 0x2e80  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:48:40.0713 0x2e80  vmbus - ok
18:48:40.0723 0x2e80  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:48:40.0749 0x2e80  VMBusHID - ok
18:48:40.0771 0x2e80  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:48:40.0788 0x2e80  volmgr - ok
18:48:40.0801 0x2e80  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:48:40.0827 0x2e80  volmgrx - ok
18:48:40.0839 0x2e80  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:48:40.0864 0x2e80  volsnap - ok
18:48:40.0894 0x2e80  [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61, 1EAA4D8D35008E4D5C4AEA91C3ABD3D5BB5F8DF2D95D35792B3F3BB31EABB7CF ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
18:48:40.0917 0x2e80  vpcbus - ok
18:48:40.0955 0x2e80  [ 8ACDA395841538CE9713A67FE8B2A3EB, D74D6AF8059C1CD59A5DDB03095BC46FF7808DA358FB64D71B53940DEE6356D9 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:48:40.0971 0x2e80  vpcnfltr - ok
18:48:40.0986 0x2e80  [ 31924E31BC315773E6D149B157DB46D5, 8E2A8785D2D7327F9DE046E6245F233280395AA42D5BAD1048021109628840C2 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
18:48:41.0012 0x2e80  vpcusb - ok
18:48:41.0050 0x2e80  [ C5B651E52540E6F46DA66574C74B4898, 4292E1D574FB0AF1D61F17F88D82A1A77738A3F7ECECB49FF20997FEC99078B2 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
18:48:41.0075 0x2e80  vpcvmm - ok
18:48:41.0148 0x2e80  [ F3EC4EC08EC0C3F7023F0C662107CA7B, FC043142B4634E2AEA258690317B9892E8E1FDDF443846D6A2E4F4BDF2AD0056 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
18:48:41.0168 0x2e80  vpnagent - ok
18:48:41.0211 0x2e80  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\Windows\system32\DRIVERS\vpnva64-6.sys
18:48:41.0227 0x2e80  vpnva - ok
18:48:41.0250 0x2e80  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:48:41.0270 0x2e80  vsmraid - ok
18:48:41.0323 0x2e80  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:48:41.0406 0x2e80  VSS - ok
18:48:41.0435 0x2e80  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:48:41.0461 0x2e80  vwifibus - ok
18:48:41.0488 0x2e80  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:48:41.0526 0x2e80  W32Time - ok
18:48:41.0554 0x2e80  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:48:41.0585 0x2e80  WacomPen - ok
18:48:41.0625 0x2e80  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:48:41.0662 0x2e80  WANARP - ok
18:48:41.0665 0x2e80  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:48:41.0698 0x2e80  Wanarpv6 - ok
18:48:41.0786 0x2e80  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:48:41.0832 0x2e80  WatAdminSvc - ok
18:48:41.0891 0x2e80  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:48:41.0970 0x2e80  wbengine - ok
18:48:41.0990 0x2e80  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:48:42.0010 0x2e80  WbioSrvc - ok
18:48:42.0028 0x2e80  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:48:42.0059 0x2e80  wcncsvc - ok
18:48:42.0071 0x2e80  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:48:42.0104 0x2e80  WcsPlugInService - ok
18:48:42.0124 0x2e80  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:48:42.0141 0x2e80  Wd - ok
18:48:42.0191 0x2e80  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:48:42.0231 0x2e80  Wdf01000 - ok
18:48:42.0244 0x2e80  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:48:42.0307 0x2e80  WdiServiceHost - ok
18:48:42.0311 0x2e80  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:48:42.0328 0x2e80  WdiSystemHost - ok
18:48:42.0350 0x2e80  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:48:42.0377 0x2e80  WebClient - ok
18:48:42.0396 0x2e80  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:48:42.0437 0x2e80  Wecsvc - ok
18:48:42.0453 0x2e80  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:48:42.0483 0x2e80  wercplsupport - ok
18:48:42.0497 0x2e80  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:48:42.0529 0x2e80  WerSvc - ok
18:48:42.0562 0x2e80  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:48:42.0598 0x2e80  WfpLwf - ok
18:48:42.0614 0x2e80  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:48:42.0629 0x2e80  WIMMount - ok
18:48:42.0654 0x2e80  WinDefend - ok
18:48:42.0665 0x2e80  WinHttpAutoProxySvc - ok
18:48:42.0711 0x2e80  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:48:42.0744 0x2e80  Winmgmt - ok
18:48:42.0810 0x2e80  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:48:42.0912 0x2e80  WinRM - ok
18:48:42.0940 0x2e80  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:48:42.0975 0x2e80  WinUsb - ok
18:48:43.0012 0x2e80  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:48:43.0059 0x2e80  Wlansvc - ok
18:48:43.0076 0x2e80  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:48:43.0094 0x2e80  WmiAcpi - ok
18:48:43.0121 0x2e80  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:48:43.0145 0x2e80  wmiApSrv - ok
18:48:43.0166 0x2e80  WMPNetworkSvc - ok
18:48:43.0178 0x2e80  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:48:43.0203 0x2e80  WPCSvc - ok
18:48:43.0215 0x2e80  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:48:43.0232 0x2e80  WPDBusEnum - ok
18:48:43.0242 0x2e80  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:48:43.0287 0x2e80  ws2ifsl - ok
18:48:43.0300 0x2e80  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:48:43.0326 0x2e80  wscsvc - ok
18:48:43.0329 0x2e80  WSearch - ok
18:48:43.0408 0x2e80  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:48:43.0497 0x2e80  wuauserv - ok
18:48:43.0528 0x2e80  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:48:43.0557 0x2e80  WudfPf - ok
18:48:43.0582 0x2e80  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:48:43.0614 0x2e80  WUDFRd - ok
18:48:43.0647 0x2e80  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:48:43.0661 0x2e80  wudfsvc - ok
18:48:43.0695 0x2e80  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:48:43.0721 0x2e80  WwanSvc - ok
18:48:43.0752 0x2e80  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
18:48:43.0769 0x2e80  xusb21 - ok
18:48:43.0784 0x2e80  ================ Scan global ===============================
18:48:43.0801 0x2e80  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:48:43.0833 0x2e80  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:48:43.0844 0x2e80  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:48:43.0866 0x2e80  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:48:43.0885 0x2e80  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:48:43.0893 0x2e80  [ Global ] - ok
18:48:43.0893 0x2e80  ================ Scan MBR ==================================
18:48:43.0904 0x2e80  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:48:44.0124 0x2e80  \Device\Harddisk0\DR0 - ok
18:48:44.0124 0x2e80  ================ Scan VBR ==================================
18:48:44.0126 0x2e80  [ FDF1AE1543E23C6938B146999C30F6CB ] \Device\Harddisk0\DR0\Partition1
18:48:44.0127 0x2e80  \Device\Harddisk0\DR0\Partition1 - ok
18:48:44.0129 0x2e80  [ 621E9EF8F3DDE51F18A61C5410BDBCAA ] \Device\Harddisk0\DR0\Partition2
18:48:44.0131 0x2e80  \Device\Harddisk0\DR0\Partition2 - ok
18:48:44.0132 0x2e80  [ D01CED3B954531A26D420DBAC1DE08CB ] \Device\Harddisk0\DR0\Partition3
18:48:44.0134 0x2e80  \Device\Harddisk0\DR0\Partition3 - ok
18:48:44.0134 0x2e80  ================ Scan generic autorun ======================
18:48:44.0338 0x2e80  [ F9E8F9104C629608470B2E6D6A3AC59A, BA848885F031A505A69BDA59888CE858FBBF856F1DF9C47068D0A6142602E74C ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
18:48:44.0534 0x2e80  RTHDVCPL - ok
18:48:44.0583 0x2e80  [ CC9823AA6E3F6229CD6DA193551314A5, 76BCD2BCA391C2114BF9D28FA290D9B39D16379C410070E0E3A6376FDEE51CE1 ] D:\itunes (1)\iTunesHelper.exe
18:48:44.0595 0x2e80  iTunesHelper - ok
18:48:44.0632 0x2e80  [ F442241ED1840450DE1572BAAACC0EE0, 8878637DF4475BA967120470037CFDB147C46D8B4ED1661D4379D30EB3341135 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
18:48:44.0641 0x2e80  IMSS - ok
18:48:44.0678 0x2e80  [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
18:48:44.0690 0x2e80  USB3MON - ok
18:48:44.0731 0x2e80  [ A8D90CF5DC9878D7CA6FEDB0EC730F59, 08FFA3882C76D9C73480B5741F41C62589A1E5B5F11F4C5EC55D13BB284F922F ] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe
18:48:44.0739 0x2e80  IntelSBA - ok
18:48:44.0802 0x2e80  [ E971C2901BC0E9934D01D84AD127FAAF, 2DC4B1D898430CD152B16D0909C9DEF252579F91E093632E78D47F77CBFDC843 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
18:48:44.0811 0x2e80  APSDaemon - ok
18:48:44.0812 0x2e80  QuickTime Plugin Install - ok
18:48:44.0885 0x2e80  [ 4CB7CEE3F7540B0BEDBD158D75F06509, 73348467A976AF06928B402E12A622BB1B5BD8BB2AC6446117E1FD1EEAFED217 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
18:48:44.0911 0x2e80  StartCCC - ok
18:48:45.0112 0x2e80  [ 82B7AE85A3C197514055DA16D658D8C1, 6FB05B89FBD5FA39F86B7A260CF2C6A692F01FAF79828B18B00735D5A59BC81B ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
18:48:45.0272 0x2e80  AvastUI.exe - ok
18:48:45.0326 0x2e80  [ F62FC64D77CDC71BDA5ED9E34A7D73A8, FA840AA440519C3D9ED4406EF169E8B72B1913E525A49B4DAFBB1F8831C50C45 ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
18:48:45.0353 0x2e80  Cisco AnyConnect Secure Mobility Agent for Windows - ok
18:48:45.0396 0x2e80  [ 6513807FEE68E6C32E67437EE3FFB6C8, 2AB388BD68E984C38EAAF2D42DE918A64B42DA229627FC0B1A896A8AD60B5F91 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:48:45.0415 0x2e80  SunJavaUpdateSched - ok
18:48:45.0469 0x2e80  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:48:45.0534 0x2e80  Sidebar - ok
18:48:45.0552 0x2e80  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:48:45.0576 0x2e80  mctadmin - ok
18:48:45.0611 0x2e80  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:48:45.0647 0x2e80  Sidebar - ok
18:48:45.0651 0x2e80  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:48:45.0667 0x2e80  mctadmin - ok
18:48:45.0669 0x2e80  CyberGhost - ok
18:48:45.0669 0x2e80  HydraVisionDesktopManager - ok
18:48:45.0684 0x2e80  AutoStartNPSAgent - ok
18:48:45.0685 0x2e80  Waiting for KSN requests completion. In queue: 210
18:48:46.0685 0x2e80  Waiting for KSN requests completion. In queue: 210
18:48:47.0686 0x2e80  Waiting for KSN requests completion. In queue: 210
18:48:48.0725 0x2e80  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
18:48:48.0728 0x2e80  Win FW state via NFP2: enabled ( trusted )
18:48:51.0201 0x2e80  ============================================================
18:48:51.0201 0x2e80  Scan finished
18:48:51.0201 0x2e80  ============================================================
18:48:51.0206 0x2d80  Detected object count: 0
18:48:51.0206 0x2d80  Actual detected object count: 0

deeprybka · 04.06.2016, 18:04

Scans nach Anleitung wiederholen:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Download und Anleitung
Starte Malwarebytes' Anti-Malware (MBAM).
Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass Deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Downloade Dir HitmanPro

auf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Deuterium · 05.06.2016, 01:51

AdwCleaner

Code:

ATTFilter

# AdwCleaner v5.119 - Bericht erstellt am 05/06/2016 um 01:16:04
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-06-03.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : Kiwi - KIWIPC
# Gestartet von : C:\Users\Kiwi\Desktop\AdwCleaner_5.119.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner gelöscht : C:\ProgramData\9768c88e73e60ecb
[#] Ordner gelöscht : C:\ProgramData\Application Data\9768c88e73e60ecb
[-] Ordner gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
[-] Ordner gelöscht : C:\Program Files (x86)\Common Files\Tobit
[-] Ordner gelöscht : C:\Users\Kiwi\AppData\Roaming\GrabPro
[-] Ordner gelöscht : C:\Users\Kiwi\AppData\Roaming\ProgSense
[-] Ordner gelöscht : C:\Users\Kiwi\AppData\Local\CrashRpt

***** [ Dateien ] *****

[-] Datei gelöscht : C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\invalidprefs.js

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Wert gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\f
[-] Schlüssel gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Schlüssel gelöscht : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
[-] Wert gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
[-] Schlüssel gelöscht : HKCU\Software\APN PIP
[-] Schlüssel gelöscht : HKCU\Software\Conduit
[-] Schlüssel gelöscht : HKCU\Software\InstallCore
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKCU\Software\ProgSense
[-] Schlüssel gelöscht : HKCU\Software\UpToDown
[-] Schlüssel gelöscht : HKCU\Software\Yahoo\Companion
[-] Schlüssel gelöscht : HKCU\Software\Yahoo\YFriendsBar
[-] Schlüssel gelöscht : HKCU\Software\delta
[-] Schlüssel gelöscht : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Yahoo\Companion
[-] Schlüssel gelöscht : HKLM\SOFTWARE\systweak
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Daten wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Schlüssel gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
[-] Schlüssel gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [10230 Bytes] - [05/06/2016 01:16:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [10784 Bytes] - [03/06/2016 14:00:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [10858 Bytes] - [03/06/2016 14:02:03]
C:\AdwCleaner\AdwCleaner[S3].txt - [10951 Bytes] - [05/06/2016 01:11:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10526 Bytes] ##########

MBAM

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 05.06.2016
Suchlaufzeit: 01:38
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.04.06
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kiwi

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 339283
Abgelaufene Zeit: 15 Min., 54 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 21
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, In Quarantäne, [ed09e1174851fa3c92fd05788082946c], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, In Quarantäne, [ed09e1174851fa3c92fd05788082946c], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, In Quarantäne, [f8fe35c306932e08504182fbc63cd927], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, In Quarantäne, [f8fe35c306932e08504182fbc63cd927], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, In Quarantäne, [c333d028c3d674c24c42add018ea8b75], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, In Quarantäne, [48ae2ecab2e7d75f8905f98455adb848], 
PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}, In Quarantäne, [8c6a7a7e524744f26e804163f310c739], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [eb0bae4a69303105f774a9e6986b6d93], 

Registrierungswerte: 8
PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}|OSDFileURL, file:///C:/Users/Kiwi/AppData/Local/TNT2/Profiles/10557/yah10557.xml, In Quarantäne, [8c6a7a7e524744f26e804163f310c739]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, In Quarantäne, [eb0bae4a69303105f774a9e6986b6d93]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, In Quarantäne, [d224fefa1089bc7ab7b4206f0102619f]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, In Quarantäne, [51a514e44c4d86b09fccf19ea063d729]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, In Quarantäne, [6690a75195049e982b406b24fb08847c]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, In Quarantäne, [a155c4343861191d0d5e9ef1ab58619f]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, In Quarantäne, [b1455b9d1a7fa59171fa3b54bd464cb4]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, In Quarantäne, [688e2bcd4b4eca6c5d0ed3bc2fd4827e]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

HitmanPro

Code:

ATTFilter

HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : KIWIPC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : KIWIPC\Kiwi
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-06-05 02:02:14
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 22s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 7

   Objects scanned . . . : 1.545.619
   Files scanned . . . . : 67.876
   Remnants scanned  . . : 328.809 files / 1.148.934 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA800718ED30
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA800667F2C0 +0
   Solution
      DriverObject . . . : FFFFFA800718ED30
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF880012A34D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Suspicious files ____________________________________________________________

   C:\Users\Kiwi\Desktop\Virus\FRST64.exe
      Size . . . . . . . : 2.383.872 bytes
      Age  . . . . . . . : 1.2 days (2016-06-03 20:58:52)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 68D3444DC8EED7750F78DB574D0714A4811794E9A57AE09D259711ED79A431EA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.1s C:\Users\Kiwi\Desktop\Virus\mbam-setup-2.2.1.1043.exe
          0.0s C:\Users\Kiwi\Desktop\Virus\FRST64.exe
         11.6s C:\Users\Kiwi\Desktop\Virus\AdwCleaner_5.119.exe


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}\ (YahooToolbar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\ (AdBlocker)
   HKU\S-1-5-21-1078192431-239819200-2145751044-1001\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-1078192431-239819200-2145751044-1001\Software\Delta\ (SpeedUpMyPC)

deeprybka · 05.06.2016, 11:02

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Schritt 1

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Untersuchen.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Deuterium · 05.06.2016, 14:03

Also Probleme kann ich nicht feststellen, aber mir ist auch vorher nichts beim alltäglichen Gebrauch aufgefallen, bis auf einmal mein E-Mail-Konto gehackt wurde. Deshalb poste ich die Logs noch mal

FRST

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 01
durchgeführt von Kiwi (Administrator) auf KIWIPC (05-06-2016 14:58:25)
Gestartet von C:\Users\Kiwi\Desktop
Geladene Profile: Kiwi (Verfügbare Profile: Kiwi & Mcx1-KIWI-PC)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) D:\itunes (1)\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() Q:\140066.enu\Office14\WINWORDC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() Q:\140066.ENU\OFFICE14\OffSpon.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\itunes (1)\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] => D:\Quicktime\Plugins\DeleteMe1.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-04] (AVAST Software)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10]
ShortcutTarget: Audible Download Manager.lnk -> D:\Audible\Bin\AudibleDownloadHelper.exe (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F8CE8708-5C3F-48FF-996E-AFF92665AD4C}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {07D56749-CE28-4EAD-98CF-98486A8E78D3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\Kiwi\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-04] (AVAST Software)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-04] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104
FF Homepage: google.de
FF NetworkProxy: "backup.ftp", "212.29.229.21"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "212.29.229.21"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "212.29.229.21"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "198.50.129.9"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "119.4.115.51"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "198.50.129.9"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "198.50.129.9"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "198.50.129.9"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-16] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08]
FF Extension: Modify Headers - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-04-27]
FF Extension: Video DownloadHelper - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: DownThemAll! - C:\Users\Kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-04]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-06-01]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-04] (AVAST Software)
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-04-28] (Electronic Arts)
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation) [Datei ist nicht signiert]
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.) [Datei ist nicht signiert]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-23] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.)
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2010-11-21] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-05 14:58 - 2016-06-05 14:58 - 00018429 _____ C:\Users\Kiwi\Desktop\FRST.txt
2016-06-05 14:58 - 2016-06-05 14:58 - 00000000 ____D C:\Users\Kiwi\Desktop\FRST-OlderVersion
2016-06-05 11:57 - 2016-06-04 18:52 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF5F2.tmp
2016-06-05 02:00 - 2016-06-05 02:46 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-05 01:59 - 2016-06-05 01:59 - 00007040 _____ C:\Users\Kiwi\Desktop\mbam.txt
2016-06-05 01:16 - 2016-06-05 01:16 - 00010622 _____ C:\Users\Kiwi\Desktop\AdwCleaner[C1].txt
2016-06-05 01:07 - 2016-06-05 01:07 - 03677248 _____ C:\Users\Kiwi\Desktop\AdwCleaner_5.119.exe
2016-06-04 21:00 - 2016-06-04 21:00 - 11438608 _____ (SurfRight B.V.) C:\Users\Kiwi\Desktop\HitmanPro_x64.exe
2016-06-04 20:59 - 2016-06-04 21:00 - 22851472 _____ (Malwarebytes ) C:\Users\Kiwi\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-04 18:52 - 2016-06-04 18:52 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-04 18:52 - 2016-06-04 18:52 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-04 18:46 - 2016-06-04 19:01 - 00214646 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_18.46.19_log.txt
2016-06-04 18:46 - 2016-06-04 18:46 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Kiwi\Desktop\tdsskiller.exe
2016-06-04 11:26 - 2016-06-04 11:26 - 00076769 _____ C:\Users\Kiwi\Desktop\Zunehmen-Ernährungsplan-mit-Fleisch.pdf
2016-06-03 21:19 - 2016-06-05 14:57 - 00000000 ____D C:\Users\Kiwi\Desktop\L
2016-06-03 20:58 - 2016-06-05 14:58 - 02384896 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64.exe
2016-06-03 18:06 - 2016-06-03 18:06 - 00131792 _____ C:\Users\Kiwi\AppData\Local\recently-used.xbel
2016-06-03 13:59 - 2016-06-05 01:42 - 00000000 ____D C:\AdwCleaner
2016-06-03 11:46 - 2016-06-05 14:58 - 00000000 ____D C:\FRST
2016-06-03 11:18 - 2016-06-05 01:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-03 11:18 - 2016-06-03 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-03 11:17 - 2016-06-03 11:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-03 11:17 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-03 11:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-03 11:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-02 21:21 - 2016-06-02 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16
2016-06-01 21:34 - 2016-06-04 00:26 - 00000000 ____D C:\Users\Kiwi\Documents\Citavi 5
2016-06-01 21:34 - 2016-06-01 21:47 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Swiss Academic Software
2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2016-06-01 21:32 - 2016-06-01 21:32 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Downloaded Installations
2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\Public\CyberLink
2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\Kiwi\Documents\CyberLink
2016-05-30 23:40 - 2016-05-30 23:40 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Cyberlink
2016-05-30 23:33 - 2016-06-03 01:50 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-05-30 23:33 - 2016-05-30 23:33 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-05-30 23:30 - 2016-06-03 01:50 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-05-30 23:30 - 2016-05-30 23:41 - 00000000 ____D C:\ProgramData\CyberLink
2016-05-30 23:30 - 2016-05-30 23:30 - 00000000 ____D C:\ProgramData\install_clap
2016-05-26 00:28 - 2016-06-02 20:11 - 00149015 _____ C:\Users\Kiwi\Desktop\2016_06rechnung_5616687642.pdf
2016-05-11 11:35 - 2016-05-11 11:35 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\com.bby.cinemanowca
2016-05-11 01:18 - 2016-05-15 12:14 - 00000000 ____D C:\Users\Kiwi\Desktop\Rupp 2013

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-05 12:56 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-05 12:56 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-05 11:57 - 2012-04-20 18:12 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-05 11:41 - 2012-09-17 12:04 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-05 11:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-05 02:55 - 2013-03-25 22:46 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\SoftGrid Client
2016-06-05 02:03 - 2013-12-18 02:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\vlc
2016-06-05 01:55 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-06-05 01:16 - 2012-06-03 14:00 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-04 18:52 - 2014-08-01 00:03 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-04 18:52 - 2014-08-01 00:03 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-04 18:52 - 2013-08-03 22:49 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-04 18:52 - 2013-08-03 22:49 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-04 18:52 - 2012-09-17 12:04 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-04 18:52 - 2012-09-17 12:04 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-04 18:52 - 2012-09-17 12:04 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-04 18:52 - 2012-09-17 12:04 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-04 11:21 - 2015-08-05 14:55 - 00000000 ____D C:\Users\Kiwi\Desktop\Neuer Ordner (6)
2016-06-04 01:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-06-04 00:29 - 2015-11-06 00:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 18:48 - 2016-01-28 12:27 - 00000000 ____D C:\Users\Kiwi\.gimp-2.8
2016-06-03 18:06 - 2014-01-07 20:51 - 00000000 ____D C:\Users\Kiwi\AppData\Local\gtk-2.0
2016-06-03 01:50 - 2012-04-20 17:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-03 00:08 - 2014-07-30 23:58 - 00000000 ____D C:\ProgramData\Origin
2016-06-02 21:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-02 15:35 - 2014-09-10 00:10 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-02 00:05 - 2016-05-03 14:14 - 00000000 ____D C:\Users\Kiwi\Desktop\BA-Arbeit Kapitel
2016-06-01 17:04 - 2011-04-12 09:43 - 00701778 _____ C:\Windows\system32\perfh007.dat
2016-06-01 17:04 - 2011-04-12 09:43 - 00150420 _____ C:\Windows\system32\perfc007.dat
2016-06-01 17:04 - 2009-07-14 07:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-01 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-30 16:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-18 00:02 - 2016-04-26 13:39 - 00000000 ____D C:\Users\Kiwi\Desktop\Transkripte für BA-Arbeit
2016-05-16 11:14 - 2013-03-11 20:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-16 11:14 - 2013-03-11 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 14:31 - 2015-11-13 18:50 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Clan_prefs
2016-05-13 01:11 - 2014-12-27 13:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-09 22:58 - 2014-05-27 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-09 22:56 - 2015-04-29 12:02 - 00000000 ____D C:\Users\Kiwi\dwhelper
2016-05-09 13:48 - 2015-05-29 22:41 - 00000000 __SHD C:\AI_RecycleBin
2016-05-08 16:56 - 2015-12-26 13:16 - 00000000 ____D C:\Users\Kiwi\AppData\Local\UnrealEngine
2016-05-08 11:45 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-02-24 00:43 - 2016-03-28 16:51 - 0001456 _____ () C:\Users\Kiwi\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2016-06-03 18:06 - 2016-06-03 18:06 - 0131792 _____ () C:\Users\Kiwi\AppData\Local\recently-used.xbel
2015-06-07 02:41 - 2015-06-07 02:41 - 0007605 _____ () C:\Users\Kiwi\AppData\Local\Resmon.ResmonCfg
2014-06-08 16:27 - 2016-05-15 02:23 - 0002703 _____ () C:\ProgramData\flcd_proxy.log
2013-03-30 00:02 - 2013-03-30 00:14 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Einige Dateien in TEMP:
====================
C:\Users\Kiwi\AppData\Local\Temp\libeay32.dll
C:\Users\Kiwi\AppData\Local\Temp\msvcr120.dll
C:\Users\Kiwi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-28 00:28

==================== Ende von FRST.txt ============================

Addition

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-06-2016 01
durchgeführt von Kiwi (2016-06-05 14:58:56)
Gestartet von C:\Users\Kiwi\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-04-20 15:20:37)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1078192431-239819200-2145751044-500 - Administrator - Disabled)
Gast (S-1-5-21-1078192431-239819200-2145751044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1078192431-239819200-2145751044-1003 - Limited - Enabled)
Kiwi (S-1-5-21-1078192431-239819200-2145751044-1000 - Administrator - Enabled) => C:\Users\Kiwi
Mcx1-KIWI-PC (S-1-5-21-1078192431-239819200-2145751044-1001 - Limited - Enabled) => C:\Users\Mcx1-KIWI-PC

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Access 97rt PAN EURO G (HKLM-x32\...\Access 97rt PAN EURO G) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.08005 - Cisco Systems, Inc.) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
CLAN (HKLM-x32\...\{00868CD9-BEB1-4D2C-8307-4AD82C48501A}) (Version: 2.11.00 - CMU)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.42.13482.16 - Electronic Arts)
Fragen-Lern-CD 4.3 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1) (Version: 4.3.5 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.3 (x32 Version: 4.3.5 - Wendel-Verlag GmbH) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version:  - Intel(R) Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6134.5007 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Yu-Gi-Oh! The Dawn of a New Era Version 5.0.18.3673 (HKLM-x32\...\{1F276EF8-ACD8-4805-845C-BA1FC14DCB3B}_is1) (Version: 5.0.18.3673 - Kaiba Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0071A13B-6B94-46F2-9FB6-ADE22483D5A5} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-KIWI-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {0CC6A309-3F84-4134-8FFB-9171C1FE2932} - System32\Tasks\{1DBE5654-06A6-4930-B238-0DF98147764A} => pcalua.exe -a C:\Users\Kiwi\AppData\Local\TNT2\2.0.0.1627\TNT2User.exe -c /UNINSTALL PARTNER=10557
Task: {172DF47C-9163-4CC4-AB32-7BB276417631} - System32\Tasks\{45912AD4-8F33-4D8D-9554-A80AA320F031} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {1AE6AEA5-5C3E-4F4B-BC06-6AAD7A21D250} - System32\Tasks\{173E985D-BE0F-4425-BDB3-341AF9AB4146} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SSBCUninstall.exe
Task: {2191EFF0-B8A4-4E70-AB0C-A64B67600B84} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {2585F3CA-5711-4D62-B6F5-A199FED58DC7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2B2EA069-9304-4BDF-AF20-4B017C27CC4C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {2B428C53-209C-48C4-A188-624C9CA70FF9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3C96134A-FC2F-4E4B-9EF9-2700AD0D00E6} - System32\Tasks\{66823191-2EB3-47EC-A19A-02C731EA27C2} => pcalua.exe -a E:\dx7ager.exe -d E:\
Task: {4ABB64DA-07A2-46BD-A64B-3E69D48CEC3E} - System32\Tasks\{8CE18D4A-43FB-4D4B-BD63-0B634CDFAFA1} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {4C7DC039-C318-4A43-B7A9-728234D2A737} - System32\Tasks\{AF90126A-79C8-4274-AD4E-38A1B3BDC08D} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {5CEE0A7A-9A24-42B3-A8C4-B264A07E3434} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6672CE13-36D9-4D89-A012-3893126F7B86} - System32\Tasks\{3F24D816-EF75-43E8-9F64-50F1E3DB735E} => pcalua.exe -a C:\Users\Kiwi\Desktop\PESEdit.com_2012_Patch_3.3.1\Installer.exe -d C:\Users\Kiwi\Desktop\PESEdit.com_2012_Patch_3.3.1
Task: {7466DEB7-CB2E-42E6-8A50-621C46C0643E} - System32\Tasks\{60731E58-7FFB-4725-8A0E-4938AF74C082} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {803F5571-B947-425E-A2A9-40FFBEC293E0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {83CE7615-E7E2-40A5-A872-AC1C004B734C} - System32\Tasks\{79A0981F-23F9-4972-A067-D5910A7DAAE0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Task: {883A3927-A45D-4675-BF91-F2EFFA4ACB36} - System32\Tasks\{3670FBCA-2A3C-470A-B293-977CB288DA46} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -c -runfromtemp -l0x0407 -removeonly
Task: {91981B81-7214-48D1-A774-78CBDD928779} - System32\Tasks\{045A154F-0301-4AE9-858C-C7E12566F748} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {99519820-DA6F-4713-802E-8FF328DFC9A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A5ED77AC-6AED-406F-9953-2B16D36EB5F3} - System32\Tasks\{EE93492B-829F-46B8-8BA2-7225EA8C38FE} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {AB7F177B-533D-4559-A658-B5260C43D430} - System32\Tasks\{05376299-63E3-40B4-B000-3BAC939D67C1} => pcalua.exe -a C:\Users\Kiwi\Desktop\epson375890eu.exe -d C:\Users\Kiwi\Desktop
Task: {B6E36C48-A49B-486E-B433-02EA71117731} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-04] (AVAST Software)
Task: {BA07FC55-F1EB-4D5A-8725-902184DD8A13} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BCAB8935-3339-458D-8B1B-0C0E79442CB0} - System32\Tasks\{B1D11270-DC0A-443F-A2C2-7886CB6545AC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {C04C3B6E-DB4A-4790-9455-7A5DB41505BC} - System32\Tasks\{5877E4B1-A854-461D-A464-83E4E03E4047} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {C515F816-D0D4-48C2-81DE-84D0EAB44AC6} - System32\Tasks\{87B8B25C-F246-4C50-A323-E5115EC007AB} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {D2100B8D-CFCF-4F46-B4C7-38B6BF8FF944} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe 
Task: {D31D2427-00AE-4BC4-8DF4-2F9F421DDFBA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {DB898384-D1F3-4649-9244-0A6C28D7214B} - System32\Tasks\{C4C55CCC-9DBF-451F-B551-657EA06F68C0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {DC416041-539F-4378-B0DE-9585A0443A5A} - System32\Tasks\{D3869556-B4D2-45ED-9BB6-9B033BF40786} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {E69AC183-3C16-4AB6-BE2C-67EEFE889F79} - System32\Tasks\{8FE250CF-A532-4D2A-89E2-D971EBC570C8} => pcalua.exe -a C:\Users\Kiwi\Desktop\epson29817eu.exe -d C:\Users\Kiwi\Desktop
Task: {E88DA03D-B7F8-4978-9C38-D24035CD37F9} - System32\Tasks\{6E7BB2E2-DB0B-46AD-A7FD-CD4EBAE55CA1} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.64.105/de/abandoninstall?page=tsProgressBar
Task: {EB234CD3-AE7B-4C04-BA18-B6510C3CA55B} - System32\Tasks\{BCDD38EF-0904-43CC-B055-D9F7168A70CD} => D:\StreamTransport\StreamTransport.exe
Task: {F2679F97-D496-4E85-BCBD-70F9956D2763} - System32\Tasks\{B08A6FA7-7E3B-4CDF-8D07-44CDA2804BD1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {F560CC06-3682-441B-A3E7-77352D1C586D} - System32\Tasks\{78685E25-AE26-47B9-BD42-866A20EDC10B} => pcalua.exe -a C:\Users\Kiwi\Downloads\streaming_optimizer_setup.exe -d C:\Users\Kiwi\Downloads

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2012-02-07 21:54 - 2012-02-07 21:54 - 00078624 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-11-03 12:21 - 2015-11-03 12:21 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-06-04 18:52 - 2016-06-04 18:52 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-04 18:52 - 2016-06-04 18:52 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-04 18:51 - 2016-06-04 18:51 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\16060402\algo.dll
2016-06-05 11:41 - 2016-06-05 11:41 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\16060500\algo.dll
2016-06-04 18:52 - 2016-06-04 18:52 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-04 18:52 - 2016-06-04 18:52 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-15 13:06 - 2016-01-15 13:06 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll
2012-04-20 17:58 - 2012-02-21 06:09 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\ProcessPrivileges.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\System.ComponentModel.Composition.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Interop.TaskScheduler.dll
2016-05-16 11:14 - 2016-05-16 11:14 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94298785-BBE7-4803-9808-176D43C4E216}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9688D9CD-38B3-4C6C-85A2-93D8171E3856}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{A6853C33-7D72-4FBC-8627-2A87A55919CA}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [UDP Query User{E0A83EAB-E379-46B6-827E-F0CB77D07E10}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [TCP Query User{01277258-7A3B-4271-9FE7-D4C8607EFA3C}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [UDP Query User{05AF7882-6A87-4B7F-985A-466333B07AC9}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [TCP Query User{D4FD44CC-6F86-465D-9660-EE25780533C4}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [UDP Query User{F5DB8AF0-02B2-47B5-B66A-FD4CD46F78C6}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [TCP Query User{ABDBE795-B056-45E6-9256-94B5C1A48326}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{6B65D548-037A-4A83-8228-4BE7B053A9CC}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{4A90897E-CD4A-4603-A076-2F7603EC17D8}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{8F60A005-04AB-475E-A786-8BFE92808589}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [TCP Query User{49375053-5C68-432F-9781-AC33999F0008}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{4AD3975C-C6E2-4052-AC09-49C919E916C0}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{76CCD08E-FDC4-45B3-BBE4-7F35660D2830}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6177E29A-7E97-423E-9E31-7D391AC1DB6F}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{AF591D2A-0520-4C36-93B3-14AEDAF3A549}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{F983E86F-E76F-4B3D-A004-ACA22CB80938}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{9E4C7613-42CC-4CE2-A645-F2BF96921709}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{30B4081A-2283-41D8-9FBB-B08E8024C881}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{36FD5D36-DF53-4F09-9EDD-152F3F4BA620}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{09310F29-FC7C-4CB4-AB3C-5CA3164757C9}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{EB6E2773-E0F1-4B00-9466-22FB253C88ED}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{E34E6481-9AD7-43AC-AD41-2D8092EDD9CB}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{B6D4044F-D5C8-4087-9B41-7C656EFD9149}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FD68BD03-E04C-4AF5-AEEE-5DAB69C75FB0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C43B7741-5F17-4FBD-BD41-891C55C5ACAD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{E59ABD5C-70B2-4F9C-9BB8-B01DBD44F9EF}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [UDP Query User{98E8DCE4-788A-4E6B-93D6-5579ED579B1E}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [TCP Query User{E71AEEB1-01BD-41AA-8F36-CFF524807B0C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A8BDF807-1C34-419B-A7F5-0D1075FD766C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{DF9C7B38-72C8-4905-BF17-15E3D33793AC}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [UDP Query User{0394E352-ADD2-4B0C-B227-441231BCE97D}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [{8DC61941-EEDE-4959-9AA0-EAD07FDC4DE9}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7D198C55-19F3-4229-8FD4-E8894F94A13D}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F74C777F-9F65-4418-9779-CBFA100AE30E}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{98DFE08A-1684-455A-A9A4-6264C9E3F784}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{77167C1C-9004-42E2-9BA7-1FBC770B7E89}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{C324AD62-C264-434E-AD50-8685C9A654C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{46242EFF-72ED-474C-A15E-17507B313216}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DFD8F70A-D886-49EE-BDA7-ECAB1088734E}C:\users\kiwi\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\kiwi\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [UDP Query User{5D149EAF-08DC-4881-953D-68177630FAE6}C:\users\kiwi\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\kiwi\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [{98C691AC-BCA1-43BD-9DF9-86705F0542F8}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{64A1F775-9F00-4698-BB1C-30234E5E4C75}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{2FF169A4-6B8B-47B4-8724-AE2FCC1B5015}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{F35D6A8D-B3A8-4C01-8956-EBA0A2DF5B1B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{C93155AD-0155-461F-9200-3B8A9E14577B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF829D10-FEE8-4A39-895B-5A270CB8193F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{556741C3-6B18-407D-A36B-2E33091DB2CD}] => (Allow) D:\npsasvr.exe
FirewallRules: [{E36BC25E-DAF0-4A7E-89B8-6EEB3D37F4C7}] => (Allow) D:\npsasvr.exe
FirewallRules: [{4068BB2E-1E2B-4B35-A5F3-830CC0C31A87}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{06CE6F3F-592D-40F3-9352-212C5AF4B359}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{9EA2F439-5C3C-4CC5-A09F-71ABF4F3AB84}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{A69E688A-D28D-4D8A-92D0-74756BE0349B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0A5FCF11-E7F2-4F81-9F43-71AF4D6374F6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{9D2AAA30-7887-4F75-B937-F8B714C15C8C}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{7ECB53BC-7C99-47EC-83B1-9E05FC1B6A23}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{97DB5C82-F495-4902-ACD7-510997B2EE11}] => (Allow) D:\StreamTransport\StreamTransport.exe
FirewallRules: [{716BC0D0-1D25-43E9-A230-8EA33CE2D2A5}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{08418CE3-8F62-44A4-8427-9FEBFFE542FB}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{4DB46D3E-89B2-4A48-97DA-D4B31BB69641}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2B73FA99-F875-4992-9F10-37F78CD7C608}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{839203F3-6FB1-4A71-A6D8-55A3530559BE}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{931D8042-D7F8-4BAC-AF66-577D7C07848B}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [{24D79C9B-F04D-4DD1-9AC8-DE551E973D29}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{DB568B39-2853-4E83-86ED-072619304E66}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{9BC2BE4F-CBA0-452C-ADB7-C843FAEC4C4B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{58F6E409-1128-40CF-A0B4-CCF101E13DB9}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{8C338048-DB27-4E2D-AB8A-EF82FE816AD8}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{4A2AAC95-CF70-474E-8F42-93ADB0BBACEA}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{2FF460ED-3A3F-42C9-B13C-C4F4BCFCA5FB}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{9F962D63-AAB8-4A21-9AB1-AAB1E92CD4DF}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{7BD7B874-0A59-4FC8-8A51-FCCBEDB68F2B}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{9E5E263C-06E1-47A5-A607-570E8913142E}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [TCP Query User{AF1BE002-5DF9-49DB-9145-04F4668498F6}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [UDP Query User{F4D10470-C05D-491B-BB38-A505DC6CCC69}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{CB0C0078-85B0-4BF4-BBC0-630D2D2202DC}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{59363F5C-D949-438C-8544-4D249C34DC65}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{C70883A0-C343-41E3-B6BD-7D75865A5D5B}] => (Allow) D:\Skype\Phone\Skype.exe
FirewallRules: [{7A33FBBA-2C4D-4668-9632-DF6FC4552E40}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{70753751-3DB1-40ED-8051-0596499DD5B1}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{E6DDD641-730A-4647-AD3B-E24C9EBCCB4B}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{182BB2E6-6C64-471C-8223-2505E76A5767}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{230FAD66-FB36-4227-A0C8-BF67D7A62877}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{A2D05491-07CD-4924-8153-BC7A29505700}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{DAAF45B6-8A2F-473C-9BB7-04244E6D50CF}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{5B58AC55-CA8F-452E-B796-F9E7DF687BDB}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{547129D6-5A14-46E5-B11B-3F6E0BB6B0A4}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{CD4EAC82-11C2-41B7-86B1-5FC4CF7619D2}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{7A2DA5E6-C4A7-4F59-B65D-AC48A61064E1}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{187A1EF0-5558-447C-ABEE-625AC07A723B}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{1EFB4A3A-6113-464D-9528-6EFA205A6E65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADFE4FBE-FA82-47D6-BE12-EBA70E0FEABF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C4698300-FE10-4715-ABB4-759C70195532}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{565E985C-046A-435D-9649-07DF5E0AAC93}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{120151B5-E836-42AA-A43F-F12932CF806B}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CD028901-4F2F-450B-91FE-A8B8511A3286}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E57FF4CC-B1B1-4B8F-BD57-76A4C85D51E4}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{6E64CD84-569D-4E8E-A92A-1C23B704609A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{9493AB36-6106-4E5A-8BDF-7EBAC795628B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{BF076DB4-D3A7-4E77-AAF4-3839952B55CE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{D876D33F-1264-49BE-9A61-B16E46CAF5E6}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{BC86322E-CB9C-41A2-9B64-10C49211D7DE}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{80AB14D5-B8B1-404B-B0EF-C5A0771A73C4}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [UDP Query User{616A93E8-729A-4587-9737-1CCCC073ED67}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{853CB42B-6954-4CB0-A55F-85113F6167D9}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{79697550-E990-4CB2-B1D3-DDD86435FDD1}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [TCP Query User{C987FDDC-F65B-449B-BFF2-4FA740BC63A7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [UDP Query User{73F40D76-BDD1-4270-82AD-B45115637DA7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{B3907EE7-BC18-4B43-AFF5-F98C05A393B4}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{5D0EC131-F3A2-441C-879B-65985643F81C}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{2F0557AB-20B4-46A3-B1FA-D078CCA96F34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2952665-C19C-4084-AFBA-A48D1D4A9B3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B0839F3-9AAE-466B-845D-9F77E52F6AC2}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{3B7FB2AB-AAF6-4B4D-83CB-B6CBD1D7C406}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [TCP Query User{333F4A8D-430F-4B7E-ADF2-59365C8CF461}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{EB132654-F851-4A98-8A41-0EB2F2AE92C3}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{D86ACBF1-3A3D-4A4D-84CB-5EB369FC731F}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{23BFFDB7-A160-4F4E-B04B-287A8C85404D}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{A072177C-7188-4EB4-9846-1CD55AD8E934}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [UDP Query User{87EFAD7E-30EF-4BB3-BD5F-5856BD2137FB}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{767A0D3E-6CDA-4093-A469-3A663F938684}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{616DC7E5-3F34-4A8B-B0FA-6103B60F28FC}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{29D906A8-E74A-4DA3-ACBC-45028C63EA40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC24542D-87FB-4406-A45F-253E11FBC154}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99A9A41A-755D-43C9-8C04-46EB23AFF018}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14AADFB8-C9E9-45A1-8A3C-41637D7193A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{867181B9-03AF-45B7-8A7F-766A660EB38E}] => (Allow) D:\itunes (1)\iTunes.exe
FirewallRules: [TCP Query User{445EBC5A-5F72-45F8-9CDE-396279860252}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{48A911E9-B5BC-47ED-B564-05B06D084A4B}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{CA96D09B-8060-4B2D-81B8-E34C4152E478}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{315A886A-E2EB-418F-A831-FA16E3DF8731}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{50FC1106-9F83-42E5-8EEB-61B864B36071}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{81B05483-E256-4251-B0F4-B14AC17CA6DB}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe

==================== Wiederherstellungspunkte =========================

05-06-2016 02:28:06 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/05/2016 11:52:11 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (06/05/2016 11:42:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2016 02:05:51 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (06/05/2016 01:55:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2016 01:28:18 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (06/05/2016 01:18:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2016 09:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9033

Error: (06/04/2016 09:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9033

Error: (06/04/2016 09:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/04/2016 09:18:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019


Systemfehler:
=============
Error: (06/05/2016 11:42:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (06/05/2016 11:41:04 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/05/2016 01:55:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (06/05/2016 01:55:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/05/2016 01:18:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (06/05/2016 01:17:23 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/05/2016 01:17:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intel(R) Small Business Advantage" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1115

Error: (06/05/2016 01:17:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%109

Error: (06/05/2016 01:17:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%109

Error: (06/05/2016 01:17:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 8130.21 MB
Verfügbarer physikalischer RAM: 5341.07 MB
Summe virtueller Speicher: 8828.38 MB
Verfügbarer virtueller Speicher: 5716.97 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:50 GB) (Free:2.69 GB) NTFS
Drive d: () (Fixed) (Total:415.66 GB) (Free:39.8 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1FE31042)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=415.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

deeprybka · 05.06.2016, 14:16

Was ist den mit den Proxyeinträgen beim Firefox? Können die weg?

Deuterium · 05.06.2016, 17:11

Ja, die werden nicht mehr gebraucht

deeprybka · 05.06.2016, 17:18

Onlinepasswörter regelmäßig ändern. Accounts werden meist online gehackt und nicht über den PC. Sind Daten mal im Internet, kannste nichts dagegen machen.

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CloseProcesses:
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\Kiwi\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
FF NetworkProxy: 
EmptyTemp:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Entfernen-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Wir haben es geschafft!

Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.

Meine Kauf-Empfehlung:

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Deuterium · 05.06.2016, 20:35

Hier noch der Inhalt aus der Fixlog-Datei

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
durchgeführt von Kiwi (2016-06-05 21:19:52) Run:2
Gestartet von C:\Users\Kiwi\Desktop
Geladene Profile: Kiwi (Verfügbare Profile: Kiwi & Mcx1-KIWI-PC)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\Kiwi\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
FF NetworkProxy: 
EmptyTemp:
*****************

Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => Wert nicht gefunden.
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Wert nicht gefunden.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk => nicht gefunden.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => Wert nicht gefunden.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Wert nicht gefunden.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden. 
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert nicht gefunden.
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Wert nicht gefunden.
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden. 
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908} => Schlüssel nicht gefunden. 
HKCR\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Schlüssel nicht gefunden. 
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Wert nicht gefunden.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Schlüssel nicht gefunden. 
FF NetworkProxy: => nicht gefunden
EmptyTemp: => 59.7 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:20:24 ====

Wenn nichts mehr zu sehen ist, sollte ich auch wieder ohne Sorgen auf Dienste wie Online-Banking o.ä. zugreifen können, oder?
Und die Dateien, die nach dem Scan mit Malwarebytes in die Quarantäne verschoben wurden, werden doch sicher auch komplett gelöscht und verbleiben nicht auf dem PC, falls ich das Programm deinstallieren sollte?

Ansonsten kann ich nur sagen, vielen Dank für die schnelle und gute Hilfe

deeprybka · 06.06.2016, 10:36

Hat Dir der Fix so gut gefallen, dass ihn gleich zweimal gemacht hast was?

Das was MBAM "gelöscht" hat waren Registryeinträge. Das sind keine Dateien die zurückbleiben können. Stell Dir vor, Du hast ein Textdokument und die löschst Wörter und speicherst die Datei dann wieder. Die Wörter sind weg....

Online Banking ist doch immer sicher, solange Du bei der TAN Eingabe vorsichtig bist.

05.06.2016, 11:02	#6
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche? Schritt 1 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden. __________________ --> Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an

05.06.2016, 14:16	#8
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Was ist den mit den Proxyeinträgen beim Firefox? Können die weg? __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an

Log-Analyse und Auswertung: Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an