cloudfront.net und anderes entfernt - Ist jetzt alles sauber?

uxel · 30.05.2017, 19:40

Hallo nochmal,
(Zweiter Versuch, da der erste Beitrag scheinbar nicht geklappt hat)

Ich habe hier nach der Anleitung den cloudfront.net Virus entfernt:
http://www.trojaner-board.de/148787-...entfernen.html

Ich hatte vorher immer wieder Malware-Funde bei MBAM, deswegen diese ganze Aktion.

Ich habe Windows 10 Pro x64, Malwarebytes Anti Malware Free (Noch als Premium Trial) und Avast Free.

Die frage ist, ob mein Rechner jetzt sauber ist, oder ob ich noch mehr machen muss.

Hier die ganzen Logs mit Funden in chronologischer Reihenfolge:

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v6.047 - Bericht erstellt am 30/05/2017 um 10:15:38
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-05-26.6 [Server]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : ***** - DESKTOP-NEE8C9I
# Gestartet von : D:\Downloads\adwcleaner_6.047__1_.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Ordner Gefunden: C:\Users\*****\AppData\Roaming\aMule
Ordner Gefunden: C:\ProgramData\vCore
Ordner Gefunden: C:\Program Files (x86)\VLC UPDATER
Ordner Gefunden: C:\Users\*****\AppData\Roaming\Firefox
Ordner Gefunden: C:\Users\*****\AppData\Local\Firefox
Ordner Gefunden: C:\ProgramData\BIT


***** [ Dateien ] *****

Datei Gefunden: C:\END
Datei Gefunden: C:\Users\Public\Documents\temp.dat
Datei Gefunden: C:\Users\Public\Documents\report.dat


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Aufgabe Gefunden: Qhtherberile
Aufgabe Gefunden: Microsoft\Windows\Media Center\VCore


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Schlüssel Gefunden: HKU\S-1-5-21-632498878-1310639711-2934333010-1001\Software\VideoBox
Schlüssel Gefunden: HKCU\Software\VideoBox
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\msServer
Schlüssel Gefunden: HKLM\SOFTWARE\Dayglad
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
Schlüssel Gefunden: [x64] HKCU\Software\VideoBox
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-632498878-1310639711-2934333010-1001\Products\9E2C7D317E80988449FF787E7081E435
Wert Gefunden: HKU\S-1-5-21-632498878-1310639711-2934333010-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [VLC Updater]
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2683 Bytes] - [30/05/2017 10:15:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2756 Bytes] ##########

Junkware Removal Tool:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by ***** (Administrator) on 30.05.2017 at 10:32:29,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4 

Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\extensions\trash (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_***** (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_*****.job (Task) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2017 at 10:33:46,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner -mit bei weitem den meisten und dicksten Funden)

Code:

ATTFilter

C:\Insist\nne.pwb	Variante von Win32/Adware.ELEX.NL Anwendung
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\5af10c005214dd08f47949cd530a94d1[1]	Win32/Adware.ELEX.OQ Anwendung
D:\Downloads\IObit Uninstaller - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
D:\Downloads\PDF24 Creator - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
G:\DESKTOP-NEE8C9I\Backup Set 2016-08-25 235255\Backup Files 2016-08-25 235255\Backup files 9.zip	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
G:\DESKTOP-NEE8C9I\Backup Set 2016-09-12 110409\Backup Files 2016-09-12 110409\Backup files 9.zip	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\background_fault\bf (2017_05_06 16_44_53 UTC).dll	Variante von Win32/Adware.ELEX.QJ Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\CSHMDR\Snare (2017_05_18 18_13_01 UTC).dll	Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\CSHMDR\Snare (2017_05_18 23_25_39 UTC).dll	Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\CWASRE\Snare (2017_05_16 09_41_08 UTC).dll	Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\cache2\entries\48F911975B9356E821A9ACD3201E206B97ADA600 (2017_05_10 17_47_37 UTC)	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\edabkpso.default\cache2\entries\6A9BA8FBC8B47DDD2C13589459B37392373B7BD5 (2017_02_25 22_39_40 UTC)	HTML/Refresh.BC Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\edabkpso.default\cache2\entries\F1584D7E4BF342407D91F81A8280B9D0F4923C35 (2017_02_25 22_39_40 UTC)	HTML/Refresh.BC Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\SNARE\Snare (2017_04_28 15_25_47 UTC).dll	Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\SNARE\Snare (2017_05_01 18_36_30 UTC).dll	Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\@rdC7B (2017_05_18 15_25_27 UTC).tmp	Variante von Win32/Adware.ELEX.QK Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\trotux (2017_02_25 22_39_40 UTC).msi	Variante von Win32/Adware.ELEX.HD Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\videobox (2017_02_25 22_39_40 UTC).exe	Variante von Win32/Adware.OxyPumper.BD Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bk67FB (2017_04_28 15_25_47 UTC).tmp	Variante von Win32/Adware.ELEX.OA Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bk67FC (2017_04_28 15_25_47 UTC).tmp	Mehrere Bedrohungen
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bk6C78 (2017_04_12 13_38_40 UTC).tmp	Variante von Win32/Adware.ELEX.KX Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bkF08E (2017_05_11 17_26_35 UTC).tmp	Mehrere Bedrohungen
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bkF08F (2017_05_11 17_26_35 UTC).tmp	Mehrere Bedrohungen
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\0\SSS (2017_04_28 15_25_47 UTC).dll	Variante von Win32/Adware.ELEX.OA Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\VNASRE\Snare (2017_05_10 17_47_37 UTC).dll	Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\WANARE\Snare (2017_05_05 22_11_17 UTC).dll	Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Roaming\WinSAPSvc\WinSAP (2017_05_16 09_41_08 UTC).dll	Variante von Win32/Adware.ELEX.QM Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Roaming\WinSAPSvc\WinSAP (2017_05_18 15_25_27 UTC).dll	Variante von Win32/Adware.ELEX.QM Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\D\Downloads\IObit Uninstaller - CHIP-Installer (2017_05_10 15_43_12 UTC).exe	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\D\Downloads\PDF24 Creator - CHIP-Installer (2016_09_12 17_53_17 UTC).exe	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung

Hier noch FRST und Addition:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
durchgeführt von ****** (Administrator) auf DESKTOP-NEE8C9I (30-05-2017 19:35:12)
Gestartet von D:\Downloads
Geladene Profile: ****** (Verfügbare Profile: ******)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(AVAST Software s.r.o.) D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\WindowsApps\ZattooEuropaAG.ZattooLiveTV_4.5.107.0_x64__cwpjhwd4pd0ma\Zattoo.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(freenet TV Player) D:\Program Files (x86)\freenet TV Player\freenet TV Player.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2016-07-30] (VIA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-04] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-05-14] ()
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [World of Tanks] => D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2088832 2016-12-22] (Sony)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2017-05-12]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicy: Beschränkung <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4beea3e3-899f-4d05-a6a5-2d83c6087d76}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-632498878-1310639711-2934333010-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0ksa54iq.default-1493836180353
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 [2017-05-30]
FF Homepage: Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 -> about:home
FF Extension: (I don't care about cookies) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2017-05-03]
FF Extension: (Adblock Plus) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-09-26] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @FortinetCacheClean -> D:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> D:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> D:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-02-25]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-04] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 FA_Scheduler; D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [119826 2017-03-08] (Fortinet Inc.) [Datei ist nicht signiert]
R3 hpqcxs08; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2011-04-29] (Hewlett-Packard Co.)
R2 hpqddsvc; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
R2 IObitUnSvr; D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-07-31] () [Datei ist nicht signiert]
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-30] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies)
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27768 2016-07-30] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-04] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [18000 2017-03-08] (Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [37456 2017-03-08] (Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [147536 2017-03-08] (Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [85072 2017-03-08] (Fortinet Inc)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Inc)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2016-10-05] (Sony Mobile Communications)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2017-05-06] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-30] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-30] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-30] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Inc.)
S3 RTL2831UBDA; C:\WINDOWS\system32\drivers\RTL2831UBDA.sys [116000 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys [39968 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-05-12] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-05-30 19:34 - 2017-05-30 19:35 - 00000000 ____D C:\FRST
2017-05-30 18:51 - 2017-05-30 18:51 - 00009628 _____ C:\Users\******\Desktop\ESET Bericht.txt
2017-05-30 10:35 - 2017-05-30 10:35 - 00000000 ____D C:\Program Files (x86)\ESET
2017-05-30 10:33 - 2017-05-30 10:33 - 00000903 _____ C:\Users\******\Desktop\JRT.txt
2017-05-30 10:29 - 2017-05-30 10:29 - 00001834 _____ C:\Users\******\Desktop\sc-cleaner.txt
2017-05-30 10:14 - 2017-05-30 10:23 - 00000000 ____D C:\AdwCleaner
2017-05-29 17:28 - 2017-05-29 18:58 - 00000000 ____D C:\Users\******\AppData\Roaming\EndNote
2017-05-29 12:43 - 2017-05-29 12:43 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-27 11:34 - 2017-05-27 11:34 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-05-22 11:55 - 2017-05-22 11:55 - 00001236 _____ C:\Users\******\Desktop\Firefox.lnk
2017-05-19 13:12 - 2017-05-30 16:28 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-19 13:12 - 2017-05-30 10:24 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-19 13:12 - 2017-05-30 10:24 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-19 13:12 - 2017-05-30 10:24 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00000974 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-19 13:12 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-19 12:31 - 2017-05-19 12:31 - 00000000 ____D C:\Users\******\AppData\Local\Macromedia
2017-05-18 16:44 - 2017-05-19 12:43 - 00003475 _____ C:\Users\******\AppData\Roaming\go00001.bak
2017-05-18 13:56 - 2017-05-18 13:56 - 00000000 ____D C:\Users\******\AppData\Local\PeerDistRepub
2017-05-17 22:55 - 2017-05-17 22:55 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-17 22:55 - 2017-05-17 22:55 - 00000000 ____D C:\Program Files (x86)\Skype
2017-05-17 12:54 - 2017-05-30 19:12 - 00000000 ____D C:\Users\******\AppData\LocalLow\Mozilla
2017-05-17 11:29 - 2017-05-17 11:29 - 00000000 ____D C:\Users\******\AppData\Roaming\Sun
2017-05-17 11:24 - 2017-05-29 09:13 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\******\AppData\Local\VirtualStore
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\******\AppData\Local\DBG
2017-05-16 12:58 - 2017-05-16 12:58 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Program Files (x86)\UltraUXThemePatcher
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll.backup
2017-05-12 14:50 - 2017-05-30 01:55 - 00004421 _____ C:\Users\******\AppData\Roaming\VoiceMeeterDefault.xml
2017-05-12 14:46 - 2017-05-12 14:46 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files\VB
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files (x86)\VB
2017-05-12 14:05 - 2017-05-12 14:05 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-12 14:05 - 2017-05-12 14:05 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-12 14:05 - 2017-05-12 14:05 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-12 14:04 - 2017-05-12 14:04 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-12 14:04 - 2017-05-12 14:04 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-12 14:04 - 2017-05-12 14:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-12 14:02 - 2017-05-12 13:08 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-12 14:01 - 2017-05-12 14:01 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-12 13:23 - 2017-05-12 13:23 - 00000020 ___SH C:\Users\******\ntuser.ini
2017-05-12 13:19 - 2017-05-30 10:30 - 02803596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-12 13:15 - 2017-05-30 10:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-12 13:15 - 2017-05-12 13:25 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-12 13:15 - 2017-05-12 13:15 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00003392 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469838226
2017-05-12 13:15 - 2017-05-12 13:15 - 00003332 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-12 13:15 - 2017-05-12 13:15 - 00002942 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-12 13:15 - 2017-05-12 13:15 - 00002668 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00002254 _____ C:\WINDOWS\System32\Tasks\{3B57F17C-6AA3-4C62-82EB-0F2C06B4EF12}
2017-05-12 13:15 - 2017-05-12 13:15 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-12 13:10 - 2017-05-12 13:13 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-12 13:10 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-12 13:09 - 2017-05-30 14:46 - 00000000 ____D C:\Users\******
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Vorlagen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Startmenü
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Netzwerkumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Lokale Einstellungen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Eigene Dateien
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Druckumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\AppData\Local\Verlauf
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\AppData\Local\Anwendungsdaten
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Anwendungsdaten
2017-05-12 13:09 - 2016-12-29 14:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-12 13:09 - 2016-12-19 09:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-12 13:08 - 2017-05-25 08:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-12 13:08 - 2017-05-13 13:23 - 00390432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-12 13:08 - 2017-05-12 13:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-12 13:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____D C:\Program Files\VIA
2017-05-11 18:06 - 2017-05-11 18:06 - 00001100 _____ C:\Users\******\Desktop\TWD Staffel 7 - Verknüpfung.lnk
2017-05-11 17:48 - 2017-05-17 11:23 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-11 01:10 - 2017-03-04 08:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-05-10 15:25 - 2017-05-10 15:25 - 00000000 ____D C:\Users\******\AppData\Local\UNP
2017-05-10 11:24 - 2017-05-10 11:24 - 00001252 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update- und Datenschutzeinstellungen.lnk
2017-05-09 19:10 - 2017-05-09 19:10 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-05-09 19:09 - 2017-05-12 13:13 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-09 19:09 - 2017-05-09 19:11 - 00000000 ____D C:\Program Files\UNP
2017-05-09 18:10 - 2017-05-09 18:12 - 00000000 ____D C:\Users\******\AppData\Roaming\IObit
2017-05-09 18:10 - 2017-05-09 18:10 - 00000000 ____D C:\Users\******\AppData\LocalLow\IObit
2017-05-09 18:09 - 2017-05-09 18:09 - 00000000 ____D C:\Users\******\AppData\Local\Downloaded Installations
2017-05-09 17:25 - 2017-05-11 18:06 - 00016896 ___SH C:\Users\******\Desktop\Thumbs.db
2017-05-09 17:06 - 2017-05-09 17:06 - 00001402 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.exe - Verknüpfung.lnk
2017-05-09 16:55 - 2017-05-09 16:55 - 00000000 _____ C:\WINDOWS\SysWOW64\1111
2017-05-06 14:41 - 2017-05-17 11:26 - 00000831 _____ C:\Users\Public\Desktop\freenet TV Player.lnk
2017-05-06 14:41 - 2017-05-17 11:25 - 00000000 ____D C:\Users\******\AppData\Roaming\freenet TV Player
2017-05-06 14:41 - 2017-05-06 14:41 - 00098400 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusbk.dll
2017-05-06 14:41 - 2017-05-06 14:41 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusb0.dll
2017-05-06 14:41 - 2017-05-06 14:41 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2017-05-06 14:41 - 2017-05-06 14:41 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\Drivers\libusb0.sys
2017-05-05 17:47 - 2017-05-05 17:47 - 00000000 ____D C:\Users\******\AppData\Local\Bluestacks
2017-05-05 17:46 - 2017-05-05 17:50 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-05-04 10:44 - 2017-05-04 10:44 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-03 18:39 - 2017-05-03 18:39 - 00000000 ____D C:\Program Files (x86)\IIS
2017-05-03 18:38 - 2017-05-03 18:38 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-05-30 19:25 - 2016-07-30 23:50 - 00000000 ____D C:\Users\******\AppData\Roaming\Skype
2017-05-30 10:30 - 2017-03-20 06:41 - 01325726 _____ C:\WINDOWS\system32\perfh007.dat
2017-05-30 10:30 - 2017-03-20 06:41 - 00315848 _____ C:\WINDOWS\system32\perfc007.dat
2017-05-30 10:25 - 2016-08-01 15:52 - 00000000 ____D C:\Users\******\AppData\Local\Overwolf
2017-05-30 10:23 - 2017-03-18 13:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-30 09:51 - 2016-07-30 10:49 - 00202476 _____ C:\WINDOWS\hpoins14.dat
2017-05-30 09:49 - 2015-10-30 09:24 - 00000127 _____ C:\WINDOWS\win.ini
2017-05-29 12:43 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-29 12:42 - 2016-07-30 00:25 - 00000000 ____D C:\Users\******\AppData\Roaming\Adobe
2017-05-29 09:12 - 2016-07-30 00:25 - 00000000 ____D C:\Users\******\AppData\Local\Packages
2017-05-28 23:52 - 2016-08-01 15:54 - 00000000 ____D C:\Users\******\AppData\Roaming\TS3Client
2017-05-27 11:35 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-27 11:33 - 2016-08-01 04:01 - 00000000 ____D C:\Program Files\Microsoft Office
2017-05-27 11:18 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-24 12:41 - 2016-07-30 10:20 - 00000000 ____D C:\Users\******\AppData\Roaming\vlc
2017-05-23 12:08 - 2016-07-31 00:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 12:06 - 2016-07-31 00:14 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-21 21:09 - 2016-07-30 00:27 - 00000000 ____D C:\Users\******\AppData\Local\Comms
2017-05-19 15:14 - 2017-04-26 16:23 - 00000000 ____D C:\Insist
2017-05-18 09:40 - 2017-03-30 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-18 09:40 - 2016-07-30 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-17 12:54 - 2016-07-30 00:32 - 00000000 ____D C:\Users\******\AppData\Roaming\Mozilla
2017-05-17 11:26 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-17 11:23 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 __RSD C:\WINDOWS\Media
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\security
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-17 11:23 - 2016-07-30 00:31 - 00000000 ____D C:\Users\******\AppData\Local\MicrosoftEdge
2017-05-17 11:23 - 2014-04-09 23:47 - 00000000 ____D C:\temp
2017-05-16 11:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-16 11:30 - 2016-08-01 16:00 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-05-12 22:44 - 2016-07-30 02:21 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
2017-05-12 14:07 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-12 13:25 - 2016-07-30 00:28 - 00002428 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-12 13:24 - 2016-09-30 09:57 - 00000000 ____D C:\Users\******\AppData\Local\ConnectedDevicesPlatform
2017-05-12 13:23 - 2016-04-27 07:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-12 13:18 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-12 13:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-12 13:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-12 13:15 - 2017-03-20 06:43 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-12 13:15 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-12 13:15 - 2016-09-30 09:54 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-12 13:13 - 2016-08-01 16:00 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-05-12 13:13 - 2016-08-01 15:17 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-05-12 13:13 - 2016-08-01 03:10 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-05-12 13:13 - 2016-07-30 01:42 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-12 13:11 - 2016-07-30 00:21 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-12 13:10 - 2017-02-11 12:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-12 13:10 - 2016-07-30 02:08 - 00000000 ____D C:\Program Files\Intel
2017-05-12 13:10 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-12 13:09 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-08 12:53 - 2016-09-26 01:02 - 00000735 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-05 15:12 - 2017-02-05 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-04 10:44 - 2017-03-02 21:09 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-04 10:44 - 2017-03-02 21:09 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-04 10:44 - 2017-03-02 21:09 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-04 10:44 - 2017-03-02 21:09 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-04 10:44 - 2016-07-30 02:22 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-03 18:37 - 2017-04-28 16:48 - 00000000 _____ C:\WINDOWS\SysWOW64\11

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-05-18 16:44 - 2017-05-19 12:43 - 0003475 _____ () C:\Users\******\AppData\Roaming\go00001.bak
2017-05-12 14:50 - 2017-05-30 01:55 - 0004421 _____ () C:\Users\******\AppData\Roaming\VoiceMeeterDefault.xml
2016-08-01 04:09 - 2016-08-01 04:09 - 0000042 _____ () C:\Users\******\AppData\Roaming\WB.CFG
2017-04-05 20:20 - 2017-04-05 20:20 - 0007602 _____ () C:\Users\******\AppData\Local\Resmon.ResmonCfg
2016-07-30 10:49 - 2017-05-30 09:51 - 0008122 _____ () C:\ProgramData\hpzinstall.log
2017-05-16 11:32 - 2017-05-16 12:58 - 0003475 _____ () C:\ProgramData\_MC000001.bak

Einige Dateien in TEMP:
====================
2017-05-29 17:25 - 2013-04-24 20:16 - 0250080 _____ (Thomson Reuters) C:\Users\******\AppData\Local\Temp\Risweb32.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-05-22 14:04

==================== Ende von FRST.txt ============================

Addition.txt hat nicht mehr gepasst, ist deswegen im Anhang

MfG
uxel

M-K-D-B · 01.06.2017, 14:55

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
Außerdem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.
Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.
Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.
In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

uxel · 01.06.2017, 21:18

Hab ich gemacht.

Der Scan hat nichts gefunden.

Hier ist das TDSSKiller Log:

Code:

ATTFilter

22:03:51.0625 0x7ae8  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
22:03:51.0625 0x7ae8  UEFI system
22:03:56.0667 0x7ae8  ============================================================
22:03:56.0667 0x7ae8  Current date / time: 2017/06/01 22:03:56.0667
22:03:56.0667 0x7ae8  SystemInfo:
22:03:56.0667 0x7ae8  
22:03:56.0667 0x7ae8  OS Version: 10.0.15063 ServicePack: 0.0
22:03:56.0667 0x7ae8  Product type: Workstation
22:03:56.0667 0x7ae8  ComputerName: DESKTOP-NEE8C9I
22:03:56.0667 0x7ae8  UserName: axelk
22:03:56.0667 0x7ae8  Windows directory: C:\WINDOWS
22:03:56.0668 0x7ae8  System windows directory: C:\WINDOWS
22:03:56.0668 0x7ae8  Running under WOW64
22:03:56.0668 0x7ae8  Processor architecture: Intel x64
22:03:56.0668 0x7ae8  Number of processors: 8
22:03:56.0668 0x7ae8  Page size: 0x1000
22:03:56.0668 0x7ae8  Boot type: Normal boot
22:03:56.0668 0x7ae8  CodeIntegrityOptions = 0x00000001
22:03:56.0668 0x7ae8  ============================================================
22:03:56.0774 0x7ae8  KLMD registered as C:\WINDOWS\system32\drivers\19189366.sys
22:03:56.0774 0x7ae8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19
22:03:56.0911 0x7ae8  System UUID: {486AD69C-ECB4-9D27-F5DD-EEF6199E5781}
22:03:57.0412 0x7ae8  Drive \Device\Harddisk0\DR0 - Size: 0x1D5849E000 ( 117.38 Gb ), SectorSize: 0x200, Cylinders: 0x3BDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:03:57.0426 0x7ae8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:03:57.0437 0x7ae8  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:03:57.0472 0x7ae8  Drive \Device\Harddisk3\DR3 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:03:57.0954 0x7ae8  ============================================================
22:03:57.0954 0x7ae8  \Device\Harddisk0\DR0:
22:03:57.0955 0x7ae8  GPT partitions:
22:03:57.0956 0x7ae8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AF873563-F0A6-4FB6-9E59-993E504B6DFC}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
22:03:57.0956 0x7ae8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F784AABF-FC0A-4FE5-B76E-B9DB70A3ECE3}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
22:03:57.0956 0x7ae8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {71596DC4-BC1E-4FF8-B8B3-26AB4AC0149A}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xE96E4CF
22:03:57.0956 0x7ae8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BBB0E218-70A4-49BC-886C-A6A9BC02B9E8}, Name: , StartLBA 0xE9E1000, BlocksNum 0xE1000
22:03:57.0956 0x7ae8  MBR partitions:
22:03:57.0956 0x7ae8  \Device\Harddisk1\DR1:
22:03:57.0956 0x7ae8  MBR partitions:
22:03:57.0956 0x7ae8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:03:57.0956 0x7ae8  \Device\Harddisk2\DR2:
22:03:57.0960 0x7ae8  MBR partitions:
22:03:57.0960 0x7ae8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
22:03:57.0960 0x7ae8  \Device\Harddisk3\DR3:
22:03:57.0961 0x7ae8  MBR partitions:
22:03:57.0961 0x7ae8  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
22:03:57.0961 0x7ae8  ============================================================
22:03:57.0963 0x7ae8  C: <-> \Device\Harddisk0\DR0\Partition3
22:03:57.0989 0x7ae8  D: <-> \Device\Harddisk1\DR1\Partition1
22:03:58.0001 0x7ae8  G: <-> \Device\Harddisk2\DR2\Partition1
22:03:58.0021 0x7ae8  H: <-> \Device\Harddisk3\DR3\Partition1
22:03:58.0021 0x7ae8  ============================================================
22:03:58.0021 0x7ae8  Initialize success
22:03:58.0021 0x7ae8  ============================================================
22:04:10.0117 0x7afc  ============================================================
22:04:10.0117 0x7afc  Scan started
22:04:10.0117 0x7afc  Mode: Manual; 
22:04:10.0117 0x7afc  ============================================================
22:04:10.0117 0x7afc  KSN ping started
22:04:10.0497 0x7afc  KSN ping finished: true
22:04:11.0830 0x7afc  ================ Scan system memory ========================
22:04:11.0830 0x7afc  System memory - ok
22:04:11.0830 0x7afc  ================ Scan services =============================
22:04:11.0889 0x7afc  1394ohci - ok
22:04:11.0892 0x7afc  3ware - ok
22:04:11.0895 0x7afc  ACPI - ok
22:04:11.0897 0x7afc  AcpiDev - ok
22:04:11.0900 0x7afc  acpiex - ok
22:04:11.0904 0x7afc  acpipagr - ok
22:04:11.0908 0x7afc  AcpiPmi - ok
22:04:11.0912 0x7afc  acpitime - ok
22:04:11.0920 0x7afc  [ 8D6BA8E7676038A27FD4ECF12CC744B0, F5D59B764DCB4A06A51939533DC7B2391FD68E3979C48939C023A60DCE0D2101 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:04:11.0922 0x7afc  AdobeARMservice - ok
22:04:11.0960 0x7afc  [ E6A1D864EC90F4397DF5AB2633B34DD4, 05F1B7291EBDD9CA1D74649C0DAFCBE5F2CF93E92C5CA16A8AC10B6DF83101A0 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:04:11.0964 0x7afc  AdobeFlashPlayerUpdateSvc - ok
22:04:11.0971 0x7afc  ADP80XX - ok
22:04:11.0974 0x7afc  AFD - ok
22:04:12.0024 0x7afc  [ 078B785A7533B7059A236017B3B060A4, 43B3E716009136A5A5A86BF8546DE6C416CA3B7F8EEC242D9D44EF12111B7A6E ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
22:04:12.0055 0x7afc  AGSService - ok
22:04:12.0060 0x7afc  ahcache - ok
22:04:12.0064 0x7afc  AJRouter - ok
22:04:12.0067 0x7afc  ALG - ok
22:04:12.0070 0x7afc  AmdK8 - ok
22:04:12.0072 0x7afc  AmdPPM - ok
22:04:12.0075 0x7afc  amdsata - ok
22:04:12.0078 0x7afc  amdsbs - ok
22:04:12.0081 0x7afc  amdxata - ok
22:04:12.0086 0x7afc  AppID - ok
22:04:12.0090 0x7afc  AppIDSvc - ok
22:04:12.0093 0x7afc  Appinfo - ok
22:04:12.0096 0x7afc  applockerfltr - ok
22:04:12.0099 0x7afc  AppMgmt - ok
22:04:12.0103 0x7afc  AppReadiness - ok
22:04:12.0108 0x7afc  AppVClient - ok
22:04:12.0111 0x7afc  AppvStrm - ok
22:04:12.0115 0x7afc  AppvVemgr - ok
22:04:12.0118 0x7afc  AppvVfs - ok
22:04:12.0123 0x7afc  AppXSvc - ok
22:04:12.0126 0x7afc  arcsas - ok
22:04:12.0362 0x7afc  [ A760C2AFBA1A71E0F7310A6E900CB0E4, 3827C8D4DFC3FC850E9BD049E1B127BD1076DDEFDA19BBA9445FF201F6AE99F8 ] aswbIDSAgent    D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
22:04:12.0467 0x7afc  aswbIDSAgent - ok
22:04:12.0486 0x7afc  [ 0C19C91ED99964925FF8B05C23743AB1, BF513CCC0E5D2D2CE7D06F17ABC34CD3A55B59588267A5868ADFB723454AF6EB ] aswbidsdriver   C:\WINDOWS\system32\drivers\aswbidsdrivera.sys
22:04:12.0491 0x7afc  aswbidsdriver - ok
22:04:12.0499 0x7afc  [ 670839F4BA6D82F3035AADFE8274F02E, E4E8B1F3B9138CB2600158CC8507CBA31637E48BBA4D67398E05970B2CECA671 ] aswbidsh        C:\WINDOWS\system32\drivers\aswbidsha.sys
22:04:12.0503 0x7afc  aswbidsh - ok
22:04:12.0521 0x7afc  [ 5C561968CF601D76A98692DCC8CF74ED, 26D0F34CE4485A813200032CE6889575A13196E79A4B124DD19E4584B0C102DC ] aswblog         C:\WINDOWS\system32\drivers\aswbloga.sys
22:04:12.0526 0x7afc  aswblog - ok
22:04:12.0531 0x7afc  [ 335E5F19E7397A283B7ED20FE7B369EB, 6A31ABA0BA671EA796E8920EBD64DB28D3D7EB65C4FF68C3EB1DEF4FFC002163 ] aswbuniv        C:\WINDOWS\system32\drivers\aswbuniva.sys
22:04:12.0532 0x7afc  aswbuniv - ok
22:04:12.0538 0x7afc  [ BA02CA77D989710F79FD662019C4DF94, 2E989847BEE92EB8DE7492DE7AB9B4658CEFC38E678346B7548E6ECB528300D6 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
22:04:12.0540 0x7afc  aswHwid - ok
22:04:12.0546 0x7afc  [ 5E6FD2CB74138C6AF591779D2619BD6C, 7410384AE4280156451EB1EAC5CBA9E44834C49BD5A31049339895D5994AEF4E ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
22:04:12.0547 0x7afc  aswKbd - ok
22:04:12.0553 0x7afc  [ 2B1490F2F1CC76C9C9B61CE63D6E7973, BFD456C598E74974B81453805ADD0792BD9636BF8213306F40029560B20DE036 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
22:04:12.0555 0x7afc  aswMonFlt - ok
22:04:12.0562 0x7afc  [ F26D1F761E14789743275FA5D258EAB8, D532AD4DFFC73BE8A889B75BB50D33FFF674B5AB31F05AA75D9E0667363057F1 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
22:04:12.0564 0x7afc  aswRdr - ok
22:04:12.0573 0x7afc  [ C1007774450CFAB19D784D50C3410FC7, 2752FD77412D54D78A81DED9F05F094E589BCA5E360ECD420E28ECC844D35921 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
22:04:12.0574 0x7afc  aswRvrt - ok
22:04:12.0597 0x7afc  [ EB1991686949400C51B8C21CE013621E, 248545BDD5E8D1BD2D752AF7D3B77E8F1EA6453FD3B007851A04E9B634966448 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
22:04:12.0612 0x7afc  aswSnx - ok
22:04:12.0654 0x7afc  [ 7A17BD26C74F5329CB1DF029AE4DD357, 31F98B74F6BC2D75BDC83E3E2E60C9541D57912B6DF2C8A9241F3CFB17E0ACBB ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
22:04:12.0663 0x7afc  aswSP - ok
22:04:12.0670 0x7afc  [ 2933CBC7643168E4288D443B4125941C, 19DF1EB9F3EBF2496633D8D789E56EC8A59CF664ECC12A6BF69045BC2BC6CF48 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
22:04:12.0672 0x7afc  aswStm - ok
22:04:12.0683 0x7afc  [ E76C21203E29F2DCC489EF585E0B1A38, F64B8F5F2EFA10ADD64DE0574ADDE05DF1DFDEACF0E72879C9DD6DEB037E01A3 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
22:04:12.0689 0x7afc  aswVmm - ok
22:04:12.0692 0x7afc  AsyncMac - ok
22:04:12.0695 0x7afc  atapi - ok
22:04:12.0698 0x7afc  AudioEndpointBuilder - ok
22:04:12.0701 0x7afc  Audiosrv - ok
22:04:12.0731 0x7afc  [ D961A7C05A76302E782B1B0CF6546BA7, DAE7481B4FFC0746944213D10EF59C21BBA9937138D660E72E63F43BCDC1F799 ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:04:12.0735 0x7afc  avast! Antivirus - ok
22:04:12.0739 0x7afc  AxInstSV - ok
22:04:12.0742 0x7afc  b06bdrv - ok
22:04:12.0745 0x7afc  BasicDisplay - ok
22:04:12.0749 0x7afc  BasicRender - ok
22:04:12.0753 0x7afc  bcmfn2 - ok
22:04:12.0757 0x7afc  BDESVC - ok
22:04:12.0759 0x7afc  Beep - ok
22:04:12.0762 0x7afc  BFE - ok
22:04:12.0767 0x7afc  BITS - ok
22:04:12.0769 0x7afc  bowser - ok
22:04:12.0772 0x7afc  BrokerInfrastructure - ok
22:04:12.0775 0x7afc  Browser - ok
22:04:12.0792 0x7afc  [ 7E4E0B9A11389F6D1A8657AD31CFB165, D5ADD4D87C5A4E008AE015934A2B122823E43CAA0C2C993D98B497150F18B30D ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
22:04:12.0798 0x7afc  BstHdAndroidSvc - ok
22:04:12.0805 0x7afc  [ 4FC8D35A60FD9D989AF412EA2AEDF8C0, 67AFAC5ED61B9CCFCA2F26DAD2A2A6BBC8416186493E75A3FE001A61BB76E8A7 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
22:04:12.0808 0x7afc  BstHdDrv - ok
22:04:12.0819 0x7afc  [ 843630045FBB149868082DB8BA6EFE14, 300C9B21889CEF6124342A0CC5C2ECADD699E0F30AEE7647C910E9F860B2FB26 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
22:04:12.0825 0x7afc  BstHdLogRotatorSvc - ok
22:04:12.0836 0x7afc  [ F976A48D46630A5A6455FB41EA83A97F, 78A05373DCE31487D46BA5D994EEF8874D5D87580A550CA0047C424D7CC87158 ] BstHdPlusAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
22:04:12.0843 0x7afc  BstHdPlusAndroidSvc - ok
22:04:12.0852 0x7afc  [ 7DB8EE09821A6D81A19A6591C9B8AA3A, 0A9A826560884F95D64BDC8A2076AE33FB718A3A59C0BBEC48E48A5FB907ACA4 ] BstkDrv         C:\Program Files (x86)\BlueStacks\BstkDrv.sys
22:04:12.0856 0x7afc  BstkDrv - ok
22:04:12.0860 0x7afc  BthAvrcpTg - ok
22:04:12.0864 0x7afc  BthHFEnum - ok
22:04:12.0868 0x7afc  bthhfhid - ok
22:04:12.0871 0x7afc  BthHFSrv - ok
22:04:12.0874 0x7afc  BTHMODEM - ok
22:04:12.0878 0x7afc  bthserv - ok
22:04:12.0881 0x7afc  buttonconverter - ok
22:04:12.0885 0x7afc  CAD - ok
22:04:12.0888 0x7afc  CapImg - ok
22:04:12.0891 0x7afc  cdfs - ok
22:04:12.0895 0x7afc  CDPSvc - ok
22:04:12.0898 0x7afc  CDPUserSvc - ok
22:04:12.0905 0x7afc  cdrom - ok
22:04:12.0908 0x7afc  CertPropSvc - ok
22:04:12.0912 0x7afc  cht4iscsi - ok
22:04:12.0915 0x7afc  cht4vbd - ok
22:04:12.0917 0x7afc  circlass - ok
22:04:12.0920 0x7afc  CldFlt - ok
22:04:12.0923 0x7afc  CLFS - ok
22:04:13.0019 0x7afc  [ F6ED2A874E4FC4FC95F544088F0523F4, F5F239A666288373ED93C6F13EC14FC4AC7257ABF117A7DD97F20070F8EC2205 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
22:04:13.0083 0x7afc  ClickToRunSvc - ok
22:04:13.0092 0x7afc  ClipSVC - ok
22:04:13.0095 0x7afc  clreg - ok
22:04:13.0101 0x7afc  CmBatt - ok
22:04:13.0105 0x7afc  CNG - ok
22:04:13.0108 0x7afc  cnghwassist - ok
22:04:13.0126 0x7afc  CompositeBus - ok
22:04:13.0130 0x7afc  COMSysApp - ok
22:04:13.0133 0x7afc  condrv - ok
22:04:13.0136 0x7afc  CoreMessagingRegistrar - ok
22:04:13.0141 0x7afc  CryptSvc - ok
22:04:13.0144 0x7afc  CSC - ok
22:04:13.0149 0x7afc  CscService - ok
22:04:13.0152 0x7afc  dam - ok
22:04:13.0156 0x7afc  DcomLaunch - ok
22:04:13.0159 0x7afc  defragsvc - ok
22:04:13.0162 0x7afc  DeviceAssociationService - ok
22:04:13.0166 0x7afc  DeviceInstall - ok
22:04:13.0169 0x7afc  DevicesFlowUserSvc - ok
22:04:13.0173 0x7afc  DevQueryBroker - ok
22:04:13.0175 0x7afc  Dfsc - ok
22:04:13.0178 0x7afc  Dhcp - ok
22:04:13.0181 0x7afc  diagnosticshub.standardcollector.service - ok
22:04:13.0185 0x7afc  DiagTrack - ok
22:04:13.0189 0x7afc  Disk - ok
22:04:13.0192 0x7afc  DmEnrollmentSvc - ok
22:04:13.0195 0x7afc  dmvsc - ok
22:04:13.0198 0x7afc  dmwappushservice - ok
22:04:13.0201 0x7afc  Dnscache - ok
22:04:13.0205 0x7afc  dot3svc - ok
22:04:13.0215 0x7afc  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:04:13.0218 0x7afc  dot4 - ok
22:04:13.0222 0x7afc  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
22:04:13.0223 0x7afc  Dot4Print - ok
22:04:13.0229 0x7afc  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:04:13.0230 0x7afc  dot4usb - ok
22:04:13.0233 0x7afc  DPS - ok
22:04:13.0236 0x7afc  drmkaud - ok
22:04:13.0239 0x7afc  DsmSvc - ok
22:04:13.0243 0x7afc  DsSvc - ok
22:04:13.0246 0x7afc  DusmSvc - ok
22:04:13.0254 0x7afc  DXGKrnl - ok
22:04:13.0257 0x7afc  EapHost - ok
22:04:13.0259 0x7afc  ebdrv - ok
22:04:13.0263 0x7afc  EFS - ok
22:04:13.0266 0x7afc  EhStorClass - ok
22:04:13.0269 0x7afc  EhStorTcgDrv - ok
22:04:13.0273 0x7afc  embeddedmode - ok
22:04:13.0275 0x7afc  EntAppSvc - ok
22:04:13.0278 0x7afc  ErrDev - ok
22:04:13.0284 0x7afc  [ 233DB99476B8D1CF61AC1177D0137036, E5EF1F30891050729B248013B4D7881FC556D259E2BE3F51980C3A247D3F5950 ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
22:04:13.0286 0x7afc  ESProtectionDriver - ok
22:04:13.0291 0x7afc  EventSystem - ok
22:04:13.0294 0x7afc  exfat - ok
22:04:13.0297 0x7afc  fastfat - ok
22:04:13.0300 0x7afc  Fax - ok
22:04:13.0358 0x7afc  [ 3FB162167962F3AB2934F7952D10081C, C70AD64EC3D76F7C3630DD95851D56A6DC35A741C55143F4B07D146A074F84B3 ] FA_Scheduler    D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
22:04:13.0360 0x7afc  FA_Scheduler - ok
22:04:13.0364 0x7afc  fdc - ok
22:04:13.0367 0x7afc  fdPHost - ok
22:04:13.0371 0x7afc  FDResPub - ok
22:04:13.0373 0x7afc  fhsvc - ok
22:04:13.0377 0x7afc  FileCrypt - ok
22:04:13.0380 0x7afc  FileInfo - ok
22:04:13.0382 0x7afc  Filetrace - ok
22:04:13.0386 0x7afc  flpydisk - ok
22:04:13.0389 0x7afc  FltMgr - ok
22:04:13.0392 0x7afc  FontCache - ok
22:04:13.0395 0x7afc  [ 439F6B3617F4EB31978FF5F625D5CCB1, 0D75048C93222550409E58338909EBECC1589170430CD101D829003A798F7BDA ] fortiapd        C:\WINDOWS\system32\drivers\fortiapd.sys
22:04:13.0396 0x7afc  fortiapd - ok
22:04:13.0401 0x7afc  [ 56077470FFF7BC072384D14AA95254DA, 038969FB67EF2C78D2818AFCCD27137370DD04BF8F6AD427F949782EA4049FCD ] FortiFilter     C:\WINDOWS\system32\DRIVERS\FortiFilter.sys
22:04:13.0403 0x7afc  FortiFilter - ok
22:04:13.0408 0x7afc  [ 2C5377EEF5AAAA0A1BB52B8E257C567D, D01052597DD14C1BDAB00084A8AFDE496152E0F6B4CF08DB93AD39A7F67F4D72 ] FortiFW         C:\WINDOWS\system32\drivers\FortiFW2.sys
22:04:13.0409 0x7afc  FortiFW - ok
22:04:13.0416 0x7afc  [ E277011610D0ED77C353E66B80FB6CED, 3844155BE7EEC3FB9E8F66959DEFAE1D00AEE8B41939397DECADA7D4B8EEDEE1 ] Fortips         C:\WINDOWS\system32\drivers\fortips.sys
22:04:13.0419 0x7afc  Fortips - ok
22:04:13.0425 0x7afc  [ 2191EF19F37918A9F42A193D2FCE4DCD, 2E23DD1D34BF3C493F565BBED0022E450C8B721CB8FFC815CC0BD7417C7E7C21 ] fortisniff      C:\WINDOWS\system32\drivers\fortisniff2.sys
22:04:13.0427 0x7afc  fortisniff - ok
22:04:13.0430 0x7afc  FrameServer - ok
22:04:13.0434 0x7afc  FsDepends - ok
22:04:13.0437 0x7afc  Fs_Rec - ok
22:04:13.0442 0x7afc  [ 9000B3C397FFC56FD8CAB3CC1D517879, 3735CBA84F6C3568A82745FD89B66ECE95BC805BF8FAB573FAC6090ADDE76406 ] ft_vnic         C:\WINDOWS\System32\drivers\ftvnic.sys
22:04:13.0444 0x7afc  ft_vnic - ok
22:04:13.0447 0x7afc  fvevol - ok
22:04:13.0451 0x7afc  gencounter - ok
22:04:13.0454 0x7afc  genericusbfn - ok
22:04:13.0464 0x7afc  [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt           C:\WINDOWS\System32\drivers\ggflt.sys
22:04:13.0465 0x7afc  ggflt - ok
22:04:13.0470 0x7afc  [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc          C:\WINDOWS\System32\drivers\ggsomc.sys
22:04:13.0471 0x7afc  ggsomc - ok
22:04:13.0475 0x7afc  GPIOClx0101 - ok
22:04:13.0478 0x7afc  gpsvc - ok
22:04:13.0481 0x7afc  GpuEnergyDrv - ok
22:04:13.0486 0x7afc  HDAudBus - ok
22:04:13.0489 0x7afc  HidBatt - ok
22:04:13.0492 0x7afc  HidBth - ok
22:04:13.0495 0x7afc  hidi2c - ok
22:04:13.0497 0x7afc  hidinterrupt - ok
22:04:13.0501 0x7afc  HidIr - ok
22:04:13.0504 0x7afc  hidserv - ok
22:04:13.0507 0x7afc  HidUsb - ok
22:04:13.0510 0x7afc  HomeGroupListener - ok
22:04:13.0513 0x7afc  HomeGroupProvider - ok
22:04:13.0587 0x7afc  [ 930370725FA0FE272346583A7A7D6BDB, 98195638D548A6E5E574E062FDCF4E5833DDE834399787EC51C340699B6E5E64 ] hpqcxs08        D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:04:13.0591 0x7afc  hpqcxs08 - ok
22:04:13.0610 0x7afc  [ EE281DD6843F3F697C1AD7933EEB1E9B, 1ECE31C2150B92DDC1DCBBCECFE3E979F2C60B3F106280E3167BEC0269BF7A41 ] hpqddsvc        D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:04:13.0612 0x7afc  hpqddsvc - ok
22:04:13.0617 0x7afc  HpSAMD - ok
22:04:13.0620 0x7afc  HTTP - ok
22:04:13.0628 0x7afc  HvHost - ok
22:04:13.0631 0x7afc  hvservice - ok
22:04:13.0634 0x7afc  hwpolicy - ok
22:04:13.0637 0x7afc  hyperkbd - ok
22:04:13.0640 0x7afc  i8042prt - ok
22:04:13.0644 0x7afc  iagpio - ok
22:04:13.0652 0x7afc  iai2c - ok
22:04:13.0656 0x7afc  iaLPSS2i_GPIO2 - ok
22:04:13.0661 0x7afc  iaLPSS2i_GPIO2_BXT_P - ok
22:04:13.0665 0x7afc  iaLPSS2i_I2C - ok
22:04:13.0669 0x7afc  iaLPSS2i_I2C_BXT_P - ok
22:04:13.0672 0x7afc  iaLPSSi_GPIO - ok
22:04:13.0675 0x7afc  iaLPSSi_I2C - ok
22:04:13.0678 0x7afc  iaStorAV - ok
22:04:13.0682 0x7afc  iaStorV - ok
22:04:13.0686 0x7afc  ibbus - ok
22:04:13.0690 0x7afc  icssvc - ok
22:04:13.0694 0x7afc  IKEEXT - ok
22:04:13.0699 0x7afc  IndirectKmd - ok
22:04:13.0704 0x7afc  intelide - ok
22:04:13.0708 0x7afc  intelpep - ok
22:04:13.0711 0x7afc  intelppm - ok
22:04:13.0742 0x7afc  [ CD6FE4D2E29D70D9E2AA587DE5978A15, 03BA3338E0178FCB6FC7792FE4BB2B836CEA8B791D53DD4E273AB48621397DC5 ] IObitUnSvr      D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
22:04:13.0748 0x7afc  IObitUnSvr - ok
22:04:13.0751 0x7afc  iorate - ok
22:04:13.0754 0x7afc  IpFilterDriver - ok
22:04:13.0759 0x7afc  iphlpsvc - ok
22:04:13.0762 0x7afc  IPMIDRV - ok
22:04:13.0766 0x7afc  IPNAT - ok
22:04:13.0772 0x7afc  IpxlatCfgSvc - ok
22:04:13.0775 0x7afc  irda - ok
22:04:13.0778 0x7afc  IRENUM - ok
22:04:13.0781 0x7afc  irmon - ok
22:04:13.0785 0x7afc  isapnp - ok
22:04:13.0796 0x7afc  iScsiPrt - ok
22:04:13.0799 0x7afc  kbdclass - ok
22:04:13.0803 0x7afc  kbdhid - ok
22:04:13.0807 0x7afc  kdnic - ok
22:04:13.0809 0x7afc  KeyIso - ok
22:04:13.0813 0x7afc  [ 0F9FD9565E6EB157FA9BE11ED9C1DC9F, 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE ] KMS-R@1n        C:\Windows\KMS-R@1n.exe
22:04:13.0814 0x7afc  KMS-R@1n - ok
22:04:13.0817 0x7afc  KSecDD - ok
22:04:13.0820 0x7afc  KSecPkg - ok
22:04:13.0824 0x7afc  ksthunk - ok
22:04:13.0832 0x7afc  KtmRm - ok
22:04:13.0839 0x7afc  [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C             C:\WINDOWS\System32\drivers\L1C63x64.sys
22:04:13.0841 0x7afc  L1C - ok
22:04:13.0846 0x7afc  LanmanServer - ok
22:04:13.0850 0x7afc  LanmanWorkstation - ok
22:04:13.0855 0x7afc  lfsvc - ok
22:04:13.0860 0x7afc  [ 16E18CED459B1824234890386EE66CD5, 8058F2AFE6EF96A7D2DED432997FD8655970C9EA75A938EE4557D6A2CB4CC989 ] libusb0         C:\WINDOWS\system32\DRIVERS\libusb0.sys
22:04:13.0862 0x7afc  libusb0 - ok
22:04:13.0869 0x7afc  LicenseManager - ok
22:04:13.0872 0x7afc  lltdio - ok
22:04:13.0876 0x7afc  lltdsvc - ok
22:04:13.0879 0x7afc  lmhosts - ok
22:04:13.0884 0x7afc  LSI_SAS - ok
22:04:13.0888 0x7afc  LSI_SAS2i - ok
22:04:13.0891 0x7afc  LSI_SAS3i - ok
22:04:13.0900 0x7afc  LSI_SSS - ok
22:04:13.0903 0x7afc  LSM - ok
22:04:13.0906 0x7afc  luafv - ok
22:04:13.0910 0x7afc  MapsBroker - ok
22:04:13.0914 0x7afc  mausbhost - ok
22:04:13.0917 0x7afc  mausbip - ok
22:04:13.0927 0x7afc  [ 4EA73F071D96F376DB3AB9EF81273B28, 683C362F9B7A0BEC7BA4C1231405FB312EAA9A21260976C084ABA8CA035E6136 ] MBAMChameleon   C:\WINDOWS\system32\drivers\MBAMChameleon.sys
22:04:13.0931 0x7afc  MBAMChameleon - ok
22:04:13.0942 0x7afc  [ C51267EE2726707D38C489C06DDF01ED, BFA9BFB8D2E1581CBF4833DC3D86A88C94B64B3B17D440894AEB111E749E4497 ] MBAMFarflt      C:\WINDOWS\system32\drivers\farflt.sys
22:04:13.0944 0x7afc  MBAMFarflt - ok
22:04:13.0954 0x7afc  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
22:04:13.0956 0x7afc  MBAMProtection - ok
22:04:14.0105 0x7afc  [ D76E56108E6482905D3FAEA0649919E4, E10285889570A01E544B027F4A17BA7242E5E3EF93D20A19B05091DB237C6DD1 ] MBAMService     D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
22:04:14.0167 0x7afc  MBAMService - ok
22:04:14.0180 0x7afc  [ 53283EB9998AC9350E14C35A880989DB, 11DD963C67DB7584742810C54BEC4871584413A1BAA8209F79AC923006DE45BB ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
22:04:14.0185 0x7afc  MBAMSwissArmy - ok
22:04:14.0193 0x7afc  [ BBFBEFBE4598AD6D8E3E821A0FEBDE79, D98CEB294E52167A47CEE7442FF31A44EDC1179069944613203BDC5D8B1B2A73 ] MBAMWebProtection C:\WINDOWS\system32\drivers\mwac.sys
22:04:14.0195 0x7afc  MBAMWebProtection - ok
22:04:14.0198 0x7afc  megasas - ok
22:04:14.0202 0x7afc  megasas2i - ok
22:04:14.0205 0x7afc  megasr - ok
22:04:14.0215 0x7afc  [ 6D1671CB2E5402F01D2F13ECF764CAA1, 4778630F602FE8F9B9112DC5BB7A179632000D10D80C28E93711404108FCC6E0 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
22:04:14.0219 0x7afc  MEIx64 - ok
22:04:14.0223 0x7afc  MessagingService - ok
22:04:14.0228 0x7afc  mlx4_bus - ok
22:04:14.0231 0x7afc  MMCSS - ok
22:04:14.0235 0x7afc  Modem - ok
22:04:14.0239 0x7afc  monitor - ok
22:04:14.0243 0x7afc  mouclass - ok
22:04:14.0246 0x7afc  mouhid - ok
22:04:14.0248 0x7afc  mountmgr - ok
22:04:14.0259 0x7afc  [ F7D0E1DDA812C25EE003070835706963, C293053B2B3B85F694B92DFE80E166726BE002FC7B3C5EBF3573980B64D1B097 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:04:14.0262 0x7afc  MozillaMaintenance - ok
22:04:14.0266 0x7afc  mpsdrv - ok
22:04:14.0270 0x7afc  MpsSvc - ok
22:04:14.0277 0x7afc  MRxDAV - ok
22:04:14.0280 0x7afc  mrxsmb - ok
22:04:14.0283 0x7afc  mrxsmb10 - ok
22:04:14.0287 0x7afc  mrxsmb20 - ok
22:04:14.0290 0x7afc  MsBridge - ok
22:04:14.0293 0x7afc  MSDTC - ok
22:04:14.0297 0x7afc  Msfs - ok
22:04:14.0301 0x7afc  msgpiowin32 - ok
22:04:14.0304 0x7afc  mshidkmdf - ok
22:04:14.0307 0x7afc  mshidumdf - ok
22:04:14.0310 0x7afc  msisadrv - ok
22:04:14.0314 0x7afc  MSiSCSI - ok
22:04:14.0318 0x7afc  msiserver - ok
22:04:14.0321 0x7afc  MSKSSRV - ok
22:04:14.0326 0x7afc  MsLldp - ok
22:04:14.0330 0x7afc  MSPCLOCK - ok
22:04:14.0333 0x7afc  MSPQM - ok
22:04:14.0337 0x7afc  MsRPC - ok
22:04:14.0341 0x7afc  MsSecFlt - ok
22:04:14.0344 0x7afc  mssmbios - ok
22:04:14.0347 0x7afc  MSTEE - ok
22:04:14.0351 0x7afc  MTConfig - ok
22:04:14.0354 0x7afc  Mup - ok
22:04:14.0357 0x7afc  mvumis - ok
22:04:14.0361 0x7afc  NativeWifiP - ok
22:04:14.0365 0x7afc  NaturalAuthentication - ok
22:04:14.0369 0x7afc  NcaSvc - ok
22:04:14.0372 0x7afc  NcbService - ok
22:04:14.0375 0x7afc  NcdAutoSetup - ok
22:04:14.0378 0x7afc  ndfltr - ok
22:04:14.0381 0x7afc  NDIS - ok
22:04:14.0385 0x7afc  NdisCap - ok
22:04:14.0388 0x7afc  NdisImPlatform - ok
22:04:14.0391 0x7afc  NdisTapi - ok
22:04:14.0394 0x7afc  Ndisuio - ok
22:04:14.0397 0x7afc  NdisVirtualBus - ok
22:04:14.0401 0x7afc  NdisWan - ok
22:04:14.0406 0x7afc  ndiswanlegacy - ok
22:04:14.0409 0x7afc  ndproxy - ok
22:04:14.0412 0x7afc  Ndu - ok
22:04:14.0417 0x7afc  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
22:04:14.0424 0x7afc  Net Driver HPZ12 - ok
22:04:14.0427 0x7afc  NetAdapterCx - ok
22:04:14.0430 0x7afc  NetBIOS - ok
22:04:14.0434 0x7afc  NetBT - ok
22:04:14.0437 0x7afc  Netlogon - ok
22:04:14.0442 0x7afc  Netman - ok
22:04:14.0445 0x7afc  netprofm - ok
22:04:14.0448 0x7afc  NetSetupSvc - ok
22:04:14.0459 0x7afc  NetTcpPortSharing - ok
22:04:14.0462 0x7afc  netvsc - ok
22:04:14.0469 0x7afc  NgcCtnrSvc - ok
22:04:14.0472 0x7afc  NgcSvc - ok
22:04:14.0475 0x7afc  NlaSvc - ok
22:04:14.0478 0x7afc  Npfs - ok
22:04:14.0482 0x7afc  npsvctrig - ok
22:04:14.0486 0x7afc  nsi - ok
22:04:14.0489 0x7afc  nsiproxy - ok
22:04:14.0493 0x7afc  NTFS - ok
22:04:14.0496 0x7afc  Null - ok
22:04:14.0500 0x7afc  nvdimmn - ok
22:04:14.0510 0x7afc  [ 6E256C42FD27FADEA9BDD2E98CB53FE4, 8E2BDADFCC4B0C7208E937462DDF9CD9810E1B66375BD22F26C5D94376BDEC44 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
22:04:14.0514 0x7afc  NVHDA - ok
22:04:14.0793 0x7afc  [ BD000446F0B4FA1E87E7D10356C49564, 95F495549F35FFD64D3132D46923D1502C10AC77E7031EE1DE629E218EC584E0 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys
22:04:14.0992 0x7afc  nvlddmkm - ok
22:04:15.0010 0x7afc  nvraid - ok
22:04:15.0013 0x7afc  nvstor - ok
22:04:15.0017 0x7afc  OneSyncSvc - ok
22:04:15.0111 0x7afc  [ 4FF47A8FEE5906C7243405F51E452614, 9DB7DD43BB8DA0487CE79241E226697F3F9726EA4A291722FD4B532C081092E6 ] Origin Client Service D:\Program Files (x86)\Origin\OriginClientService.exe
22:04:15.0142 0x7afc  Origin Client Service - ok
22:04:15.0221 0x7afc  [ CA0B62365F8189BC478DEDC3B6BC1E18, 3FBF94CD20F286D66A7CFE760191704123D26D8D5FAEE3C9F8F93E8AEDF13B41 ] Origin Web Helper Service D:\Program Files (x86)\Origin\OriginWebHelperService.exe
22:04:15.0252 0x7afc  Origin Web Helper Service - ok
22:04:15.0271 0x7afc  [ 2E66B6C7A68D5A72870AE7C4AFC837BD, D2A198BB97C5A0000F933E693E60539396AF58173B6CD8B184700F2C860915DE ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:04:15.0275 0x7afc  ose64 - ok
22:04:15.0302 0x7afc  [ 5DE4544D144DE1E0E0DDCA74C6635016, E22F0F050BF5619BF0CDB995849D44F1BC2D8A6A646F0288B44C239C933A4014 ] OverwolfUpdater C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
22:04:15.0321 0x7afc  OverwolfUpdater - ok
22:04:15.0326 0x7afc  p2pimsvc - ok
22:04:15.0330 0x7afc  p2psvc - ok
22:04:15.0333 0x7afc  Parport - ok
22:04:15.0337 0x7afc  partmgr - ok
22:04:15.0341 0x7afc  PcaSvc - ok
22:04:15.0345 0x7afc  pci - ok
22:04:15.0348 0x7afc  pciide - ok
22:04:15.0351 0x7afc  pcmcia - ok
22:04:15.0355 0x7afc  pcw - ok
22:04:15.0358 0x7afc  pdc - ok
22:04:15.0361 0x7afc  PEAUTH - ok
22:04:15.0365 0x7afc  PeerDistSvc - ok
22:04:15.0369 0x7afc  percsas2i - ok
22:04:15.0374 0x7afc  percsas3i - ok
22:04:15.0398 0x7afc  PerfHost - ok
22:04:15.0407 0x7afc  PhoneSvc - ok
22:04:15.0411 0x7afc  PimIndexMaintenanceSvc - ok
22:04:15.0417 0x7afc  pla - ok
22:04:15.0420 0x7afc  PlugPlay - ok
22:04:15.0424 0x7afc  pmem - ok
22:04:15.0430 0x7afc  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
22:04:15.0437 0x7afc  Pml Driver HPZ12 - ok
22:04:15.0441 0x7afc  PNRPAutoReg - ok
22:04:15.0445 0x7afc  PNRPsvc - ok
22:04:15.0451 0x7afc  PolicyAgent - ok
22:04:15.0457 0x7afc  Power - ok
22:04:15.0463 0x7afc  [ ED29F9D445957946D6A62E3F65B9D98E, 4786047C45B272479DCB957BD2DF6D82B366EC3A13E745AA7784DCE944147472 ] pppop           C:\WINDOWS\System32\drivers\pppop64.sys
22:04:15.0466 0x7afc  pppop - ok
22:04:15.0470 0x7afc  PptpMiniport - ok
22:04:15.0531 0x7afc  [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:04:15.0575 0x7afc  PrintNotify - ok
22:04:15.0582 0x7afc  Processor - ok
22:04:15.0586 0x7afc  ProfSvc - ok
22:04:15.0589 0x7afc  Psched - ok
22:04:15.0593 0x7afc  QWAVE - ok
22:04:15.0597 0x7afc  QWAVEdrv - ok
22:04:15.0600 0x7afc  RasAcd - ok
22:04:15.0605 0x7afc  RasAgileVpn - ok
22:04:15.0608 0x7afc  RasAuto - ok
22:04:15.0611 0x7afc  Rasl2tp - ok
22:04:15.0615 0x7afc  RasMan - ok
22:04:15.0619 0x7afc  RasPppoe - ok
22:04:15.0623 0x7afc  RasSstp - ok
22:04:15.0627 0x7afc  rdbss - ok
22:04:15.0634 0x7afc  rdpbus - ok
22:04:15.0638 0x7afc  RDPDR - ok
22:04:15.0645 0x7afc  RdpVideoMiniport - ok
22:04:15.0649 0x7afc  rdyboost - ok
22:04:15.0652 0x7afc  ReFS - ok
22:04:15.0655 0x7afc  ReFSv1 - ok
22:04:15.0662 0x7afc  RemoteAccess - ok
22:04:15.0665 0x7afc  RemoteRegistry - ok
22:04:15.0669 0x7afc  RetailDemo - ok
22:04:15.0673 0x7afc  RmSvc - ok
22:04:15.0676 0x7afc  RpcEptMapper - ok
22:04:15.0679 0x7afc  RpcLocator - ok
22:04:15.0683 0x7afc  RpcSs - ok
22:04:15.0687 0x7afc  rspndr - ok
22:04:15.0694 0x7afc  [ 38BC2EA9A3F77372AE1AE1A022AE1826, CCBCEC24535404FA8B7750F7A1F7DB5F422DC8EC77C6B877B1D2FBE283AE47E5 ] RTL2831UBDA     C:\WINDOWS\system32\drivers\RTL2831UBDA.sys
22:04:15.0697 0x7afc  RTL2831UBDA - ok
22:04:15.0702 0x7afc  [ 6D33D376247D88AD0CAAEC40AC2E44D0, 9773D77EABF549D0913EDC10EA6D6CE0BB8CA209721A3896672AF93F97A91665 ] RTL2831UUSB     C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys
22:04:15.0704 0x7afc  RTL2831UUSB - ok
22:04:15.0708 0x7afc  s3cap - ok
22:04:15.0712 0x7afc  SamSs - ok
22:04:15.0716 0x7afc  sbp2port - ok
22:04:15.0720 0x7afc  SCardSvr - ok
22:04:15.0723 0x7afc  ScDeviceEnum - ok
22:04:15.0728 0x7afc  scfilter - ok
22:04:15.0732 0x7afc  Schedule - ok
22:04:15.0735 0x7afc  scmbus - ok
22:04:15.0739 0x7afc  SCPolicySvc - ok
22:04:15.0742 0x7afc  sdbus - ok
22:04:15.0746 0x7afc  SDFRd - ok
22:04:15.0749 0x7afc  SDRSVC - ok
22:04:15.0753 0x7afc  sdstor - ok
22:04:15.0756 0x7afc  seclogon - ok
22:04:15.0760 0x7afc  SecurityHealthService - ok
22:04:15.0763 0x7afc  SEMgrSvc - ok
22:04:15.0767 0x7afc  SENS - ok
22:04:15.0771 0x7afc  Sense - ok
22:04:15.0775 0x7afc  SensorDataService - ok
22:04:15.0781 0x7afc  SensorService - ok
22:04:15.0785 0x7afc  SensrSvc - ok
22:04:15.0789 0x7afc  SerCx - ok
22:04:15.0792 0x7afc  SerCx2 - ok
22:04:15.0796 0x7afc  Serenum - ok
22:04:15.0799 0x7afc  Serial - ok
22:04:15.0802 0x7afc  sermouse - ok
22:04:15.0806 0x7afc  SessionEnv - ok
22:04:15.0810 0x7afc  sfloppy - ok
22:04:15.0815 0x7afc  SharedAccess - ok
22:04:15.0820 0x7afc  ShellHWDetection - ok
22:04:15.0825 0x7afc  shpamsvc - ok
22:04:15.0828 0x7afc  SiSRaid2 - ok
22:04:15.0832 0x7afc  SiSRaid4 - ok
22:04:15.0863 0x7afc  [ E6DA1192D36D2D29FF8387917C2D70A6, 6F6AB7A2E45D7E05F5ED0B08B1ED9FFA03BDBFAF5E80F8B9E2C4D6CF6F74B851 ] SkypeUpdate     D:\Program Files (x86)\Skype\Updater\Updater.exe
22:04:15.0868 0x7afc  SkypeUpdate - ok
22:04:15.0873 0x7afc  smphost - ok
22:04:15.0877 0x7afc  SmsRouter - ok
22:04:15.0882 0x7afc  SNMPTRAP - ok
22:04:15.0886 0x7afc  spaceport - ok
22:04:15.0890 0x7afc  SpatialGraphFilter - ok
22:04:15.0893 0x7afc  SpbCx - ok
22:04:15.0896 0x7afc  spectrum - ok
22:04:15.0900 0x7afc  Spooler - ok
22:04:15.0903 0x7afc  sppsvc - ok
22:04:15.0907 0x7afc  srv - ok
22:04:15.0912 0x7afc  srv2 - ok
22:04:15.0915 0x7afc  srvnet - ok
22:04:15.0919 0x7afc  SSDPSRV - ok
22:04:15.0923 0x7afc  SstpSvc - ok
22:04:15.0927 0x7afc  StateRepository - ok
22:04:15.0960 0x7afc  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:04:15.0980 0x7afc  Steam Client Service - ok
22:04:15.0986 0x7afc  stexstor - ok
22:04:15.0990 0x7afc  stisvc - ok
22:04:15.0993 0x7afc  storahci - ok
22:04:15.0997 0x7afc  storflt - ok
22:04:16.0001 0x7afc  stornvme - ok
22:04:16.0005 0x7afc  storqosflt - ok
22:04:16.0009 0x7afc  StorSvc - ok
22:04:16.0012 0x7afc  storufs - ok
22:04:16.0016 0x7afc  storvsc - ok
22:04:16.0020 0x7afc  svsvc - ok
22:04:16.0023 0x7afc  swenum - ok
22:04:16.0027 0x7afc  swprv - ok
22:04:16.0031 0x7afc  Synth3dVsc - ok
22:04:16.0035 0x7afc  SysMain - ok
22:04:16.0040 0x7afc  SystemEventsBroker - ok
22:04:16.0044 0x7afc  TabletInputService - ok
22:04:16.0048 0x7afc  TapiSrv - ok
22:04:16.0052 0x7afc  Tcpip - ok
22:04:16.0055 0x7afc  Tcpip6 - ok
22:04:16.0061 0x7afc  tcpipreg - ok
22:04:16.0068 0x7afc  tdx - ok
22:04:16.0275 0x7afc  [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer      D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
22:04:16.0384 0x7afc  TeamViewer - ok
22:04:16.0394 0x7afc  terminpt - ok
22:04:16.0398 0x7afc  TermService - ok
22:04:16.0403 0x7afc  Themes - ok
22:04:16.0407 0x7afc  TieringEngineService - ok
22:04:16.0412 0x7afc  tiledatamodelsvc - ok
22:04:16.0416 0x7afc  TimeBrokerSvc - ok
22:04:16.0421 0x7afc  TokenBroker - ok
22:04:16.0426 0x7afc  TPM - ok
22:04:16.0430 0x7afc  TrkWks - ok
22:04:16.0434 0x7afc  TrustedInstaller - ok
22:04:16.0441 0x7afc  TsUsbFlt - ok
22:04:16.0446 0x7afc  TsUsbGD - ok
22:04:16.0450 0x7afc  tsusbhub - ok
22:04:16.0454 0x7afc  tunnel - ok
22:04:16.0459 0x7afc  tzautoupdate - ok
22:04:16.0463 0x7afc  UASPStor - ok
22:04:16.0469 0x7afc  UcmCx0101 - ok
22:04:16.0474 0x7afc  UcmTcpciCx0101 - ok
22:04:16.0478 0x7afc  UcmUcsi - ok
22:04:16.0484 0x7afc  Ucx01000 - ok
22:04:16.0489 0x7afc  UdeCx - ok
22:04:16.0494 0x7afc  udfs - ok
22:04:16.0497 0x7afc  UEFI - ok
22:04:16.0502 0x7afc  UevAgentDriver - ok
22:04:16.0508 0x7afc  UevAgentService - ok
22:04:16.0512 0x7afc  Ufx01000 - ok
22:04:16.0516 0x7afc  UfxChipidea - ok
22:04:16.0521 0x7afc  ufxsynopsys - ok
22:04:16.0532 0x7afc  UI0Detect - ok
22:04:16.0537 0x7afc  umbus - ok
22:04:16.0541 0x7afc  UmPass - ok
22:04:16.0545 0x7afc  UmRdpService - ok
22:04:16.0548 0x7afc  UnistoreSvc - ok
22:04:16.0555 0x7afc  upnphost - ok
22:04:16.0558 0x7afc  UrsChipidea - ok
22:04:16.0562 0x7afc  UrsCx01000 - ok
22:04:16.0566 0x7afc  UrsSynopsys - ok
22:04:16.0570 0x7afc  usbaudio - ok
22:04:16.0574 0x7afc  usbccgp - ok
22:04:16.0578 0x7afc  usbcir - ok
22:04:16.0582 0x7afc  usbehci - ok
22:04:16.0586 0x7afc  usbhub - ok
22:04:16.0590 0x7afc  USBHUB3 - ok
22:04:16.0595 0x7afc  usbohci - ok
22:04:16.0599 0x7afc  usbprint - ok
22:04:16.0605 0x7afc  [ 96B48485A7CC2C0A63C196A16403C5F3, 4E364DE1FE19D14D5BA4F4360563BB49F4DEC90430771C12376C0B1BB70CFD37 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:04:16.0607 0x7afc  usbscan - ok
22:04:16.0611 0x7afc  usbser - ok
22:04:16.0614 0x7afc  USBSTOR - ok
22:04:16.0619 0x7afc  usbuhci - ok
22:04:16.0622 0x7afc  USBXHCI - ok
22:04:16.0627 0x7afc  UserDataSvc - ok
22:04:16.0634 0x7afc  UserManager - ok
22:04:16.0638 0x7afc  UsoSvc - ok
22:04:16.0641 0x7afc  VaultSvc - ok
22:04:16.0646 0x7afc  [ 57BFF0ADE329BC2596F060A07D3AF2B9, CEC4CE14B8BB5DAB58F30399999703A4FFF601768890DB185D21C2C9EA3A5666 ] VBAudioVMVAIOMME C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys
22:04:16.0648 0x7afc  VBAudioVMVAIOMME - ok
22:04:16.0659 0x7afc  vdrvroot - ok
22:04:16.0663 0x7afc  vds - ok
22:04:16.0668 0x7afc  VerifierExt - ok
22:04:16.0671 0x7afc  vhdmp - ok
22:04:16.0675 0x7afc  vhf - ok
22:04:16.0693 0x7afc  [ 20D3701C516BB42F81A22EB727B9E419, 08A8D12626A322790C6679554D49AE388E33316121226DE9FCA9C22C8F509C56 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
22:04:16.0704 0x7afc  VIAHdAudAddService - ok
22:04:16.0710 0x7afc  [ 097A1A16F9F38715CEAA092DE626F517, 5D51D74C3264ADEA1A50F6620150B284E54C5294A548D1BC940B3B5FF5343998 ] VIAKaraokeService C:\WINDOWS\system32\viakaraokesrv.exe
22:04:16.0724 0x7afc  VIAKaraokeService - ok
22:04:16.0729 0x7afc  vmbus - ok
22:04:16.0732 0x7afc  VMBusHID - ok
22:04:16.0736 0x7afc  vmgid - ok
22:04:16.0740 0x7afc  vmicguestinterface - ok
22:04:16.0744 0x7afc  vmicheartbeat - ok
22:04:16.0748 0x7afc  vmickvpexchange - ok
22:04:16.0752 0x7afc  vmicrdv - ok
22:04:16.0755 0x7afc  vmicshutdown - ok
22:04:16.0759 0x7afc  vmictimesync - ok
22:04:16.0764 0x7afc  vmicvmsession - ok
22:04:16.0768 0x7afc  vmicvss - ok
22:04:16.0773 0x7afc  volmgr - ok
22:04:16.0777 0x7afc  volmgrx - ok
22:04:16.0782 0x7afc  volsnap - ok
22:04:16.0787 0x7afc  volume - ok
22:04:16.0792 0x7afc  vpci - ok
22:04:16.0796 0x7afc  vsmraid - ok
22:04:16.0799 0x7afc  VSS - ok
22:04:16.0803 0x7afc  VSTXRAID - ok
22:04:16.0807 0x7afc  vwifibus - ok
22:04:16.0811 0x7afc  vwififlt - ok
22:04:16.0815 0x7afc  W32Time - ok
22:04:16.0818 0x7afc  WacomPen - ok
22:04:16.0827 0x7afc  WalletService - ok
22:04:16.0831 0x7afc  wanarp - ok
22:04:16.0835 0x7afc  wanarpv6 - ok
22:04:16.0840 0x7afc  wbengine - ok
22:04:16.0847 0x7afc  WbioSrvc - ok
22:04:16.0852 0x7afc  wcifs - ok
22:04:16.0856 0x7afc  Wcmsvc - ok
22:04:16.0860 0x7afc  wcncsvc - ok
22:04:16.0864 0x7afc  wcnfs - ok
22:04:16.0869 0x7afc  WdBoot - ok
22:04:16.0873 0x7afc  Wdf01000 - ok
22:04:16.0876 0x7afc  WdFilter - ok
22:04:16.0882 0x7afc  WdiServiceHost - ok
22:04:16.0887 0x7afc  WdiSystemHost - ok
22:04:16.0891 0x7afc  wdiwifi - ok
22:04:16.0895 0x7afc  WdNisDrv - ok
22:04:16.0899 0x7afc  WdNisSvc - ok
22:04:16.0904 0x7afc  WebClient - ok
22:04:16.0908 0x7afc  Wecsvc - ok
22:04:16.0912 0x7afc  WEPHOSTSVC - ok
22:04:16.0917 0x7afc  wercplsupport - ok
22:04:16.0922 0x7afc  WerSvc - ok
22:04:16.0927 0x7afc  WFDSConMgrSvc - ok
22:04:16.0931 0x7afc  WFPLWFS - ok
22:04:16.0936 0x7afc  WiaRpc - ok
22:04:16.0940 0x7afc  WIMMount - ok
22:04:16.0942 0x7afc  WinDefend - ok
22:04:16.0950 0x7afc  WindowsTrustedRT - ok
22:04:16.0954 0x7afc  WindowsTrustedRTProxy - ok
22:04:16.0958 0x7afc  WinHttpAutoProxySvc - ok
22:04:16.0962 0x7afc  WinMad - ok
22:04:16.0970 0x7afc  Winmgmt - ok
22:04:16.0974 0x7afc  WinNat - ok
22:04:16.0978 0x7afc  WinRM - ok
22:04:16.0987 0x7afc  WINUSB - ok
22:04:16.0991 0x7afc  WinVerbs - ok
22:04:16.0995 0x7afc  wisvc - ok
22:04:16.0999 0x7afc  WlanSvc - ok
22:04:17.0003 0x7afc  wlidsvc - ok
22:04:17.0008 0x7afc  wlpasvc - ok
22:04:17.0012 0x7afc  WmiAcpi - ok
22:04:17.0019 0x7afc  wmiApSrv - ok
22:04:17.0023 0x7afc  WMPNetworkSvc - ok
22:04:17.0032 0x7afc  [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
22:04:17.0039 0x7afc  Wof - ok
22:04:17.0045 0x7afc  workfolderssvc - ok
22:04:17.0050 0x7afc  WPDBusEnum - ok
22:04:17.0054 0x7afc  WpdUpFltr - ok
22:04:17.0058 0x7afc  WpnService - ok
22:04:17.0062 0x7afc  WpnUserService - ok
22:04:17.0070 0x7afc  ws2ifsl - ok
22:04:17.0074 0x7afc  wscsvc - ok
22:04:17.0078 0x7afc  WSearch - ok
22:04:17.0087 0x7afc  wuauserv - ok
22:04:17.0091 0x7afc  WudfPf - ok
22:04:17.0094 0x7afc  WUDFRd - ok
22:04:17.0098 0x7afc  wudfsvc - ok
22:04:17.0102 0x7afc  WUDFWpdFs - ok
22:04:17.0107 0x7afc  WwanSvc - ok
22:04:17.0111 0x7afc  xbgm - ok
22:04:17.0115 0x7afc  XblAuthManager - ok
22:04:17.0119 0x7afc  XblGameSave - ok
22:04:17.0123 0x7afc  xboxgip - ok
22:04:17.0129 0x7afc  XboxGipSvc - ok
22:04:17.0134 0x7afc  XboxNetApiSvc - ok
22:04:17.0138 0x7afc  xinputhid - ok
22:04:17.0182 0x7afc  [ 322600D57876851514AE6DFE705EBF7C, 9AF962D9700B4103935A3A533515F7BA8B3EF66274B8CDE22CDC259A67AB599C ] XperiaCompanionService C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
22:04:17.0214 0x7afc  XperiaCompanionService - ok
22:04:17.0216 0x7afc  ================ Scan global ===============================
22:04:17.0229 0x7afc  [ Global ] - ok
22:04:17.0229 0x7afc  ================ Scan MBR ==================================
22:04:17.0231 0x7afc  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:04:17.0240 0x7afc  \Device\Harddisk0\DR0 - ok
22:04:17.0251 0x7afc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:04:17.0260 0x7afc  \Device\Harddisk1\DR1 - ok
22:04:17.0276 0x7afc  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
22:04:17.0282 0x7afc  \Device\Harddisk2\DR2 - ok
22:04:17.0286 0x7afc  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk3\DR3
22:04:18.0717 0x7afc  \Device\Harddisk3\DR3 - ok
22:04:18.0718 0x7afc  ================ Scan VBR ==================================
22:04:18.0720 0x7afc  [ 161A07F9608647D652EE3BA63E691018 ] \Device\Harddisk0\DR0\Partition1
22:04:18.0720 0x7afc  \Device\Harddisk0\DR0\Partition1 - ok
22:04:18.0723 0x7afc  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
22:04:18.0724 0x7afc  \Device\Harddisk0\DR0\Partition2 - ok
22:04:18.0726 0x7afc  [ E12CB558778D141071425F22F399E7BA ] \Device\Harddisk0\DR0\Partition3
22:04:18.0727 0x7afc  \Device\Harddisk0\DR0\Partition3 - ok
22:04:18.0730 0x7afc  [ FCD394C36574A7D0C82D1582BF7F2ECD ] \Device\Harddisk0\DR0\Partition4
22:04:18.0731 0x7afc  \Device\Harddisk0\DR0\Partition4 - ok
22:04:18.0741 0x7afc  [ 7C7693CF0F248165AFCD537E21247F3A ] \Device\Harddisk1\DR1\Partition1
22:04:18.0742 0x7afc  \Device\Harddisk1\DR1\Partition1 - ok
22:04:18.0747 0x7afc  [ A89D815E09A00625A16E03F6BC4C42FB ] \Device\Harddisk2\DR2\Partition1
22:04:18.0749 0x7afc  \Device\Harddisk2\DR2\Partition1 - ok
22:04:18.0752 0x7afc  [ E9F11B7605797CF9B7C2D3D3E90E7E06 ] \Device\Harddisk3\DR3\Partition1
22:04:18.0754 0x7afc  \Device\Harddisk3\DR3\Partition1 - ok
22:04:18.0755 0x7afc  ================ Scan generic autorun ======================
22:04:18.0755 0x7afc  SecurityHealth - ok
22:04:18.0840 0x7afc  [ DB5598036532462FEAFE35A82FA6A225, CE12077EAC32A544C92C1FEB851C2B6C9B6D855944FE8A3CF618D57F5A7F119B ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
22:04:18.0918 0x7afc  HDAudDeck - ok
22:04:18.0939 0x7afc  [ 20C08CA080F650B730B1E3FDEA9AD532, 1D2B0914412378E0B5834A95BDD86F8927B6A8D37F4E044C904CE381F1C19A75 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
22:04:18.0954 0x7afc  AdobeAAMUpdater-1.0 - ok
22:04:18.0974 0x7afc  [ 8DD6F98101EBBA3FC92C8092333A6B32, 80FE7E4433731614B92F8C0256EA5440508C535EBDA45188D1225BFEDA6F0F67 ] D:\Program Files\AVAST Software\Avast\AvLaunch.exe
22:04:18.0978 0x7afc  AvastUI.exe - ok
22:04:19.0084 0x7afc  [ 5602FF42444B4991E69C62E493BDAEC4, 7AE46CA0CD1E1C091B31EE4A691C26823E0F1AB1CA6B1C29E6C662BF7E28A996 ] D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
22:04:19.0157 0x7afc  Malwarebytes TrayApp - ok
22:04:19.0305 0x7afc  [ 3BC50C3ECBC3838483293DEDDB9AA28A, EDA4DD1ACFFDA217695591CDAC85AF388939A277ACE65CB5CF20EE31D11ACA6F ] D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
22:04:19.0390 0x7afc  Acrobat Assistant 8.0 - ok
22:04:19.0407 0x7afc  [ 395CB6E8C67BFB1063AD86987909C184, 15F3BA6DF6D0C5C8FB9FF0AB661A5A652F26BAB7A0FB0DB47874069522400B16 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:04:19.0418 0x7afc  SunJavaUpdateSched - ok
22:04:19.0438 0x7afc  OneDriveSetup - ok
22:04:19.0439 0x7afc  OneDriveSetup - ok
22:04:19.0472 0x7afc  [ 00F30FDFDE3E276C1A731C2DF951D67E, 018E6933882FCC41EE96E198E6F7ECEFB53EC650B1044A58876B26EDE011158B ] C:\Users\axelk\AppData\Local\Microsoft\OneDrive\OneDrive.exe
22:04:19.0497 0x7afc  OneDrive - ok
22:04:19.0521 0x7afc  [ 54C4D03796D44AA8A0BABE7B1B66DC30, C22DDD28A0F838E9025F9212339B4377D2A9269D781D64727ADD365A62773E83 ] C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
22:04:19.0539 0x7afc  Overwolf - ok
22:04:19.0816 0x7afc  [ 4A4FF358B1ECCAEDBBDAEF293613CEC5, 0697FCBC726F2BC2573495CD878F9309235DB7289DD76FB9406233D01D546272 ] D:\Program Files\CCleaner\CCleaner64.exe
22:04:20.0038 0x7afc  CCleaner Monitoring - ok
22:04:20.0175 0x7afc  [ 0B4431D8286AB24483CEBA4503DCB6B1, 70D54CDDC8CBFAEB11CABF7A1DEA69CBE420EFCA96381E8753AD9326407875EE ] D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe
22:04:20.0217 0x7afc  World of Tanks - ok
22:04:20.0261 0x7afc  [ 5F025EBD25CC30866AD7CC3301EFA329, 35ED27A0AB49EA85465F84D0E396F113CE22CD229C25286166C9B1F3222DC6D1 ] C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
22:04:20.0300 0x7afc  XperiaCompanionAgent - ok
22:04:20.0315 0x7afc  [ A521CB088D5299C44DA6627DEC90C0B4, 98F52B2F2B4B6B2FE58624C69607897D586E761294AB738F26CBACD25FC39EE3 ] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
22:04:20.0319 0x7afc  BlueStacks Agent - ok
22:04:20.0361 0x7afc  Skype - ok
22:04:20.0363 0x7afc  Waiting for KSN requests completion. In queue: 57
22:04:21.0388 0x7afc  AV detected via SS2: Avast Antivirus, D:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 17.4.3482.0 ), 0x41000 ( enabled : updated )
22:04:21.0393 0x7afc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.0 ), 0x60100 ( disabled : updated )
22:04:21.0423 0x7afc  AV detected via SS2: Malwarebytes, D:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.143 ), 0x61000 ( enabled : updated )
22:04:21.0436 0x7afc  Win FW state via NFP2: enabled ( trusted )
22:04:21.0629 0x7afc  ============================================================
22:04:21.0629 0x7afc  Scan finished
22:04:21.0629 0x7afc  ============================================================
22:04:21.0638 0x725c  Detected object count: 0
22:04:21.0638 0x725c  Actual detected object count: 0
22:06:02.0030 0x5960  ============================================================
22:06:02.0030 0x5960  Scan started
22:06:02.0030 0x5960  Mode: Manual; SigCheck; TDLFS; 
22:06:02.0030 0x5960  ============================================================
22:06:02.0030 0x5960  KSN ping started
22:06:02.0361 0x5960  KSN ping finished: true
22:06:02.0841 0x5960  ================ Scan system memory ========================
22:06:02.0841 0x5960  System memory - ok
22:06:02.0841 0x5960  ================ Scan services =============================
22:06:02.0901 0x5960  1394ohci - ok
22:06:02.0904 0x5960  3ware - ok
22:06:02.0908 0x5960  ACPI - ok
22:06:02.0911 0x5960  AcpiDev - ok
22:06:02.0914 0x5960  acpiex - ok
22:06:02.0922 0x5960  acpipagr - ok
22:06:02.0927 0x5960  AcpiPmi - ok
22:06:02.0930 0x5960  acpitime - ok
22:06:02.0940 0x5960  [ 8D6BA8E7676038A27FD4ECF12CC744B0, F5D59B764DCB4A06A51939533DC7B2391FD68E3979C48939C023A60DCE0D2101 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:06:02.0987 0x5960  AdobeARMservice - ok
22:06:03.0014 0x5960  [ E6A1D864EC90F4397DF5AB2633B34DD4, 05F1B7291EBDD9CA1D74649C0DAFCBE5F2CF93E92C5CA16A8AC10B6DF83101A0 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:06:03.0030 0x5960  AdobeFlashPlayerUpdateSvc - ok
22:06:03.0037 0x5960  ADP80XX - ok
22:06:03.0041 0x5960  AFD - ok
22:06:03.0088 0x5960  [ 078B785A7533B7059A236017B3B060A4, 43B3E716009136A5A5A86BF8546DE6C416CA3B7F8EEC242D9D44EF12111B7A6E ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
22:06:03.0139 0x5960  AGSService - ok
22:06:03.0144 0x5960  ahcache - ok
22:06:03.0148 0x5960  AJRouter - ok
22:06:03.0152 0x5960  ALG - ok
22:06:03.0155 0x5960  AmdK8 - ok
22:06:03.0158 0x5960  AmdPPM - ok
22:06:03.0161 0x5960  amdsata - ok
22:06:03.0163 0x5960  amdsbs - ok
22:06:03.0167 0x5960  amdxata - ok
22:06:03.0169 0x5960  AppID - ok
22:06:03.0172 0x5960  AppIDSvc - ok
22:06:03.0175 0x5960  Appinfo - ok
22:06:03.0178 0x5960  applockerfltr - ok
22:06:03.0181 0x5960  AppMgmt - ok
22:06:03.0185 0x5960  AppReadiness - ok
22:06:03.0189 0x5960  AppVClient - ok
22:06:03.0192 0x5960  AppvStrm - ok
22:06:03.0195 0x5960  AppvVemgr - ok
22:06:03.0197 0x5960  AppvVfs - ok
22:06:03.0201 0x5960  AppXSvc - ok
22:06:03.0205 0x5960  arcsas - ok
22:06:03.0429 0x5960  [ A760C2AFBA1A71E0F7310A6E900CB0E4, 3827C8D4DFC3FC850E9BD049E1B127BD1076DDEFDA19BBA9445FF201F6AE99F8 ] aswbIDSAgent    D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
22:06:03.0597 0x5960  aswbIDSAgent - ok
22:06:03.0617 0x5960  [ 0C19C91ED99964925FF8B05C23743AB1, BF513CCC0E5D2D2CE7D06F17ABC34CD3A55B59588267A5868ADFB723454AF6EB ] aswbidsdriver   C:\WINDOWS\system32\drivers\aswbidsdrivera.sys
22:06:03.0633 0x5960  aswbidsdriver - ok
22:06:03.0642 0x5960  [ 670839F4BA6D82F3035AADFE8274F02E, E4E8B1F3B9138CB2600158CC8507CBA31637E48BBA4D67398E05970B2CECA671 ] aswbidsh        C:\WINDOWS\system32\drivers\aswbidsha.sys
22:06:03.0656 0x5960  aswbidsh - ok
22:06:03.0667 0x5960  [ 5C561968CF601D76A98692DCC8CF74ED, 26D0F34CE4485A813200032CE6889575A13196E79A4B124DD19E4584B0C102DC ] aswblog         C:\WINDOWS\system32\drivers\aswbloga.sys
22:06:03.0682 0x5960  aswblog - ok
22:06:03.0688 0x5960  [ 335E5F19E7397A283B7ED20FE7B369EB, 6A31ABA0BA671EA796E8920EBD64DB28D3D7EB65C4FF68C3EB1DEF4FFC002163 ] aswbuniv        C:\WINDOWS\system32\drivers\aswbuniva.sys
22:06:03.0699 0x5960  aswbuniv - ok
22:06:03.0704 0x5960  [ BA02CA77D989710F79FD662019C4DF94, 2E989847BEE92EB8DE7492DE7AB9B4658CEFC38E678346B7548E6ECB528300D6 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
22:06:03.0716 0x5960  aswHwid - ok
22:06:03.0721 0x5960  [ 5E6FD2CB74138C6AF591779D2619BD6C, 7410384AE4280156451EB1EAC5CBA9E44834C49BD5A31049339895D5994AEF4E ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
22:06:03.0731 0x5960  aswKbd - ok
22:06:03.0738 0x5960  [ 2B1490F2F1CC76C9C9B61CE63D6E7973, BFD456C598E74974B81453805ADD0792BD9636BF8213306F40029560B20DE036 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
22:06:03.0750 0x5960  aswMonFlt - ok
22:06:03.0756 0x5960  [ F26D1F761E14789743275FA5D258EAB8, D532AD4DFFC73BE8A889B75BB50D33FFF674B5AB31F05AA75D9E0667363057F1 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
22:06:03.0767 0x5960  aswRdr - ok
22:06:03.0772 0x5960  [ C1007774450CFAB19D784D50C3410FC7, 2752FD77412D54D78A81DED9F05F094E589BCA5E360ECD420E28ECC844D35921 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
22:06:03.0782 0x5960  aswRvrt - ok
22:06:03.0809 0x5960  [ EB1991686949400C51B8C21CE013621E, 248545BDD5E8D1BD2D752AF7D3B77E8F1EA6453FD3B007851A04E9B634966448 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
22:06:03.0841 0x5960  aswSnx - ok
22:06:03.0858 0x5960  [ 7A17BD26C74F5329CB1DF029AE4DD357, 31F98B74F6BC2D75BDC83E3E2E60C9541D57912B6DF2C8A9241F3CFB17E0ACBB ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
22:06:03.0879 0x5960  aswSP - ok
22:06:03.0887 0x5960  [ 2933CBC7643168E4288D443B4125941C, 19DF1EB9F3EBF2496633D8D789E56EC8A59CF664ECC12A6BF69045BC2BC6CF48 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
22:06:03.0899 0x5960  aswStm - ok
22:06:03.0911 0x5960  [ E76C21203E29F2DCC489EF585E0B1A38, F64B8F5F2EFA10ADD64DE0574ADDE05DF1DFDEACF0E72879C9DD6DEB037E01A3 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
22:06:03.0928 0x5960  aswVmm - ok
22:06:03.0932 0x5960  AsyncMac - ok
22:06:03.0937 0x5960  atapi - ok
22:06:03.0941 0x5960  AudioEndpointBuilder - ok
22:06:03.0943 0x5960  Audiosrv - ok
22:06:03.0970 0x5960  [ D961A7C05A76302E782B1B0CF6546BA7, DAE7481B4FFC0746944213D10EF59C21BBA9937138D660E72E63F43BCDC1F799 ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:06:03.0986 0x5960  avast! Antivirus - ok
22:06:03.0992 0x5960  AxInstSV - ok
22:06:03.0996 0x5960  b06bdrv - ok
22:06:04.0001 0x5960  BasicDisplay - ok
22:06:04.0005 0x5960  BasicRender - ok
22:06:04.0011 0x5960  bcmfn2 - ok
22:06:04.0016 0x5960  BDESVC - ok
22:06:04.0020 0x5960  Beep - ok
22:06:04.0023 0x5960  BFE - ok
22:06:04.0028 0x5960  BITS - ok
22:06:04.0031 0x5960  bowser - ok
22:06:04.0035 0x5960  BrokerInfrastructure - ok
22:06:04.0045 0x5960  Browser - ok
22:06:04.0058 0x5960  [ 7E4E0B9A11389F6D1A8657AD31CFB165, D5ADD4D87C5A4E008AE015934A2B122823E43CAA0C2C993D98B497150F18B30D ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
22:06:04.0076 0x5960  BstHdAndroidSvc - ok
22:06:04.0088 0x5960  [ 4FC8D35A60FD9D989AF412EA2AEDF8C0, 67AFAC5ED61B9CCFCA2F26DAD2A2A6BBC8416186493E75A3FE001A61BB76E8A7 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
22:06:04.0100 0x5960  BstHdDrv - ok
22:06:04.0115 0x5960  [ 843630045FBB149868082DB8BA6EFE14, 300C9B21889CEF6124342A0CC5C2ECADD699E0F30AEE7647C910E9F860B2FB26 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
22:06:04.0132 0x5960  BstHdLogRotatorSvc - ok
22:06:04.0147 0x5960  [ F976A48D46630A5A6455FB41EA83A97F, 78A05373DCE31487D46BA5D994EEF8874D5D87580A550CA0047C424D7CC87158 ] BstHdPlusAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
22:06:04.0164 0x5960  BstHdPlusAndroidSvc - ok
22:06:04.0180 0x5960  [ 7DB8EE09821A6D81A19A6591C9B8AA3A, 0A9A826560884F95D64BDC8A2076AE33FB718A3A59C0BBEC48E48A5FB907ACA4 ] BstkDrv         C:\Program Files (x86)\BlueStacks\BstkDrv.sys
22:06:04.0194 0x5960  BstkDrv - ok
22:06:04.0198 0x5960  BthAvrcpTg - ok
22:06:04.0209 0x5960  BthHFEnum - ok
22:06:04.0212 0x5960  bthhfhid - ok
22:06:04.0216 0x5960  BthHFSrv - ok
22:06:04.0220 0x5960  BTHMODEM - ok
22:06:04.0226 0x5960  bthserv - ok
22:06:04.0230 0x5960  buttonconverter - ok
22:06:04.0233 0x5960  CAD - ok
22:06:04.0236 0x5960  CapImg - ok
22:06:04.0239 0x5960  cdfs - ok
22:06:04.0242 0x5960  CDPSvc - ok
22:06:04.0247 0x5960  CDPUserSvc - ok
22:06:04.0251 0x5960  cdrom - ok
22:06:04.0254 0x5960  CertPropSvc - ok
22:06:04.0257 0x5960  cht4iscsi - ok
22:06:04.0260 0x5960  cht4vbd - ok
22:06:04.0264 0x5960  circlass - ok
22:06:04.0266 0x5960  CldFlt - ok
22:06:04.0270 0x5960  CLFS - ok
22:06:04.0359 0x5960  [ F6ED2A874E4FC4FC95F544088F0523F4, F5F239A666288373ED93C6F13EC14FC4AC7257ABF117A7DD97F20070F8EC2205 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
22:06:04.0446 0x5960  ClickToRunSvc - ok
22:06:04.0456 0x5960  ClipSVC - ok
22:06:04.0459 0x5960  clreg - ok
22:06:04.0466 0x5960  CmBatt - ok
22:06:04.0469 0x5960  CNG - ok
22:06:04.0473 0x5960  cnghwassist - ok
22:06:04.0511 0x5960  CompositeBus - ok
22:06:04.0514 0x5960  COMSysApp - ok
22:06:04.0517 0x5960  condrv - ok
22:06:04.0521 0x5960  CoreMessagingRegistrar - ok
22:06:04.0527 0x5960  CryptSvc - ok
22:06:04.0529 0x5960  CSC - ok
22:06:04.0532 0x5960  CscService - ok
22:06:04.0536 0x5960  dam - ok
22:06:04.0540 0x5960  DcomLaunch - ok
22:06:04.0543 0x5960  defragsvc - ok
22:06:04.0548 0x5960  DeviceAssociationService - ok
22:06:04.0551 0x5960  DeviceInstall - ok
22:06:04.0564 0x5960  DevicesFlowUserSvc - ok
22:06:04.0571 0x5960  DevQueryBroker - ok
22:06:04.0575 0x5960  Dfsc - ok
22:06:04.0579 0x5960  Dhcp - ok
22:06:04.0585 0x5960  diagnosticshub.standardcollector.service - ok
22:06:04.0588 0x5960  DiagTrack - ok
22:06:04.0591 0x5960  Disk - ok
22:06:04.0594 0x5960  DmEnrollmentSvc - ok
22:06:04.0597 0x5960  dmvsc - ok
22:06:04.0600 0x5960  dmwappushservice - ok
22:06:04.0603 0x5960  Dnscache - ok
22:06:04.0607 0x5960  dot3svc - ok
22:06:04.0613 0x5960  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:06:04.0625 0x5960  dot4 - ok
22:06:04.0629 0x5960  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
22:06:04.0638 0x5960  Dot4Print - ok
22:06:04.0644 0x5960  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:06:04.0653 0x5960  dot4usb - ok
22:06:04.0656 0x5960  DPS - ok
22:06:04.0660 0x5960  drmkaud - ok
22:06:04.0663 0x5960  DsmSvc - ok
22:06:04.0667 0x5960  DsSvc - ok
22:06:04.0669 0x5960  DusmSvc - ok
22:06:04.0672 0x5960  DXGKrnl - ok
22:06:04.0675 0x5960  EapHost - ok
22:06:04.0678 0x5960  ebdrv - ok
22:06:04.0683 0x5960  EFS - ok
22:06:04.0686 0x5960  EhStorClass - ok
22:06:04.0689 0x5960  EhStorTcgDrv - ok
22:06:04.0692 0x5960  embeddedmode - ok
22:06:04.0695 0x5960  EntAppSvc - ok
22:06:04.0699 0x5960  ErrDev - ok
22:06:04.0706 0x5960  [ 233DB99476B8D1CF61AC1177D0137036, E5EF1F30891050729B248013B4D7881FC556D259E2BE3F51980C3A247D3F5950 ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
22:06:04.0718 0x5960  ESProtectionDriver - ok
22:06:04.0723 0x5960  EventSystem - ok
22:06:04.0726 0x5960  exfat - ok
22:06:04.0729 0x5960  fastfat - ok
22:06:04.0732 0x5960  Fax - ok
22:06:04.0806 0x5960  [ 3FB162167962F3AB2934F7952D10081C, C70AD64EC3D76F7C3630DD95851D56A6DC35A741C55143F4B07D146A074F84B3 ] FA_Scheduler    D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
22:06:04.0820 0x5960  FA_Scheduler - detected UnsignedFile.Multi.Generic ( 1 )
22:06:04.0820 0x5960  Detect skipped due to KSN trusted
22:06:04.0820 0x5960  FA_Scheduler - ok
22:06:04.0824 0x5960  fdc - ok
22:06:04.0828 0x5960  fdPHost - ok
22:06:04.0831 0x5960  FDResPub - ok
22:06:04.0834 0x5960  fhsvc - ok
22:06:04.0838 0x5960  FileCrypt - ok
22:06:04.0841 0x5960  FileInfo - ok
22:06:04.0843 0x5960  Filetrace - ok
22:06:04.0847 0x5960  flpydisk - ok
22:06:04.0850 0x5960  FltMgr - ok
22:06:04.0853 0x5960  FontCache - ok
22:06:04.0857 0x5960  [ 439F6B3617F4EB31978FF5F625D5CCB1, 0D75048C93222550409E58338909EBECC1589170430CD101D829003A798F7BDA ] fortiapd        C:\WINDOWS\system32\drivers\fortiapd.sys
22:06:04.0866 0x5960  fortiapd - ok
22:06:04.0872 0x5960  [ 56077470FFF7BC072384D14AA95254DA, 038969FB67EF2C78D2818AFCCD27137370DD04BF8F6AD427F949782EA4049FCD ] FortiFilter     C:\WINDOWS\system32\DRIVERS\FortiFilter.sys
22:06:04.0883 0x5960  FortiFilter - ok
22:06:04.0889 0x5960  [ 2C5377EEF5AAAA0A1BB52B8E257C567D, D01052597DD14C1BDAB00084A8AFDE496152E0F6B4CF08DB93AD39A7F67F4D72 ] FortiFW         C:\WINDOWS\system32\drivers\FortiFW2.sys
22:06:04.0899 0x5960  FortiFW - ok
22:06:04.0906 0x5960  [ E277011610D0ED77C353E66B80FB6CED, 3844155BE7EEC3FB9E8F66959DEFAE1D00AEE8B41939397DECADA7D4B8EEDEE1 ] Fortips         C:\WINDOWS\system32\drivers\fortips.sys
22:06:04.0917 0x5960  Fortips - ok
22:06:04.0923 0x5960  [ 2191EF19F37918A9F42A193D2FCE4DCD, 2E23DD1D34BF3C493F565BBED0022E450C8B721CB8FFC815CC0BD7417C7E7C21 ] fortisniff      C:\WINDOWS\system32\drivers\fortisniff2.sys
22:06:04.0934 0x5960  fortisniff - ok
22:06:04.0938 0x5960  FrameServer - ok
22:06:04.0940 0x5960  FsDepends - ok
22:06:04.0945 0x5960  Fs_Rec - ok
22:06:04.0951 0x5960  [ 9000B3C397FFC56FD8CAB3CC1D517879, 3735CBA84F6C3568A82745FD89B66ECE95BC805BF8FAB573FAC6090ADDE76406 ] ft_vnic         C:\WINDOWS\System32\drivers\ftvnic.sys
22:06:04.0963 0x5960  ft_vnic - ok
22:06:04.0966 0x5960  fvevol - ok
22:06:04.0970 0x5960  gencounter - ok
22:06:04.0973 0x5960  genericusbfn - ok
22:06:04.0976 0x5960  [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt           C:\WINDOWS\System32\drivers\ggflt.sys
22:06:04.0986 0x5960  ggflt - ok
22:06:04.0990 0x5960  [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc          C:\WINDOWS\System32\drivers\ggsomc.sys
22:06:04.0999 0x5960  ggsomc - ok
22:06:05.0004 0x5960  GPIOClx0101 - ok
22:06:05.0008 0x5960  gpsvc - ok
22:06:05.0010 0x5960  GpuEnergyDrv - ok
22:06:05.0014 0x5960  HDAudBus - ok
22:06:05.0017 0x5960  HidBatt - ok
22:06:05.0021 0x5960  HidBth - ok
22:06:05.0025 0x5960  hidi2c - ok
22:06:05.0028 0x5960  hidinterrupt - ok
22:06:05.0031 0x5960  HidIr - ok
22:06:05.0033 0x5960  hidserv - ok
22:06:05.0037 0x5960  HidUsb - ok
22:06:05.0040 0x5960  HomeGroupListener - ok
22:06:05.0043 0x5960  HomeGroupProvider - ok
22:06:05.0127 0x5960  [ 930370725FA0FE272346583A7A7D6BDB, 98195638D548A6E5E574E062FDCF4E5833DDE834399787EC51C340699B6E5E64 ] hpqcxs08        D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:06:05.0140 0x5960  hpqcxs08 - ok
22:06:05.0157 0x5960  [ EE281DD6843F3F697C1AD7933EEB1E9B, 1ECE31C2150B92DDC1DCBBCECFE3E979F2C60B3F106280E3167BEC0269BF7A41 ] hpqddsvc        D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:06:05.0168 0x5960  hpqddsvc - ok
22:06:05.0172 0x5960  HpSAMD - ok
22:06:05.0177 0x5960  HTTP - ok
22:06:05.0180 0x5960  HvHost - ok
22:06:05.0184 0x5960  hvservice - ok
22:06:05.0187 0x5960  hwpolicy - ok
22:06:05.0190 0x5960  hyperkbd - ok
22:06:05.0193 0x5960  i8042prt - ok
22:06:05.0196 0x5960  iagpio - ok
22:06:05.0198 0x5960  iai2c - ok
22:06:05.0201 0x5960  iaLPSS2i_GPIO2 - ok
22:06:05.0235 0x5960  iaLPSS2i_GPIO2_BXT_P - ok
22:06:05.0238 0x5960  iaLPSS2i_I2C - ok
22:06:05.0241 0x5960  iaLPSS2i_I2C_BXT_P - ok
22:06:05.0245 0x5960  iaLPSSi_GPIO - ok
22:06:05.0248 0x5960  iaLPSSi_I2C - ok
22:06:05.0253 0x5960  iaStorAV - ok
22:06:05.0256 0x5960  iaStorV - ok
22:06:05.0259 0x5960  ibbus - ok
22:06:05.0263 0x5960  icssvc - ok
22:06:05.0267 0x5960  IKEEXT - ok
22:06:05.0271 0x5960  IndirectKmd - ok
22:06:05.0275 0x5960  intelide - ok
22:06:05.0278 0x5960  intelpep - ok
22:06:05.0281 0x5960  intelppm - ok
22:06:05.0324 0x5960  [ CD6FE4D2E29D70D9E2AA587DE5978A15, 03BA3338E0178FCB6FC7792FE4BB2B836CEA8B791D53DD4E273AB48621397DC5 ] IObitUnSvr      D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
22:06:05.0343 0x5960  IObitUnSvr - ok
22:06:05.0347 0x5960  iorate - ok
22:06:05.0350 0x5960  IpFilterDriver - ok
22:06:05.0354 0x5960  iphlpsvc - ok
22:06:05.0356 0x5960  IPMIDRV - ok
22:06:05.0359 0x5960  IPNAT - ok
22:06:05.0363 0x5960  IpxlatCfgSvc - ok
22:06:05.0366 0x5960  irda - ok
22:06:05.0369 0x5960  IRENUM - ok
22:06:05.0372 0x5960  irmon - ok
22:06:05.0375 0x5960  isapnp - ok
22:06:05.0379 0x5960  iScsiPrt - ok
22:06:05.0383 0x5960  kbdclass - ok
22:06:05.0388 0x5960  kbdhid - ok
22:06:05.0391 0x5960  kdnic - ok
22:06:05.0394 0x5960  KeyIso - ok
22:06:05.0397 0x5960  [ 0F9FD9565E6EB157FA9BE11ED9C1DC9F, 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE ] KMS-R@1n        C:\Windows\KMS-R@1n.exe
22:06:05.0407 0x5960  KMS-R@1n - detected UnsignedFile.Multi.Generic ( 1 )
22:06:05.0407 0x5960  Detect skipped due to KSN trusted
22:06:05.0407 0x5960  KMS-R@1n - ok
22:06:05.0410 0x5960  KSecDD - ok
22:06:05.0413 0x5960  KSecPkg - ok
22:06:05.0416 0x5960  ksthunk - ok
22:06:05.0424 0x5960  KtmRm - ok
22:06:05.0430 0x5960  [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C             C:\WINDOWS\System32\drivers\L1C63x64.sys
22:06:05.0442 0x5960  L1C - ok
22:06:05.0445 0x5960  LanmanServer - ok
22:06:05.0448 0x5960  LanmanWorkstation - ok
22:06:05.0453 0x5960  lfsvc - ok
22:06:05.0459 0x5960  [ 16E18CED459B1824234890386EE66CD5, 8058F2AFE6EF96A7D2DED432997FD8655970C9EA75A938EE4557D6A2CB4CC989 ] libusb0         C:\WINDOWS\system32\DRIVERS\libusb0.sys
22:06:05.0472 0x5960  libusb0 - ok
22:06:05.0477 0x5960  LicenseManager - ok
22:06:05.0481 0x5960  lltdio - ok
22:06:05.0484 0x5960  lltdsvc - ok
22:06:05.0489 0x5960  lmhosts - ok
22:06:05.0493 0x5960  LSI_SAS - ok
22:06:05.0496 0x5960  LSI_SAS2i - ok
22:06:05.0499 0x5960  LSI_SAS3i - ok
22:06:05.0502 0x5960  LSI_SSS - ok
22:06:05.0506 0x5960  LSM - ok
22:06:05.0508 0x5960  luafv - ok
22:06:05.0512 0x5960  MapsBroker - ok
22:06:05.0515 0x5960  mausbhost - ok
22:06:05.0518 0x5960  mausbip - ok
22:06:05.0532 0x5960  [ 4EA73F071D96F376DB3AB9EF81273B28, 683C362F9B7A0BEC7BA4C1231405FB312EAA9A21260976C084ABA8CA035E6136 ] MBAMChameleon   C:\WINDOWS\system32\drivers\MBAMChameleon.sys
22:06:05.0546 0x5960  MBAMChameleon - ok
22:06:05.0554 0x5960  [ C51267EE2726707D38C489C06DDF01ED, BFA9BFB8D2E1581CBF4833DC3D86A88C94B64B3B17D440894AEB111E749E4497 ] MBAMFarflt      C:\WINDOWS\system32\drivers\farflt.sys
22:06:05.0565 0x5960  MBAMFarflt - ok
22:06:05.0570 0x5960  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
22:06:05.0580 0x5960  MBAMProtection - ok
22:06:05.0726 0x5960  [ D76E56108E6482905D3FAEA0649919E4, E10285889570A01E544B027F4A17BA7242E5E3EF93D20A19B05091DB237C6DD1 ] MBAMService     D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
22:06:05.0817 0x5960  MBAMService - ok
22:06:05.0830 0x5960  [ 53283EB9998AC9350E14C35A880989DB, 11DD963C67DB7584742810C54BEC4871584413A1BAA8209F79AC923006DE45BB ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
22:06:05.0845 0x5960  MBAMSwissArmy - ok
22:06:05.0851 0x5960  [ BBFBEFBE4598AD6D8E3E821A0FEBDE79, D98CEB294E52167A47CEE7442FF31A44EDC1179069944613203BDC5D8B1B2A73 ] MBAMWebProtection C:\WINDOWS\system32\drivers\mwac.sys
22:06:05.0863 0x5960  MBAMWebProtection - ok
22:06:05.0866 0x5960  megasas - ok
22:06:05.0870 0x5960  megasas2i - ok
22:06:05.0873 0x5960  megasr - ok
22:06:05.0886 0x5960  [ 6D1671CB2E5402F01D2F13ECF764CAA1, 4778630F602FE8F9B9112DC5BB7A179632000D10D80C28E93711404108FCC6E0 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
22:06:05.0905 0x5960  MEIx64 - ok
22:06:05.0908 0x5960  MessagingService - ok
22:06:05.0913 0x5960  mlx4_bus - ok
22:06:05.0916 0x5960  MMCSS - ok
22:06:05.0920 0x5960  Modem - ok
22:06:05.0923 0x5960  monitor - ok
22:06:05.0927 0x5960  mouclass - ok
22:06:05.0930 0x5960  mouhid - ok
22:06:05.0934 0x5960  mountmgr - ok
22:06:05.0943 0x5960  [ F7D0E1DDA812C25EE003070835706963, C293053B2B3B85F694B92DFE80E166726BE002FC7B3C5EBF3573980B64D1B097 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:06:05.0957 0x5960  MozillaMaintenance - ok
22:06:05.0961 0x5960  mpsdrv - ok
22:06:05.0965 0x5960  MpsSvc - ok
22:06:05.0968 0x5960  MRxDAV - ok
22:06:05.0972 0x5960  mrxsmb - ok
22:06:05.0975 0x5960  mrxsmb10 - ok
22:06:05.0978 0x5960  mrxsmb20 - ok
22:06:05.0982 0x5960  MsBridge - ok
22:06:05.0985 0x5960  MSDTC - ok
22:06:05.0989 0x5960  Msfs - ok
22:06:05.0993 0x5960  msgpiowin32 - ok
22:06:05.0996 0x5960  mshidkmdf - ok
22:06:05.0999 0x5960  mshidumdf - ok
22:06:06.0002 0x5960  msisadrv - ok
22:06:06.0006 0x5960  MSiSCSI - ok
22:06:06.0009 0x5960  msiserver - ok
22:06:06.0013 0x5960  MSKSSRV - ok
22:06:06.0016 0x5960  MsLldp - ok
22:06:06.0018 0x5960  MSPCLOCK - ok
22:06:06.0021 0x5960  MSPQM - ok
22:06:06.0024 0x5960  MsRPC - ok
22:06:06.0030 0x5960  MsSecFlt - ok
22:06:06.0033 0x5960  mssmbios - ok
22:06:06.0037 0x5960  MSTEE - ok
22:06:06.0040 0x5960  MTConfig - ok
22:06:06.0043 0x5960  Mup - ok
22:06:06.0047 0x5960  mvumis - ok
22:06:06.0051 0x5960  NativeWifiP - ok
22:06:06.0055 0x5960  NaturalAuthentication - ok
22:06:06.0058 0x5960  NcaSvc - ok
22:06:06.0061 0x5960  NcbService - ok
22:06:06.0063 0x5960  NcdAutoSetup - ok
22:06:06.0068 0x5960  ndfltr - ok
22:06:06.0072 0x5960  NDIS - ok
22:06:06.0076 0x5960  NdisCap - ok
22:06:06.0080 0x5960  NdisImPlatform - ok
22:06:06.0083 0x5960  NdisTapi - ok
22:06:06.0088 0x5960  Ndisuio - ok
22:06:06.0092 0x5960  NdisVirtualBus - ok
22:06:06.0095 0x5960  NdisWan - ok
22:06:06.0098 0x5960  ndiswanlegacy - ok
22:06:06.0101 0x5960  ndproxy - ok
22:06:06.0104 0x5960  Ndu - ok
22:06:06.0110 0x5960  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
22:06:06.0125 0x5960  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:06:06.0125 0x5960  Detect skipped due to KSN trusted
22:06:06.0125 0x5960  Net Driver HPZ12 - ok
22:06:06.0129 0x5960  NetAdapterCx - ok
22:06:06.0132 0x5960  NetBIOS - ok
22:06:06.0136 0x5960  NetBT - ok
22:06:06.0139 0x5960  Netlogon - ok
22:06:06.0142 0x5960  Netman - ok
22:06:06.0146 0x5960  netprofm - ok
22:06:06.0150 0x5960  NetSetupSvc - ok
22:06:06.0159 0x5960  NetTcpPortSharing - ok
22:06:06.0162 0x5960  netvsc - ok
22:06:06.0169 0x5960  NgcCtnrSvc - ok
22:06:06.0172 0x5960  NgcSvc - ok
22:06:06.0175 0x5960  NlaSvc - ok
22:06:06.0178 0x5960  Npfs - ok
22:06:06.0181 0x5960  npsvctrig - ok
22:06:06.0186 0x5960  nsi - ok
22:06:06.0189 0x5960  nsiproxy - ok
22:06:06.0193 0x5960  NTFS - ok
22:06:06.0197 0x5960  Null - ok
22:06:06.0200 0x5960  nvdimmn - ok
22:06:06.0216 0x5960  [ 6E256C42FD27FADEA9BDD2E98CB53FE4, 8E2BDADFCC4B0C7208E937462DDF9CD9810E1B66375BD22F26C5D94376BDEC44 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
22:06:06.0231 0x5960  NVHDA - ok
22:06:06.0502 0x5960  [ BD000446F0B4FA1E87E7D10356C49564, 95F495549F35FFD64D3132D46923D1502C10AC77E7031EE1DE629E218EC584E0 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys
22:06:06.0781 0x5960  nvlddmkm - ok
22:06:06.0803 0x5960  nvraid - ok
22:06:06.0807 0x5960  nvstor - ok
22:06:06.0812 0x5960  OneSyncSvc - ok
22:06:06.0910 0x5960  [ 4FF47A8FEE5906C7243405F51E452614, 9DB7DD43BB8DA0487CE79241E226697F3F9726EA4A291722FD4B532C081092E6 ] Origin Client Service D:\Program Files (x86)\Origin\OriginClientService.exe
22:06:06.0956 0x5960  Origin Client Service - ok
22:06:07.0035 0x5960  [ CA0B62365F8189BC478DEDC3B6BC1E18, 3FBF94CD20F286D66A7CFE760191704123D26D8D5FAEE3C9F8F93E8AEDF13B41 ] Origin Web Helper Service D:\Program Files (x86)\Origin\OriginWebHelperService.exe
22:06:07.0086 0x5960  Origin Web Helper Service - ok
22:06:07.0099 0x5960  [ 2E66B6C7A68D5A72870AE7C4AFC837BD, D2A198BB97C5A0000F933E693E60539396AF58173B6CD8B184700F2C860915DE ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:06:07.0115 0x5960  ose64 - ok
22:06:07.0143 0x5960  [ 5DE4544D144DE1E0E0DDCA74C6635016, E22F0F050BF5619BF0CDB995849D44F1BC2D8A6A646F0288B44C239C933A4014 ] OverwolfUpdater C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
22:06:07.0182 0x5960  OverwolfUpdater - ok
22:06:07.0187 0x5960  p2pimsvc - ok
22:06:07.0191 0x5960  p2psvc - ok
22:06:07.0195 0x5960  Parport - ok
22:06:07.0198 0x5960  partmgr - ok
22:06:07.0202 0x5960  PcaSvc - ok
22:06:07.0205 0x5960  pci - ok
22:06:07.0210 0x5960  pciide - ok
22:06:07.0213 0x5960  pcmcia - ok
22:06:07.0216 0x5960  pcw - ok
22:06:07.0220 0x5960  pdc - ok
22:06:07.0224 0x5960  PEAUTH - ok
22:06:07.0229 0x5960  PeerDistSvc - ok
22:06:07.0232 0x5960  percsas2i - ok
22:06:07.0235 0x5960  percsas3i - ok
22:06:07.0268 0x5960  PerfHost - ok
22:06:07.0277 0x5960  PhoneSvc - ok
22:06:07.0280 0x5960  PimIndexMaintenanceSvc - ok
22:06:07.0287 0x5960  pla - ok
22:06:07.0291 0x5960  PlugPlay - ok
22:06:07.0294 0x5960  pmem - ok
22:06:07.0300 0x5960  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
22:06:07.0316 0x5960  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:06:07.0316 0x5960  Detect skipped due to KSN trusted
22:06:07.0316 0x5960  Pml Driver HPZ12 - ok
22:06:07.0320 0x5960  PNRPAutoReg - ok
22:06:07.0323 0x5960  PNRPsvc - ok
22:06:07.0327 0x5960  PolicyAgent - ok
22:06:07.0332 0x5960  Power - ok
22:06:07.0337 0x5960  [ ED29F9D445957946D6A62E3F65B9D98E, 4786047C45B272479DCB957BD2DF6D82B366EC3A13E745AA7784DCE944147472 ] pppop           C:\WINDOWS\System32\drivers\pppop64.sys
22:06:07.0348 0x5960  pppop - ok
22:06:07.0351 0x5960  PptpMiniport - ok
22:06:07.0405 0x5960  [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:06:07.0502 0x5960  PrintNotify - ok
22:06:07.0510 0x5960  Processor - ok
22:06:07.0515 0x5960  ProfSvc - ok
22:06:07.0518 0x5960  Psched - ok
22:06:07.0521 0x5960  QWAVE - ok
22:06:07.0525 0x5960  QWAVEdrv - ok
22:06:07.0529 0x5960  RasAcd - ok
22:06:07.0533 0x5960  RasAgileVpn - ok
22:06:07.0536 0x5960  RasAuto - ok
22:06:07.0539 0x5960  Rasl2tp - ok
22:06:07.0543 0x5960  RasMan - ok
22:06:07.0547 0x5960  RasPppoe - ok
22:06:07.0550 0x5960  RasSstp - ok
22:06:07.0555 0x5960  rdbss - ok
22:06:07.0561 0x5960  rdpbus - ok
22:06:07.0566 0x5960  RDPDR - ok
22:06:07.0574 0x5960  RdpVideoMiniport - ok
22:06:07.0577 0x5960  rdyboost - ok
22:06:07.0580 0x5960  ReFS - ok
22:06:07.0583 0x5960  ReFSv1 - ok
22:06:07.0589 0x5960  RemoteAccess - ok
22:06:07.0593 0x5960  RemoteRegistry - ok
22:06:07.0596 0x5960  RetailDemo - ok
22:06:07.0599 0x5960  RmSvc - ok
22:06:07.0603 0x5960  RpcEptMapper - ok
22:06:07.0607 0x5960  RpcLocator - ok
22:06:07.0612 0x5960  RpcSs - ok
22:06:07.0615 0x5960  rspndr - ok
22:06:07.0621 0x5960  [ 38BC2EA9A3F77372AE1AE1A022AE1826, CCBCEC24535404FA8B7750F7A1F7DB5F422DC8EC77C6B877B1D2FBE283AE47E5 ] RTL2831UBDA     C:\WINDOWS\system32\drivers\RTL2831UBDA.sys
22:06:07.0635 0x5960  RTL2831UBDA - ok
22:06:07.0640 0x5960  [ 6D33D376247D88AD0CAAEC40AC2E44D0, 9773D77EABF549D0913EDC10EA6D6CE0BB8CA209721A3896672AF93F97A91665 ] RTL2831UUSB     C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys
22:06:07.0650 0x5960  RTL2831UUSB - ok
22:06:07.0654 0x5960  s3cap - ok
22:06:07.0657 0x5960  SamSs - ok
22:06:07.0660 0x5960  sbp2port - ok
22:06:07.0664 0x5960  SCardSvr - ok
22:06:07.0668 0x5960  ScDeviceEnum - ok
22:06:07.0672 0x5960  scfilter - ok
22:06:07.0675 0x5960  Schedule - ok
22:06:07.0678 0x5960  scmbus - ok
22:06:07.0681 0x5960  SCPolicySvc - ok
22:06:07.0686 0x5960  sdbus - ok
22:06:07.0690 0x5960  SDFRd - ok
22:06:07.0693 0x5960  SDRSVC - ok
22:06:07.0697 0x5960  sdstor - ok
22:06:07.0701 0x5960  seclogon - ok
22:06:07.0706 0x5960  SecurityHealthService - ok
22:06:07.0710 0x5960  SEMgrSvc - ok
22:06:07.0714 0x5960  SENS - ok
22:06:07.0718 0x5960  Sense - ok
22:06:07.0721 0x5960  SensorDataService - ok
22:06:07.0725 0x5960  SensorService - ok
22:06:07.0729 0x5960  SensrSvc - ok
22:06:07.0732 0x5960  SerCx - ok
22:06:07.0735 0x5960  SerCx2 - ok
22:06:07.0739 0x5960  Serenum - ok
22:06:07.0742 0x5960  Serial - ok
22:06:07.0747 0x5960  sermouse - ok
22:06:07.0750 0x5960  SessionEnv - ok
22:06:07.0754 0x5960  sfloppy - ok
22:06:07.0758 0x5960  SharedAccess - ok
22:06:07.0763 0x5960  ShellHWDetection - ok
22:06:07.0769 0x5960  shpamsvc - ok
22:06:07.0772 0x5960  SiSRaid2 - ok
22:06:07.0777 0x5960  SiSRaid4 - ok
22:06:07.0811 0x5960  [ E6DA1192D36D2D29FF8387917C2D70A6, 6F6AB7A2E45D7E05F5ED0B08B1ED9FFA03BDBFAF5E80F8B9E2C4D6CF6F74B851 ] SkypeUpdate     D:\Program Files (x86)\Skype\Updater\Updater.exe
22:06:07.0831 0x5960  SkypeUpdate - ok
22:06:07.0835 0x5960  smphost - ok
22:06:07.0839 0x5960  SmsRouter - ok
22:06:07.0844 0x5960  SNMPTRAP - ok
22:06:07.0848 0x5960  spaceport - ok
22:06:07.0852 0x5960  SpatialGraphFilter - ok
22:06:07.0855 0x5960  SpbCx - ok
22:06:07.0859 0x5960  spectrum - ok
22:06:07.0863 0x5960  Spooler - ok
22:06:07.0867 0x5960  sppsvc - ok
22:06:07.0873 0x5960  srv - ok
22:06:07.0877 0x5960  srv2 - ok
22:06:07.0881 0x5960  srvnet - ok
22:06:07.0885 0x5960  SSDPSRV - ok
22:06:07.0889 0x5960  SstpSvc - ok
22:06:07.0899 0x5960  StateRepository - ok
22:06:07.0933 0x5960  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:06:07.0968 0x5960  Steam Client Service - ok
22:06:07.0975 0x5960  stexstor - ok
22:06:07.0980 0x5960  stisvc - ok
22:06:07.0984 0x5960  storahci - ok
22:06:07.0989 0x5960  storflt - ok
22:06:07.0993 0x5960  stornvme - ok
22:06:07.0997 0x5960  storqosflt - ok
22:06:08.0004 0x5960  StorSvc - ok
22:06:08.0009 0x5960  storufs - ok
22:06:08.0014 0x5960  storvsc - ok
22:06:08.0019 0x5960  svsvc - ok
22:06:08.0022 0x5960  swenum - ok
22:06:08.0027 0x5960  swprv - ok
22:06:08.0031 0x5960  Synth3dVsc - ok
22:06:08.0037 0x5960  SysMain - ok
22:06:08.0042 0x5960  SystemEventsBroker - ok
22:06:08.0047 0x5960  TabletInputService - ok
22:06:08.0053 0x5960  TapiSrv - ok
22:06:08.0057 0x5960  Tcpip - ok
22:06:08.0060 0x5960  Tcpip6 - ok
22:06:08.0067 0x5960  tcpipreg - ok
22:06:08.0073 0x5960  tdx - ok
22:06:08.0283 0x5960  [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer      D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
22:06:08.0424 0x5960  TeamViewer - ok
22:06:08.0435 0x5960  terminpt - ok
22:06:08.0439 0x5960  TermService - ok
22:06:08.0443 0x5960  Themes - ok
22:06:08.0448 0x5960  TieringEngineService - ok
22:06:08.0452 0x5960  tiledatamodelsvc - ok
22:06:08.0456 0x5960  TimeBrokerSvc - ok
22:06:08.0460 0x5960  TokenBroker - ok
22:06:08.0465 0x5960  TPM - ok
22:06:08.0470 0x5960  TrkWks - ok
22:06:08.0474 0x5960  TrustedInstaller - ok
22:06:08.0479 0x5960  TsUsbFlt - ok
22:06:08.0485 0x5960  TsUsbGD - ok
22:06:08.0489 0x5960  tsusbhub - ok
22:06:08.0493 0x5960  tunnel - ok
22:06:08.0497 0x5960  tzautoupdate - ok
22:06:08.0500 0x5960  UASPStor - ok
22:06:08.0505 0x5960  UcmCx0101 - ok
22:06:08.0509 0x5960  UcmTcpciCx0101 - ok
22:06:08.0512 0x5960  UcmUcsi - ok
22:06:08.0515 0x5960  Ucx01000 - ok
22:06:08.0519 0x5960  UdeCx - ok
22:06:08.0523 0x5960  udfs - ok
22:06:08.0528 0x5960  UEFI - ok
22:06:08.0531 0x5960  UevAgentDriver - ok
22:06:08.0536 0x5960  UevAgentService - ok
22:06:08.0539 0x5960  Ufx01000 - ok
22:06:08.0544 0x5960  UfxChipidea - ok
22:06:08.0548 0x5960  ufxsynopsys - ok
22:06:08.0559 0x5960  UI0Detect - ok
22:06:08.0563 0x5960  umbus - ok
22:06:08.0567 0x5960  UmPass - ok
22:06:08.0571 0x5960  UmRdpService - ok
22:06:08.0575 0x5960  UnistoreSvc - ok
22:06:08.0580 0x5960  upnphost - ok
22:06:08.0583 0x5960  UrsChipidea - ok
22:06:08.0588 0x5960  UrsCx01000 - ok
22:06:08.0591 0x5960  UrsSynopsys - ok
22:06:08.0595 0x5960  usbaudio - ok
22:06:08.0599 0x5960  usbccgp - ok
22:06:08.0603 0x5960  usbcir - ok
22:06:08.0607 0x5960  usbehci - ok
22:06:08.0611 0x5960  usbhub - ok
22:06:08.0615 0x5960  USBHUB3 - ok
22:06:08.0618 0x5960  usbohci - ok
22:06:08.0623 0x5960  usbprint - ok
22:06:08.0628 0x5960  [ 96B48485A7CC2C0A63C196A16403C5F3, 4E364DE1FE19D14D5BA4F4360563BB49F4DEC90430771C12376C0B1BB70CFD37 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:06:08.0645 0x5960  usbscan - ok
22:06:08.0649 0x5960  usbser - ok
22:06:08.0653 0x5960  USBSTOR - ok
22:06:08.0658 0x5960  usbuhci - ok
22:06:08.0662 0x5960  USBXHCI - ok
22:06:08.0667 0x5960  UserDataSvc - ok
22:06:08.0673 0x5960  UserManager - ok
22:06:08.0677 0x5960  UsoSvc - ok
22:06:08.0680 0x5960  VaultSvc - ok
22:06:08.0686 0x5960  [ 57BFF0ADE329BC2596F060A07D3AF2B9, CEC4CE14B8BB5DAB58F30399999703A4FFF601768890DB185D21C2C9EA3A5666 ] VBAudioVMVAIOMME C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys
22:06:08.0696 0x5960  VBAudioVMVAIOMME - ok
22:06:08.0701 0x5960  vdrvroot - ok
22:06:08.0705 0x5960  vds - ok
22:06:08.0709 0x5960  VerifierExt - ok
22:06:08.0713 0x5960  vhdmp - ok
22:06:08.0719 0x5960  vhf - ok
22:06:08.0742 0x5960  [ 20D3701C516BB42F81A22EB727B9E419, 08A8D12626A322790C6679554D49AE388E33316121226DE9FCA9C22C8F509C56 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
22:06:08.0764 0x5960  VIAHdAudAddService - ok
22:06:08.0770 0x5960  [ 097A1A16F9F38715CEAA092DE626F517, 5D51D74C3264ADEA1A50F6620150B284E54C5294A548D1BC940B3B5FF5343998 ] VIAKaraokeService C:\WINDOWS\system32\viakaraokesrv.exe
22:06:08.0790 0x5960  VIAKaraokeService - ok
22:06:08.0794 0x5960  vmbus - ok
22:06:08.0798 0x5960  VMBusHID - ok
22:06:08.0803 0x5960  vmgid - ok
22:06:08.0807 0x5960  vmicguestinterface - ok
22:06:08.0811 0x5960  vmicheartbeat - ok
22:06:08.0815 0x5960  vmickvpexchange - ok
22:06:08.0819 0x5960  vmicrdv - ok
22:06:08.0824 0x5960  vmicshutdown - ok
22:06:08.0828 0x5960  vmictimesync - ok
22:06:08.0832 0x5960  vmicvmsession - ok
22:06:08.0835 0x5960  vmicvss - ok
22:06:08.0839 0x5960  volmgr - ok
22:06:08.0842 0x5960  volmgrx - ok
22:06:08.0847 0x5960  volsnap - ok
22:06:08.0851 0x5960  volume - ok
22:06:08.0855 0x5960  vpci - ok
22:06:08.0859 0x5960  vsmraid - ok
22:06:08.0862 0x5960  VSS - ok
22:06:08.0867 0x5960  VSTXRAID - ok
22:06:08.0872 0x5960  vwifibus - ok
22:06:08.0875 0x5960  vwififlt - ok
22:06:08.0879 0x5960  W32Time - ok
22:06:08.0884 0x5960  WacomPen - ok
22:06:08.0890 0x5960  WalletService - ok
22:06:08.0893 0x5960  wanarp - ok
22:06:08.0897 0x5960  wanarpv6 - ok
22:06:08.0902 0x5960  wbengine - ok
22:06:08.0907 0x5960  WbioSrvc - ok
22:06:08.0911 0x5960  wcifs - ok
22:06:08.0916 0x5960  Wcmsvc - ok
22:06:08.0920 0x5960  wcncsvc - ok
22:06:08.0924 0x5960  wcnfs - ok
22:06:08.0929 0x5960  WdBoot - ok
22:06:08.0933 0x5960  Wdf01000 - ok
22:06:08.0937 0x5960  WdFilter - ok
22:06:08.0942 0x5960  WdiServiceHost - ok
22:06:08.0947 0x5960  WdiSystemHost - ok
22:06:08.0951 0x5960  wdiwifi - ok
22:06:08.0956 0x5960  WdNisDrv - ok
22:06:08.0961 0x5960  WdNisSvc - ok
22:06:08.0965 0x5960  WebClient - ok
22:06:08.0969 0x5960  Wecsvc - ok
22:06:08.0973 0x5960  WEPHOSTSVC - ok
22:06:08.0977 0x5960  wercplsupport - ok
22:06:08.0981 0x5960  WerSvc - ok
22:06:08.0986 0x5960  WFDSConMgrSvc - ok
22:06:08.0990 0x5960  WFPLWFS - ok
22:06:08.0994 0x5960  WiaRpc - ok
22:06:08.0998 0x5960  WIMMount - ok
22:06:09.0004 0x5960  WinDefend - ok
22:06:09.0013 0x5960  WindowsTrustedRT - ok
22:06:09.0017 0x5960  WindowsTrustedRTProxy - ok
22:06:09.0022 0x5960  WinHttpAutoProxySvc - ok
22:06:09.0026 0x5960  WinMad - ok
22:06:09.0040 0x5960  Winmgmt - ok
22:06:09.0044 0x5960  WinNat - ok
22:06:09.0048 0x5960  WinRM - ok
22:06:09.0057 0x5960  WINUSB - ok
22:06:09.0062 0x5960  WinVerbs - ok
22:06:09.0067 0x5960  wisvc - ok
22:06:09.0071 0x5960  WlanSvc - ok
22:06:09.0075 0x5960  wlidsvc - ok
22:06:09.0079 0x5960  wlpasvc - ok
22:06:09.0083 0x5960  WmiAcpi - ok
22:06:09.0090 0x5960  wmiApSrv - ok
22:06:09.0094 0x5960  WMPNetworkSvc - ok
22:06:09.0103 0x5960  [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
22:06:09.0121 0x5960  Wof - ok
22:06:09.0128 0x5960  workfolderssvc - ok
22:06:09.0132 0x5960  WPDBusEnum - ok
22:06:09.0137 0x5960  WpdUpFltr - ok
22:06:09.0141 0x5960  WpnService - ok
22:06:09.0145 0x5960  WpnUserService - ok
22:06:09.0153 0x5960  ws2ifsl - ok
22:06:09.0158 0x5960  wscsvc - ok
22:06:09.0163 0x5960  WSearch - ok
22:06:09.0171 0x5960  wuauserv - ok
22:06:09.0175 0x5960  WudfPf - ok
22:06:09.0179 0x5960  WUDFRd - ok
22:06:09.0183 0x5960  wudfsvc - ok
22:06:09.0188 0x5960  WUDFWpdFs - ok
22:06:09.0193 0x5960  WwanSvc - ok
22:06:09.0197 0x5960  xbgm - ok
22:06:09.0203 0x5960  XblAuthManager - ok
22:06:09.0208 0x5960  XblGameSave - ok
22:06:09.0215 0x5960  xboxgip - ok
22:06:09.0220 0x5960  XboxGipSvc - ok
22:06:09.0225 0x5960  XboxNetApiSvc - ok
22:06:09.0229 0x5960  xinputhid - ok
22:06:09.0281 0x5960  [ 322600D57876851514AE6DFE705EBF7C, 9AF962D9700B4103935A3A533515F7BA8B3EF66274B8CDE22CDC259A67AB599C ] XperiaCompanionService C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
22:06:09.0332 0x5960  XperiaCompanionService - ok
22:06:09.0334 0x5960  ================ Scan global ===============================
22:06:09.0345 0x5960  [ Global ] - ok
22:06:09.0345 0x5960  ================ Scan MBR ==================================
22:06:09.0348 0x5960  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:06:09.0405 0x5960  \Device\Harddisk0\DR0 - ok
22:06:09.0416 0x5960  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:06:09.0476 0x5960  \Device\Harddisk1\DR1 - ok
22:06:09.0479 0x5960  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
22:06:09.0563 0x5960  \Device\Harddisk2\DR2 - ok
22:06:09.0568 0x5960  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk3\DR3
22:06:11.0532 0x5960  \Device\Harddisk3\DR3 - ok
22:06:11.0533 0x5960  ================ Scan VBR ==================================
22:06:11.0536 0x5960  [ 161A07F9608647D652EE3BA63E691018 ] \Device\Harddisk0\DR0\Partition1
22:06:11.0536 0x5960  \Device\Harddisk0\DR0\Partition1 - ok
22:06:11.0538 0x5960  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
22:06:11.0539 0x5960  \Device\Harddisk0\DR0\Partition2 - ok
22:06:11.0541 0x5960  [ E12CB558778D141071425F22F399E7BA ] \Device\Harddisk0\DR0\Partition3
22:06:11.0543 0x5960  \Device\Harddisk0\DR0\Partition3 - ok
22:06:11.0545 0x5960  [ FCD394C36574A7D0C82D1582BF7F2ECD ] \Device\Harddisk0\DR0\Partition4
22:06:11.0547 0x5960  \Device\Harddisk0\DR0\Partition4 - ok
22:06:11.0566 0x5960  [ 7C7693CF0F248165AFCD537E21247F3A ] \Device\Harddisk1\DR1\Partition1
22:06:11.0567 0x5960  \Device\Harddisk1\DR1\Partition1 - ok
22:06:11.0570 0x5960  [ A89D815E09A00625A16E03F6BC4C42FB ] \Device\Harddisk2\DR2\Partition1
22:06:11.0572 0x5960  \Device\Harddisk2\DR2\Partition1 - ok
22:06:11.0574 0x5960  [ E9F11B7605797CF9B7C2D3D3E90E7E06 ] \Device\Harddisk3\DR3\Partition1
22:06:11.0577 0x5960  \Device\Harddisk3\DR3\Partition1 - ok
22:06:11.0578 0x5960  ================ Scan generic autorun ======================
22:06:11.0578 0x5960  SecurityHealth - ok
22:06:11.0668 0x5960  [ DB5598036532462FEAFE35A82FA6A225, CE12077EAC32A544C92C1FEB851C2B6C9B6D855944FE8A3CF618D57F5A7F119B ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
22:06:11.0757 0x5960  HDAudDeck - ok
22:06:11.0774 0x5960  [ 20C08CA080F650B730B1E3FDEA9AD532, 1D2B0914412378E0B5834A95BDD86F8927B6A8D37F4E044C904CE381F1C19A75 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
22:06:11.0795 0x5960  AdobeAAMUpdater-1.0 - ok
22:06:11.0830 0x5960  [ 8DD6F98101EBBA3FC92C8092333A6B32, 80FE7E4433731614B92F8C0256EA5440508C535EBDA45188D1225BFEDA6F0F67 ] D:\Program Files\AVAST Software\Avast\AvLaunch.exe
22:06:11.0844 0x5960  AvastUI.exe - ok
22:06:11.0949 0x5960  [ 5602FF42444B4991E69C62E493BDAEC4, 7AE46CA0CD1E1C091B31EE4A691C26823E0F1AB1CA6B1C29E6C662BF7E28A996 ] D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
22:06:12.0013 0x5960  Malwarebytes TrayApp - ok
22:06:12.0171 0x5960  [ 3BC50C3ECBC3838483293DEDDB9AA28A, EDA4DD1ACFFDA217695591CDAC85AF388939A277ACE65CB5CF20EE31D11ACA6F ] D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
22:06:12.0242 0x5960  Acrobat Assistant 8.0 - ok
22:06:12.0261 0x5960  [ 395CB6E8C67BFB1063AD86987909C184, 15F3BA6DF6D0C5C8FB9FF0AB661A5A652F26BAB7A0FB0DB47874069522400B16 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:06:12.0280 0x5960  SunJavaUpdateSched - ok
22:06:12.0299 0x5960  OneDriveSetup - ok
22:06:12.0300 0x5960  OneDriveSetup - ok
22:06:12.0333 0x5960  [ 00F30FDFDE3E276C1A731C2DF951D67E, 018E6933882FCC41EE96E198E6F7ECEFB53EC650B1044A58876B26EDE011158B ] C:\Users\axelk\AppData\Local\Microsoft\OneDrive\OneDrive.exe
22:06:12.0370 0x5960  OneDrive - ok
22:06:12.0393 0x5960  [ 54C4D03796D44AA8A0BABE7B1B66DC30, C22DDD28A0F838E9025F9212339B4377D2A9269D781D64727ADD365A62773E83 ] C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
22:06:12.0421 0x5960  Overwolf - ok
22:06:12.0699 0x5960  [ 4A4FF358B1ECCAEDBBDAEF293613CEC5, 0697FCBC726F2BC2573495CD878F9309235DB7289DD76FB9406233D01D546272 ] D:\Program Files\CCleaner\CCleaner64.exe
22:06:12.0876 0x5960  CCleaner Monitoring - ok
22:06:13.0015 0x5960  [ 0B4431D8286AB24483CEBA4503DCB6B1, 70D54CDDC8CBFAEB11CABF7A1DEA69CBE420EFCA96381E8753AD9326407875EE ] D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe
22:06:13.0076 0x5960  World of Tanks - ok
22:06:13.0117 0x5960  [ 5F025EBD25CC30866AD7CC3301EFA329, 35ED27A0AB49EA85465F84D0E396F113CE22CD229C25286166C9B1F3222DC6D1 ] C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
22:06:13.0161 0x5960  XperiaCompanionAgent - ok
22:06:13.0177 0x5960  [ A521CB088D5299C44DA6627DEC90C0B4, 98F52B2F2B4B6B2FE58624C69607897D586E761294AB738F26CBACD25FC39EE3 ] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
22:06:13.0190 0x5960  BlueStacks Agent - ok
22:06:13.0234 0x5960  Skype - ok
22:06:13.0240 0x5960  AV detected via SS2: Avast Antivirus, D:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 17.4.3482.0 ), 0x41000 ( enabled : updated )
22:06:13.0241 0x5960  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.0 ), 0x60100 ( disabled : updated )
22:06:13.0242 0x5960  AV detected via SS2: Malwarebytes, D:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.143 ), 0x61000 ( enabled : updated )
22:06:13.0244 0x5960  Win FW state via NFP2: enabled ( trusted )
22:06:13.0422 0x5960  ============================================================
22:06:13.0422 0x5960  Scan finished
22:06:13.0422 0x5960  ============================================================
22:06:13.0428 0x71b0  Detected object count: 0
22:06:13.0428 0x71b0  Actual detected object count: 0

FRST und Addition folgen.

MfG

uxel

uxel · 01.06.2017, 21:19

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2017
durchgeführt von axelk (Administrator) auf DESKTOP-NEE8C9I (01-06-2017 21:59:47)
Gestartet von C:\Users\axelk\Desktop
Geladene Profile: axelk (Verfügbare Profile: axelk)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software s.r.o.) D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.104.210.0\OverwolfBrowser.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.210.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.210.0\OverwolfHelper64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Wargaming.net) D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(freenet TV Player) D:\Program Files (x86)\freenet TV Player\freenet TV Player.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2016-07-30] (VIA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-04] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-05-14] ()
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [World of Tanks] => D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2088832 2016-12-22] (Sony)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
Startup: C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2017-05-12]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicy: Beschränkung <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4beea3e3-899f-4d05-a6a5-2d83c6087d76}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-632498878-1310639711-2934333010-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0ksa54iq.default-1493836180353
FF ProfilePath: C:\Users\axelk\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 [2017-06-01]
FF Homepage: Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 -> about:home
FF Extension: (I don't care about cookies) - C:\Users\axelk\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2017-05-03]
FF Extension: (Adblock Plus) - C:\Users\axelk\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-09-26] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @FortinetCacheClean -> D:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> D:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> D:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-02-25]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-04] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 FA_Scheduler; D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [119826 2017-03-08] (Fortinet Inc.) [Datei ist nicht signiert]
R3 hpqcxs08; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2011-04-29] (Hewlett-Packard Co.)
R2 hpqddsvc; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
R2 IObitUnSvr; D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-07-31] () [Datei ist nicht signiert]
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-30] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies)
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27768 2016-07-30] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-04] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [18000 2017-03-08] (Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [37456 2017-03-08] (Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [147536 2017-03-08] (Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [85072 2017-03-08] (Fortinet Inc)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Inc)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2016-10-05] (Sony Mobile Communications)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2017-05-06] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-06-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-06-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-06-01] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Inc.)
S3 RTL2831UBDA; C:\WINDOWS\system32\drivers\RTL2831UBDA.sys [116000 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys [39968 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-05-12] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-06-01 21:59 - 2017-06-01 22:00 - 00025130 _____ C:\Users\axelk\Desktop\FRST.txt
2017-06-01 21:59 - 2017-06-01 21:59 - 02433536 _____ (Farbar) C:\Users\axelk\Desktop\FRST64.exe
2017-06-01 21:59 - 2017-06-01 21:59 - 00000000 ____D C:\Users\axelk\Desktop\FRST-OlderVersion
2017-06-01 10:31 - 2017-06-01 10:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-01 10:31 - 2017-05-01 22:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-06-01 10:31 - 2017-03-10 23:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-01 10:31 - 2017-03-10 23:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-01 10:31 - 2017-03-10 23:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-01 10:31 - 2017-03-10 23:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-01 10:30 - 2017-05-19 18:07 - 00521816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-06-01 10:29 - 2017-06-01 10:31 - 00000000 ____D C:\WINDOWS\LastGood
2017-05-30 19:34 - 2017-06-01 21:59 - 00000000 ____D C:\FRST
2017-05-30 10:35 - 2017-05-30 10:35 - 00000000 ____D C:\Program Files (x86)\ESET
2017-05-30 10:14 - 2017-05-30 10:23 - 00000000 ____D C:\AdwCleaner
2017-05-29 17:28 - 2017-05-29 18:58 - 00000000 ____D C:\Users\axelk\AppData\Roaming\EndNote
2017-05-29 12:43 - 2017-05-29 12:43 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-27 11:34 - 2017-05-27 11:34 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-05-22 11:55 - 2017-05-22 11:55 - 00001236 _____ C:\Users\axelk\Desktop\Firefox.lnk
2017-05-19 18:05 - 2017-05-19 18:05 - 35397528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-19 18:04 - 2017-05-19 18:04 - 28632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-19 18:04 - 2017-05-19 18:04 - 00969624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-19 18:04 - 2017-05-19 18:04 - 00920664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 01996696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438205.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 01598360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438205.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 01062808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 00999832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 00054680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 40210512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 35290192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 03800984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 03256408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 11161992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 10648512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 09102480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 08891160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 00703880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 00591672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-19 17:47 - 2017-05-19 17:47 - 11129704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-19 17:47 - 2017-05-19 17:47 - 09335520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-19 17:47 - 2017-05-19 17:47 - 03647864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-19 14:22 - 2017-05-19 14:22 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-05-19 14:22 - 2017-05-19 14:22 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-05-19 13:12 - 2017-06-01 19:07 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-19 13:12 - 2017-06-01 10:13 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-19 13:12 - 2017-06-01 10:13 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-19 13:12 - 2017-06-01 10:13 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00000974 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-19 13:12 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-19 12:31 - 2017-05-19 12:31 - 00000000 ____D C:\Users\axelk\AppData\Local\Macromedia
2017-05-18 16:44 - 2017-05-19 12:43 - 00003475 _____ C:\Users\axelk\AppData\Roaming\go00001.bak
2017-05-18 13:56 - 2017-05-18 13:56 - 00000000 ____D C:\Users\axelk\AppData\Local\PeerDistRepub
2017-05-17 22:55 - 2017-05-17 22:55 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-17 22:55 - 2017-05-17 22:55 - 00000000 ____D C:\Program Files (x86)\Skype
2017-05-17 12:54 - 2017-06-01 21:56 - 00000000 ____D C:\Users\axelk\AppData\LocalLow\Mozilla
2017-05-17 11:29 - 2017-05-17 11:29 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Sun
2017-05-17 11:24 - 2017-06-01 10:20 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\axelk\AppData\Local\VirtualStore
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\axelk\AppData\Local\DBG
2017-05-16 12:58 - 2017-05-16 12:58 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Program Files (x86)\UltraUXThemePatcher
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll.backup
2017-05-12 14:50 - 2017-06-01 01:40 - 00004421 _____ C:\Users\axelk\AppData\Roaming\VoiceMeeterDefault.xml
2017-05-12 14:46 - 2017-05-12 14:46 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files\VB
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files (x86)\VB
2017-05-12 14:05 - 2017-05-12 14:05 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-12 14:05 - 2017-05-12 14:05 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-12 14:05 - 2017-05-12 14:05 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-12 14:04 - 2017-05-12 14:04 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-12 14:04 - 2017-05-12 14:04 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-12 14:04 - 2017-05-12 14:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-12 14:02 - 2017-05-12 13:08 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-12 14:01 - 2017-05-12 14:01 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-12 13:23 - 2017-05-12 13:23 - 00000020 ___SH C:\Users\axelk\ntuser.ini
2017-05-12 13:19 - 2017-06-01 10:33 - 02891166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-12 13:15 - 2017-06-01 10:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-12 13:15 - 2017-05-31 12:25 - 00004044 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469838226
2017-05-12 13:15 - 2017-05-12 13:25 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-12 13:15 - 2017-05-12 13:15 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00003332 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-12 13:15 - 2017-05-12 13:15 - 00002942 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-12 13:15 - 2017-05-12 13:15 - 00002668 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00002254 _____ C:\WINDOWS\System32\Tasks\{3B57F17C-6AA3-4C62-82EB-0F2C06B4EF12}
2017-05-12 13:15 - 2017-05-12 13:15 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-12 13:10 - 2017-05-12 13:13 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-12 13:10 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-12 13:09 - 2017-06-01 10:13 - 00000000 ____D C:\Users\axelk
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Vorlagen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Startmenü
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Netzwerkumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Lokale Einstellungen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Eigene Dateien
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Druckumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\AppData\Local\Verlauf
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\AppData\Local\Anwendungsdaten
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Anwendungsdaten
2017-05-12 13:09 - 2017-05-01 22:51 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-12 13:09 - 2017-04-25 23:11 - 07944687 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-12 13:08 - 2017-06-01 10:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-25 08:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-12 13:08 - 2017-05-13 13:23 - 00390432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-12 13:08 - 2017-05-12 13:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____D C:\Program Files\VIA
2017-05-11 18:06 - 2017-05-11 18:06 - 00001100 _____ C:\Users\axelk\Desktop\TWD Staffel 7 - Verknüpfung.lnk
2017-05-11 17:48 - 2017-05-17 11:23 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-11 01:10 - 2017-03-04 08:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-05-10 15:25 - 2017-05-10 15:25 - 00000000 ____D C:\Users\axelk\AppData\Local\UNP
2017-05-10 11:24 - 2017-05-10 11:24 - 00001252 _____ C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update- und Datenschutzeinstellungen.lnk
2017-05-09 19:10 - 2017-05-09 19:10 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-05-09 19:09 - 2017-05-12 13:13 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-09 19:09 - 2017-05-09 19:11 - 00000000 ____D C:\Program Files\UNP
2017-05-09 18:10 - 2017-05-09 18:12 - 00000000 ____D C:\Users\axelk\AppData\Roaming\IObit
2017-05-09 18:10 - 2017-05-09 18:10 - 00000000 ____D C:\Users\axelk\AppData\LocalLow\IObit
2017-05-09 18:09 - 2017-05-09 18:09 - 00000000 ____D C:\Users\axelk\AppData\Local\Downloaded Installations
2017-05-09 17:25 - 2017-05-11 18:06 - 00016896 ___SH C:\Users\axelk\Desktop\Thumbs.db
2017-05-09 17:06 - 2017-05-09 17:06 - 00001402 _____ C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.exe - Verknüpfung.lnk
2017-05-09 16:55 - 2017-05-09 16:55 - 00000000 _____ C:\WINDOWS\SysWOW64\1111
2017-05-06 14:41 - 2017-05-17 11:26 - 00000831 _____ C:\Users\Public\Desktop\freenet TV Player.lnk
2017-05-06 14:41 - 2017-05-17 11:25 - 00000000 ____D C:\Users\axelk\AppData\Roaming\freenet TV Player
2017-05-06 14:41 - 2017-05-06 14:41 - 00098400 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusbk.dll
2017-05-06 14:41 - 2017-05-06 14:41 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusb0.dll
2017-05-06 14:41 - 2017-05-06 14:41 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2017-05-06 14:41 - 2017-05-06 14:41 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\Drivers\libusb0.sys
2017-05-05 17:47 - 2017-05-05 17:47 - 00000000 ____D C:\Users\axelk\AppData\Local\Bluestacks
2017-05-05 17:46 - 2017-05-05 17:50 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-05-04 10:44 - 2017-05-04 10:44 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-03 18:39 - 2017-05-03 18:39 - 00000000 ____D C:\Program Files (x86)\IIS
2017-05-03 18:38 - 2017-05-03 18:38 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-06-01 21:55 - 2016-07-30 23:50 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Skype
2017-06-01 10:33 - 2017-03-20 06:41 - 01372790 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-01 10:33 - 2017-03-20 06:41 - 00329402 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-01 10:31 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-01 10:31 - 2014-04-09 23:47 - 00000000 ____D C:\temp
2017-06-01 10:20 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-01 10:13 - 2016-08-01 15:52 - 00000000 ____D C:\Users\axelk\AppData\Local\Overwolf
2017-06-01 01:41 - 2017-03-18 13:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-31 20:06 - 2016-07-30 00:25 - 00000000 ____D C:\Users\axelk\AppData\Local\Packages
2017-05-31 16:43 - 2016-09-26 01:02 - 00000735 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-31 02:04 - 2016-08-01 15:54 - 00000000 ____D C:\Users\axelk\AppData\Roaming\TS3Client
2017-05-30 09:51 - 2016-07-30 10:49 - 00202476 _____ C:\WINDOWS\hpoins14.dat
2017-05-30 09:49 - 2015-10-30 09:24 - 00000127 _____ C:\WINDOWS\win.ini
2017-05-29 12:42 - 2016-07-30 00:25 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Adobe
2017-05-27 11:35 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-27 11:33 - 2016-08-01 04:01 - 00000000 ____D C:\Program Files\Microsoft Office
2017-05-24 12:41 - 2016-07-30 10:20 - 00000000 ____D C:\Users\axelk\AppData\Roaming\vlc
2017-05-23 12:08 - 2016-07-31 00:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 12:06 - 2016-07-31 00:14 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-21 21:09 - 2016-07-30 00:27 - 00000000 ____D C:\Users\axelk\AppData\Local\Comms
2017-05-19 18:07 - 2017-03-20 06:43 - 00427608 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-05-19 18:03 - 2017-01-04 16:19 - 01609232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-05-19 18:03 - 2017-01-04 16:19 - 00226712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-05-19 17:47 - 2017-01-04 16:02 - 04136736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-19 15:14 - 2017-04-26 16:23 - 00000000 ____D C:\Insist
2017-05-19 14:22 - 2017-01-04 11:07 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb
2017-05-18 09:40 - 2017-03-30 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-18 09:40 - 2016-07-30 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-17 12:54 - 2016-07-30 00:32 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Mozilla
2017-05-17 11:26 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-17 11:23 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 __RSD C:\WINDOWS\Media
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\security
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-17 11:23 - 2016-07-30 00:31 - 00000000 ____D C:\Users\axelk\AppData\Local\MicrosoftEdge
2017-05-16 11:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-16 11:30 - 2016-08-01 16:00 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-05-12 22:44 - 2016-07-30 02:21 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
2017-05-12 14:07 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-12 13:25 - 2016-07-30 00:28 - 00002428 _____ C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-12 13:24 - 2016-09-30 09:57 - 00000000 ____D C:\Users\axelk\AppData\Local\ConnectedDevicesPlatform
2017-05-12 13:23 - 2016-04-27 07:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-12 13:18 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-12 13:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-12 13:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-12 13:15 - 2017-03-20 06:43 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-12 13:15 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-12 13:15 - 2016-09-30 09:54 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-12 13:13 - 2016-08-01 16:00 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-05-12 13:13 - 2016-08-01 15:17 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-05-12 13:13 - 2016-08-01 03:10 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-05-12 13:13 - 2016-07-30 01:42 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-12 13:11 - 2016-07-30 00:21 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-12 13:10 - 2017-02-11 12:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-12 13:10 - 2016-07-30 02:08 - 00000000 ____D C:\Program Files\Intel
2017-05-12 13:10 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-12 13:09 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-05 15:12 - 2017-02-05 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-04 10:44 - 2017-03-02 21:09 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-04 10:44 - 2017-03-02 21:09 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-04 10:44 - 2017-03-02 21:09 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-04 10:44 - 2017-03-02 21:09 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-04 10:44 - 2016-07-30 02:22 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-03 18:37 - 2017-04-28 16:48 - 00000000 _____ C:\WINDOWS\SysWOW64\11

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-05-18 16:44 - 2017-05-19 12:43 - 0003475 _____ () C:\Users\axelk\AppData\Roaming\go00001.bak
2017-05-12 14:50 - 2017-06-01 01:40 - 0004421 _____ () C:\Users\axelk\AppData\Roaming\VoiceMeeterDefault.xml
2016-08-01 04:09 - 2016-08-01 04:09 - 0000042 _____ () C:\Users\axelk\AppData\Roaming\WB.CFG
2017-04-05 20:20 - 2017-04-05 20:20 - 0007602 _____ () C:\Users\axelk\AppData\Local\Resmon.ResmonCfg
2016-07-30 10:49 - 2017-05-30 09:51 - 0008122 _____ () C:\ProgramData\hpzinstall.log
2017-05-16 11:32 - 2017-05-16 12:58 - 0003475 _____ () C:\ProgramData\_MC000001.bak

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-06-01 10:27

==================== Ende von FRST.txt ============================

Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-06-2017
durchgeführt von axelk (01-06-2017 22:00:27)
Gestartet von C:\Users\axelk\Desktop
Windows 10 Pro Version 1703 (X64) (2017-05-12 11:18:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-632498878-1310639711-2934333010-500 - Administrator - Disabled)
axelk (S-1-5-21-632498878-1310639711-2934333010-1001 - Administrator - Enabled) => C:\Users\axelk
DefaultAccount (S-1-5-21-632498878-1310639711-2934333010-503 - Limited - Disabled)
Gast (S-1-5-21-632498878-1310639711-2934333010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-632498878-1310639711-2934333010-1003 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.17 - Adobe Systems)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Ansel (Version: 382.05 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_NS_LP_DocCD (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F2100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F2100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FortiClient (HKLM\...\{C8080F10-F9D9-42C8-81AF-C6DB77E66BFD}) (Version: 5.4.3.0870 - Fortinet Inc)
freenet TV Player (HKLM-x32\...\{DF667F39-4FD4-4E40-9B09-BC335DC77F31}_is1) (Version: 1.1.0.8 - Media Broadcast)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Deskjet All-In-One Software (HKLM\...\{2CB8566A-8EA6-417A-BAB1-1B10A88C79BB}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.3.0.17 - IObit)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 de)) (Version: 53.0 - Mozilla)
Mozilla Firefox 53.0.2 (x86 de) (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Mozilla Firefox 53.0.2 (x86 de)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Mozilla Thunderbird 52.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 de)) (Version: 52.1.1 - Mozilla)
NAPS2 5.3.0 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version:  - Ben Olden-Cooligan)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.210.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.13.201609091558 - Sony Mobile Communications Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.2.1.0 - Manuel Hoefs (Zottel))
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.7.0.0 - Winaero)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
Xperia Companion (HKLM-x32\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony)
Xperia Companion (x32 Version: 1.4.7.0 - Sony) Hidden
Xperia Companion Service (Version: 1.4.7.0 - Sony) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0918E41B-4ACE-47C9-B324-87B92369844D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic 
Task: {11366A5A-5391-4243-B53D-B7703B089700} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-04] (AVAST Software)
Task: {2262A505-C723-4B93-8C54-D54CFEF132B7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {2D0D842A-D853-4435-ABBF-B2688A41CD49} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-27] ()
Task: {3A93EF94-0E07-4AEB-B93A-23B6119E3ED3} - System32\Tasks\SafeZone scheduled Autoupdate 1469838226 => D:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {3B7C74A1-C020-4DF7-BC0D-0161766AF337} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {6D75C1ED-4FDD-4A23-BF13-175BE72EABD9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-27] ()
Task: {7CC7B710-7F65-4E9F-B3C5-51FE25349CF9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-05-14] (Overwolf LTD)
Task: {ABEC86F5-A725-45B2-AA1F-A6E7DC542C37} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {B4418451-ADAE-4B4A-ACF2-1156D8C0CAA9} - System32\Tasks\{3B57F17C-6AA3-4C62-82EB-0F2C06B4EF12} => pcalua.exe -a C:\Users\axelk\AppData\Roaming\AppTrailers\Uninstall.exe
Task: {C3848A7A-7D88-4349-9540-C75BDD395579} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {CEA438F3-0BE1-4ABB-BDC4-FC05E13A5342} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {D28984AC-290D-45E8-A874-D5E3F6F72DBC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-05-27] (Microsoft Corporation)
Task: {F194E489-8749-4E9F-801C-B1ED3F1ED393} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-05-27] (Microsoft Corporation)
Task: {F9F9C01F-5782-4D86-86B6-D133AE3F6229} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-09-30 20:49 - 2016-08-02 22:56 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2017-05-19 13:12 - 2017-05-09 16:38 - 02270672 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-30 02:07 - 2016-07-30 02:06 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2016-07-30 02:07 - 2016-07-30 02:06 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2017-05-19 20:17 - 2017-05-19 20:17 - 00069632 _____ () D:\Program Files\CCleaner\lang\lang-1031.dll
2017-05-26 11:29 - 2017-05-26 11:29 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-26 11:29 - 2017-05-26 11:29 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-26 11:29 - 2017-05-26 11:29 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-26 11:29 - 2017-05-26 11:29 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-05 15:57 - 2017-05-05 16:01 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-07-30 01:06 - 2016-07-30 01:06 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-05-23 15:34 - 2017-05-23 15:34 - 03982336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-05-23 15:34 - 2017-05-23 15:34 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-24 12:32 - 2017-05-24 12:32 - 01726976 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
2017-05-24 12:32 - 2017-05-24 12:32 - 13096136 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-06-01 10:19 - 2017-06-01 10:19 - 30965760 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-06-01 10:19 - 2017-06-01 10:19 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-05-26 11:28 - 2017-05-26 11:28 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-09 18:10 - 2016-06-21 19:29 - 00210720 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-05-09 18:10 - 2016-06-21 19:30 - 00442144 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-05-09 18:10 - 2016-06-21 19:29 - 00059680 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-09-30 18:46 - 2016-09-30 18:45 - 02493440 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
2017-03-08 16:07 - 2017-03-08 16:07 - 00548882 _____ () D:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00170216 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00997896 _____ () D:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 67717632 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00176992 _____ () D:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00223224 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00291824 _____ () D:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00684656 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-14 12:53 - 2017-05-14 12:53 - 68886856 _____ () C:\Program Files (x86)\Overwolf\0.104.210.0\libcef.DLL
2017-04-26 15:19 - 2017-04-26 15:19 - 02005976 ____R () D:\Program Files (x86)\Skype\Phone\skypert.dll
2017-05-09 18:10 - 2016-05-23 21:49 - 00899872 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-05-09 18:10 - 2016-10-18 16:57 - 00631072 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-05-06 14:41 - 2016-08-26 17:35 - 00032256 _____ () D:\Program Files (x86)\freenet TV Player\pthreadVC2.dll
2017-05-06 14:41 - 2014-02-02 05:52 - 00015872 _____ () D:\Program Files (x86)\freenet TV Player\sensors\qtsensors_dummy.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2017-03-18 23:03 - 2017-03-18 23:01 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-632498878-1310639711-2934333010-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\axelk\AppData\Local\Microsoft\Windows\Themes\1\DesktopBackground\berlin_skyline_2009.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{4A1044FB-C58A-40EF-A6DC-81FF9EC14C71}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B5A988B2-6ED0-4EFF-AA7A-93EE44BF0F03}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F3B4F35-A890-4D11-B2DB-C79065EABF6E}] => (Allow) D:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{087BB19E-3A8E-405E-A256-206C3EB05166}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe
FirewallRules: [{808F1B9E-1405-427D-AC50-182FCAAD68A0}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe
FirewallRules: [{C5986C44-5331-41F8-8336-16FB57EDFBB6}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe
FirewallRules: [{5914DEED-5002-4C36-8E96-86334DD1C20C}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe
FirewallRules: [{260D5894-7067-4C9D-882A-847B45D867D0}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
FirewallRules: [{2CBAAD81-B029-480C-A5C7-01172CCDCD0F}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{BB53463E-3EB7-4CF1-AF4E-88BF4DCDD670}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{27B2F895-3CF7-439E-B97E-425FB7371D7A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4864C0AF-5F7F-43D0-972D-22A0C357D1D3}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{01EB7B1F-CF4C-4484-9508-63DA87D2D717}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{8299F97F-70E5-49CE-ABCC-AB4C1FAA915A}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B64CE02C-D895-4FBD-B104-7E7FF44BC014}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{29904459-EC6F-4F55-826A-896B4728721E}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{594D49DF-82D5-4A40-8A36-84B3E2536945}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1134500B-B0DC-4E71-A92F-2B422A2975C0}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3AFDDE4E-018E-46CD-9B23-62D0418B05A4}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D70CF209-75E1-4654-BCFB-B6B07337C1D5}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{440102DB-0B8C-479C-91E3-62B26A3BF19A}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{49639792-4409-4E93-BF02-0EACF224E3D6}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{AE2A7072-2712-4E07-8F9E-794E69D96E8F}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{822B3CAD-89E2-4100-9B9E-C4A7574BBA4A}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B40C7412-CDCB-4491-A4D5-EEB6760F4DCA}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F48E5C2F-9F05-4C88-969E-B16F52526C76}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{878C6AED-E2DC-4A69-A036-584A79D590EE}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C42D6441-A71A-4865-B846-F3527A7B9086}] => (Allow) D:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{092EC3B6-115D-4FFD-8138-7D1AD1FB3DFE}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{F6C4B94B-6EC3-42B0-B54A-6AAD97B613C5}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{A6570FB1-53DC-48D1-98B7-6B38B0E646BE}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6C41311E-9293-4F27-AF49-D74C831F9684}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FE00941-5BAE-49FE-8225-C9136F4845FC}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F0D7BEF3-512F-4270-A385-E50365B9758F}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8CE021A7-9DE1-403B-893E-E8C0D563A839}] => (Allow) D:\Program Files (x86)\World of Tanks\WoTLauncher.exe
FirewallRules: [{2E457069-E15D-4520-A5EC-92A516D5063D}] => (Allow) D:\Program Files (x86)\World of Tanks\WoTLauncher.exe
FirewallRules: [{AF1667C3-4B7E-4E9B-B8BF-FA87C840A386}] => (Allow) D:\Program Files (x86)\World of Tanks\worldoftanks.exe
FirewallRules: [{BE9215E9-DCB0-46DF-9F81-189E9A77D904}] => (Allow) D:\Program Files (x86)\World of Tanks\worldoftanks.exe
FirewallRules: [{3F6AEF2F-668F-4379-976C-342D20220F20}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EF4677A9-367D-4E5E-B831-514251E0D7EB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0D99E469-504A-462C-94F5-E7DCF80F8B19}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{B7E939F9-B3DC-4DE2-AA18-FC3A51CCC2B5}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{84F2C865-0465-4CFB-AC69-2C112EDAE3E1}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{604BAB7F-AC3B-4941-9861-532617021D85}] => (Allow) C:\Program Files (x86)\Baglook\Application\chrome.exe
FirewallRules: [{B38E82E2-C02A-4C0B-AF90-55E4D0E9E1C4}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{708551CB-6CA0-4266-B63A-D3D409F4FCEA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A13507CD-FC97-43AC-96B9-F4A940021A25}] => (Allow) D:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe

==================== Wiederherstellungspunkte =========================

23-05-2017 12:06:37 Windows Update
29-05-2017 17:24:25 Installed EndNote X7
30-05-2017 10:32:32 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/01/2017 07:02:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

Error: (06/01/2017 06:05:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/01/2017 12:22:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

Error: (06/01/2017 10:27:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-NEE8C9I)
Description: Das Paket „Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (06/01/2017 10:23:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (06/01/2017 10:22:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\GTAIV.exe".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/01/2017 10:22:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gta4Browser.exe".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/01/2017 10:22:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/01/2017 10:14:01 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/01/2017 10:13:57 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (06/01/2017 06:05:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (06/01/2017 10:13:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "KMS-R@1n" wurde mit folgendem Fehler beendet: 
Das Endpunktformat ist unzulässig.

Error: (06/01/2017 10:13:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (05/31/2017 04:38:35 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (05/31/2017 12:14:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "KMS-R@1n" wurde mit folgendem Fehler beendet: 
Das Endpunktformat ist unzulässig.

Error: (05/31/2017 12:14:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (05/31/2017 02:04:43 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1115" in DCOM, als der Dienst "tiledatamodelsvc" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{B31118B2-1F49-48E5-B6F5-BC21CAEC56FB}

Error: (05/30/2017 10:40:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (05/30/2017 10:40:47 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\axelk\AppData\Local\Temp\ehdrv.sys

Error: (05/30/2017 10:40:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.


CodeIntegrity:
===================================
  Date: 2017-06-01 18:05:37.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-01 18:05:37.169
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-01 18:05:37.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-01 18:05:37.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-01 18:05:37.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-01 18:05:37.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-01 18:05:37.119
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-01 18:05:37.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-01 18:05:37.097
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-01 18:05:37.089
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 8150.18 MB
Verfügbarer physikalischer RAM: 4466.29 MB
Summe virtueller Speicher: 9430.18 MB
Verfügbarer virtueller Speicher: 4403.5 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:116.72 GB) (Free:69.1 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:395.77 GB) NTFS
Drive g: (MAXTOR) (Fixed) (Total:465.76 GB) (Free:313.28 GB) NTFS
Drive h: (TREKSTOR) (Fixed) (Total:596.17 GB) (Free:30.99 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 117.4 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EBCA1A5A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 1FCD3B71)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 596.2 GB) (Disk ID: 000C3041)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

M-K-D-B · 02.06.2017, 19:35

Servus,

der Rechner ist noch nicht sauber.

Du hast da mindestens eine illegale/gecrackte Software auf deinem Rechner:
Microsoft Office Professional Plus 2016

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter, wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

M-K-D-B · 05.06.2017, 12:36

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
Profilnachricht inklusive Link zum Thema an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

uxel · 08.06.2017, 08:47

Zitat:

Du hast da mindestens eine illegale/gecrackte Software auf deinem Rechner:
Microsoft Office Professional Plus 2016

Ist entfernt

M-K-D-B · 08.06.2017, 12:57

Schritt 1

Starte die FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

uxel · 08.06.2017, 15:16

FRST.txt:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2017 01
durchgeführt von axelk (Administrator) auf DESKTOP-NEE8C9I (08-06-2017 16:07:07)
Gestartet von C:\Users\axelk\Desktop\Logs
Geladene Profile: axelk (Verfügbare Profile: axelk)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(AVAST Software s.r.o.) D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\old_42138_Overwolf.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Wargaming.net) D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.104.210.0\OverwolfBrowser.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.210.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.210.0\OverwolfHelper64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1522.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
() C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\PeopleApp.exe
() C:\Program Files\WindowsApps\ZattooEuropaAG.ZattooLiveTV_4.5.107.0_x64__cwpjhwd4pd0ma\Zattoo.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\update_task.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2016-07-30] (VIA)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-04] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ACHTUNG
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-06-06] ()
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [World of Tanks] => D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2088832 2016-12-22] (Sony)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
Startup: C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2017-05-12]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicy: Beschränkung <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4beea3e3-899f-4d05-a6a5-2d83c6087d76}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-632498878-1310639711-2934333010-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 0ksa54iq.default-1493836180353
FF ProfilePath: C:\Users\axelk\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 [2017-06-08]
FF Homepage: Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 -> about:home
FF Extension: (I don't care about cookies) - C:\Users\axelk\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2017-05-03]
FF Extension: (Adblock Plus) - C:\Users\axelk\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @FortinetCacheClean -> D:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> D:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> D:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-02-25]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-04] (AVAST Software)
R2 FA_Scheduler; D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [119826 2017-03-08] (Fortinet Inc.) [Datei ist nicht signiert]
R3 hpqcxs08; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2011-04-29] (Hewlett-Packard Co.)
R2 hpqddsvc; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
R2 IObitUnSvr; D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-07-31] () [Datei ist nicht signiert]
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-30] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-06-06] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies)
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27768 2016-07-30] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-04] (AVAST Software)
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [18000 2017-03-08] (Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [37456 2017-03-08] (Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [147536 2017-03-08] (Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [85072 2017-03-08] (Fortinet Inc)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Inc)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2016-10-05] (Sony Mobile Communications)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2017-05-06] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-08] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Inc.)
S3 RTL2831UBDA; C:\WINDOWS\system32\drivers\RTL2831UBDA.sys [116000 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys [39968 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-05-12] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-06-07 23:32 - 2017-06-07 23:32 - 00000000 ____D C:\Users\axelk\.TeamSpeak 3
2017-06-07 23:32 - 2017-06-07 23:32 - 00000000 ____D C:\Users\axelk\.QtWebEngineProcess
2017-06-06 22:44 - 2017-06-06 22:44 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-05 18:34 - 2017-06-05 18:34 - 00000000 ____D C:\Users\axelk\AppData\Roaming\SolidDocuments
2017-06-03 10:41 - 2017-06-03 10:41 - 00000794 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-02 17:38 - 2017-06-02 17:38 - 00000835 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-06-02 10:17 - 2017-06-02 10:21 - 00000000 ____D C:\Program Files (x86)\IObit
2017-06-02 10:17 - 2017-06-02 10:17 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2017-06-01 22:03 - 2017-06-01 22:20 - 00182046 _____ C:\TDSSKiller.3.1.0.15_01.06.2017_22.03.51_log.txt
2017-06-01 10:31 - 2017-06-01 10:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-01 10:31 - 2017-05-01 22:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-06-01 10:31 - 2017-03-10 23:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-01 10:31 - 2017-03-10 23:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-01 10:31 - 2017-03-10 23:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-01 10:31 - 2017-03-10 23:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-01 10:30 - 2017-05-19 18:07 - 00521816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-06-01 10:29 - 2017-06-01 10:31 - 00000000 ____D C:\WINDOWS\LastGood
2017-05-30 19:34 - 2017-06-08 16:07 - 00000000 ____D C:\FRST
2017-05-30 10:35 - 2017-05-30 10:35 - 00000000 ____D C:\Program Files (x86)\ESET
2017-05-30 10:14 - 2017-05-30 10:23 - 00000000 ____D C:\AdwCleaner
2017-05-29 12:43 - 2017-05-29 12:43 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-22 11:55 - 2017-05-22 11:55 - 00001236 _____ C:\Users\axelk\Desktop\Firefox.lnk
2017-05-19 18:05 - 2017-05-19 18:05 - 35397528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-19 18:04 - 2017-05-19 18:04 - 28632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-19 18:04 - 2017-05-19 18:04 - 00969624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-19 18:04 - 2017-05-19 18:04 - 00920664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 01996696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438205.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 01598360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438205.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 01062808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 00999832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 00054680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 40210512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 35290192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 03800984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 03256408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 11161992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 10648512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 09102480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 08891160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 00703880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 00591672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-19 17:47 - 2017-05-19 17:47 - 11129704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-19 17:47 - 2017-05-19 17:47 - 09335520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-19 17:47 - 2017-05-19 17:47 - 03647864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-19 14:22 - 2017-05-19 14:22 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-05-19 14:22 - 2017-05-19 14:22 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-05-19 13:12 - 2017-06-08 08:32 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-19 13:12 - 2017-06-06 19:34 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-19 13:12 - 2017-06-02 21:50 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-19 13:12 - 2017-06-02 21:50 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-19 13:12 - 2017-06-02 21:50 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00000974 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-19 12:31 - 2017-05-19 12:31 - 00000000 ____D C:\Users\axelk\AppData\Local\Macromedia
2017-05-18 16:44 - 2017-05-19 12:43 - 00003475 _____ C:\Users\axelk\AppData\Roaming\go00001.bak
2017-05-18 13:56 - 2017-05-18 13:56 - 00000000 ____D C:\Users\axelk\AppData\Local\PeerDistRepub
2017-05-17 22:55 - 2017-05-17 22:55 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-17 22:55 - 2017-05-17 22:55 - 00000000 ____D C:\Program Files (x86)\Skype
2017-05-17 12:54 - 2017-06-08 16:07 - 00000000 ____D C:\Users\axelk\AppData\LocalLow\Mozilla
2017-05-17 11:29 - 2017-05-17 11:29 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Sun
2017-05-17 11:24 - 2017-06-08 09:38 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\axelk\AppData\Local\VirtualStore
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\axelk\AppData\Local\DBG
2017-05-16 12:58 - 2017-05-16 12:58 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Program Files (x86)\UltraUXThemePatcher
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll.backup
2017-05-12 14:50 - 2017-06-08 01:29 - 00004421 _____ C:\Users\axelk\AppData\Roaming\VoiceMeeterDefault.xml
2017-05-12 14:46 - 2017-05-12 14:46 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files\VB
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files (x86)\VB
2017-05-12 14:05 - 2017-05-12 14:05 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-12 14:05 - 2017-05-12 14:05 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-12 14:05 - 2017-05-12 14:05 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-12 14:04 - 2017-05-12 14:04 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-12 14:04 - 2017-05-12 14:04 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-12 14:04 - 2017-05-12 14:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-12 14:02 - 2017-05-12 13:08 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-12 14:01 - 2017-05-12 14:01 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-12 13:23 - 2017-05-12 13:23 - 00000020 ___SH C:\Users\axelk\ntuser.ini
2017-05-12 13:19 - 2017-06-08 08:38 - 03270636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-12 13:15 - 2017-06-08 08:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-12 13:15 - 2017-05-31 12:25 - 00004044 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469838226
2017-05-12 13:15 - 2017-05-12 13:25 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-12 13:15 - 2017-05-12 13:15 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00003332 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-12 13:15 - 2017-05-12 13:15 - 00002942 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-12 13:15 - 2017-05-12 13:15 - 00002668 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00002254 _____ C:\WINDOWS\System32\Tasks\{3B57F17C-6AA3-4C62-82EB-0F2C06B4EF12}
2017-05-12 13:15 - 2017-05-12 13:15 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-12 13:10 - 2017-05-12 13:13 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-12 13:10 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-12 13:09 - 2017-06-08 08:33 - 00000000 ____D C:\Users\axelk
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Vorlagen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Startmenü
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Netzwerkumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Lokale Einstellungen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Eigene Dateien
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Druckumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\AppData\Local\Verlauf
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\AppData\Local\Anwendungsdaten
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Anwendungsdaten
2017-05-12 13:09 - 2017-05-01 22:51 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-12 13:09 - 2017-04-25 23:11 - 07944687 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-12 13:08 - 2017-06-01 10:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-25 08:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-12 13:08 - 2017-05-13 13:23 - 00390432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-12 13:08 - 2017-05-12 13:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____D C:\Program Files\VIA
2017-05-11 18:06 - 2017-05-11 18:06 - 00001100 _____ C:\Users\axelk\Desktop\TWD Staffel 7 - Verknüpfung.lnk
2017-05-11 17:48 - 2017-05-17 11:23 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-11 01:10 - 2017-03-04 08:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-05-10 15:25 - 2017-05-10 15:25 - 00000000 ____D C:\Users\axelk\AppData\Local\UNP
2017-05-10 11:24 - 2017-05-10 11:24 - 00001252 _____ C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update- und Datenschutzeinstellungen.lnk
2017-05-09 19:10 - 2017-05-09 19:10 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-05-09 19:09 - 2017-05-12 13:13 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-09 19:09 - 2017-05-09 19:11 - 00000000 ____D C:\Program Files\UNP
2017-05-09 18:10 - 2017-06-02 10:21 - 00000000 ____D C:\Users\axelk\AppData\LocalLow\IObit
2017-05-09 18:10 - 2017-06-02 10:17 - 00000000 ____D C:\Users\axelk\AppData\Roaming\IObit
2017-05-09 18:09 - 2017-05-09 18:09 - 00000000 ____D C:\Users\axelk\AppData\Local\Downloaded Installations
2017-05-09 17:25 - 2017-05-11 18:06 - 00016896 ___SH C:\Users\axelk\Desktop\Thumbs.db
2017-05-09 17:06 - 2017-05-09 17:06 - 00001402 _____ C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.exe - Verknüpfung.lnk
2017-05-09 16:55 - 2017-05-09 16:55 - 00000000 _____ C:\WINDOWS\SysWOW64\1111

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-06-08 16:00 - 2016-08-01 16:00 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-06-08 16:00 - 2016-07-30 23:50 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Skype
2017-06-08 09:29 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-08 09:24 - 2016-07-30 00:31 - 00000000 ____D C:\Users\axelk\AppData\Local\MicrosoftEdge
2017-06-08 09:24 - 2016-07-30 00:25 - 00000000 ____D C:\Users\axelk\AppData\Local\Packages
2017-06-08 08:38 - 2017-03-20 06:41 - 01576734 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-08 08:38 - 2017-03-20 06:41 - 00388136 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-08 08:37 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-08 08:33 - 2016-08-01 15:52 - 00000000 ____D C:\Users\axelk\AppData\Local\Overwolf
2017-06-08 01:29 - 2017-03-18 13:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-08 00:38 - 2016-08-01 15:54 - 00000000 ____D C:\Users\axelk\AppData\Roaming\TS3Client
2017-06-07 17:14 - 2016-08-01 04:01 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-07 17:13 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-07 17:13 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-03 10:50 - 2016-07-30 10:20 - 00000000 ____D C:\Users\axelk\AppData\Roaming\vlc
2017-06-01 10:31 - 2014-04-09 23:47 - 00000000 ____D C:\temp
2017-05-31 16:43 - 2016-09-26 01:02 - 00000735 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-30 09:51 - 2016-07-30 10:49 - 00202476 _____ C:\WINDOWS\hpoins14.dat
2017-05-30 09:49 - 2015-10-30 09:24 - 00000127 _____ C:\WINDOWS\win.ini
2017-05-29 12:42 - 2016-07-30 00:25 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Adobe
2017-05-23 12:08 - 2016-07-31 00:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 12:06 - 2016-07-31 00:14 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-21 21:09 - 2016-07-30 00:27 - 00000000 ____D C:\Users\axelk\AppData\Local\Comms
2017-05-19 18:07 - 2017-03-20 06:43 - 00427608 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-05-19 18:03 - 2017-01-04 16:19 - 01609232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-05-19 18:03 - 2017-01-04 16:19 - 00226712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-05-19 17:47 - 2017-01-04 16:02 - 04136736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-19 15:14 - 2017-04-26 16:23 - 00000000 ____D C:\Insist
2017-05-19 14:22 - 2017-01-04 11:07 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb
2017-05-18 09:40 - 2017-03-30 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-18 09:40 - 2016-07-30 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-17 12:54 - 2016-07-30 00:32 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Mozilla
2017-05-17 11:26 - 2017-05-06 14:41 - 00000831 _____ C:\Users\Public\Desktop\freenet TV Player.lnk
2017-05-17 11:26 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-17 11:25 - 2017-05-06 14:41 - 00000000 ____D C:\Users\axelk\AppData\Roaming\freenet TV Player
2017-05-17 11:23 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 __RSD C:\WINDOWS\Media
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\security
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-16 11:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-12 22:44 - 2016-07-30 02:21 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
2017-05-12 14:07 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-12 13:25 - 2016-07-30 00:28 - 00002428 _____ C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-12 13:24 - 2016-09-30 09:57 - 00000000 ____D C:\Users\axelk\AppData\Local\ConnectedDevicesPlatform
2017-05-12 13:23 - 2016-04-27 07:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-12 13:18 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-12 13:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-12 13:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-12 13:15 - 2017-03-20 06:43 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-12 13:15 - 2016-09-30 09:54 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-12 13:13 - 2016-08-01 16:00 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-05-12 13:13 - 2016-08-01 15:17 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-05-12 13:13 - 2016-08-01 03:10 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-05-12 13:13 - 2016-07-30 01:42 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-12 13:11 - 2016-07-30 00:21 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-12 13:10 - 2017-02-11 12:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-12 13:10 - 2016-07-30 02:08 - 00000000 ____D C:\Program Files\Intel
2017-05-12 13:10 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-12 13:09 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-05-18 16:44 - 2017-05-19 12:43 - 0003475 _____ () C:\Users\axelk\AppData\Roaming\go00001.bak
2017-05-12 14:50 - 2017-06-08 01:29 - 0004421 _____ () C:\Users\axelk\AppData\Roaming\VoiceMeeterDefault.xml
2016-08-01 04:09 - 2016-08-01 04:09 - 0000042 _____ () C:\Users\axelk\AppData\Roaming\WB.CFG
2017-04-05 20:20 - 2017-04-05 20:20 - 0007602 _____ () C:\Users\axelk\AppData\Local\Resmon.ResmonCfg
2016-07-30 10:49 - 2017-05-30 09:51 - 0008122 _____ () C:\ProgramData\hpzinstall.log
2017-05-16 11:32 - 2017-05-16 12:58 - 0003475 _____ () C:\ProgramData\_MC000001.bak

Einige Dateien in TEMP:
====================
2017-06-08 09:29 - 2017-05-02 09:43 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\axelk\AppData\Local\Temp\HD-Common.dll
2017-06-08 09:29 - 2017-05-02 09:43 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\axelk\AppData\Local\Temp\HD-InstallerUtils.dll
2017-06-08 09:29 - 2017-05-02 09:40 - 0187416 _____ (BlueStack Systems) C:\Users\axelk\AppData\Local\Temp\HD-LibraryHandler.dll
2017-06-08 09:29 - 2017-05-02 09:39 - 0246808 _____ (BlueStack Systems) C:\Users\axelk\AppData\Local\Temp\HD-Logger-Native.dll
2017-06-08 09:29 - 2017-05-02 09:42 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\axelk\AppData\Local\Temp\HD-Uninstaller.exe
2017-06-03 10:40 - 2017-06-03 10:40 - 32100680 _____ () C:\Users\axelk\AppData\Local\Temp\vlc-2.2.6-win64.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-06-01 10:27

==================== Ende von FRST.txt ============================

Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
durchgeführt von axelk (08-06-2017 16:07:51)
Gestartet von C:\Users\axelk\Desktop\Logs
Windows 10 Pro Version 1703 (X64) (2017-05-12 11:18:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-632498878-1310639711-2934333010-500 - Administrator - Disabled)
axelk (S-1-5-21-632498878-1310639711-2934333010-1001 - Administrator - Enabled) => C:\Users\axelk
DefaultAccount (S-1-5-21-632498878-1310639711-2934333010-503 - Limited - Disabled)
Gast (S-1-5-21-632498878-1310639711-2934333010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-632498878-1310639711-2934333010-1003 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Ansel (Version: 382.05 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_NS_LP_DocCD (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F2100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F2100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FortiClient (HKLM\...\{C8080F10-F9D9-42C8-81AF-C6DB77E66BFD}) (Version: 5.4.3.0870 - Fortinet Inc)
freenet TV Player (HKLM-x32\...\{DF667F39-4FD4-4E40-9B09-BC335DC77F31}_is1) (Version: 1.1.0.8 - Media Broadcast)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Deskjet All-In-One Software (HKLM\...\{2CB8566A-8EA6-417A-BAB1-1B10A88C79BB}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.3.0.17 - IObit)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 de)) (Version: 53.0 - Mozilla)
Mozilla Firefox 53.0.2 (x86 de) (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Mozilla Firefox 53.0.2 (x86 de)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Mozilla Thunderbird 52.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 de)) (Version: 52.1.1 - Mozilla)
NAPS2 5.3.0 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version:  - Ben Olden-Cooligan)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.211.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.13.201609091558 - Sony Mobile Communications Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.2.1.0 - Manuel Hoefs (Zottel))
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.7.0.0 - Winaero)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
Xperia Companion (HKLM-x32\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony)
Xperia Companion (x32 Version: 1.4.7.0 - Sony) Hidden
Xperia Companion Service (Version: 1.4.7.0 - Sony) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0918E41B-4ACE-47C9-B324-87B92369844D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {11366A5A-5391-4243-B53D-B7703B089700} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-04] (AVAST Software)
Task: {2262A505-C723-4B93-8C54-D54CFEF132B7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {3A93EF94-0E07-4AEB-B93A-23B6119E3ED3} - System32\Tasks\SafeZone scheduled Autoupdate 1469838226 => D:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {7CC7B710-7F65-4E9F-B3C5-51FE25349CF9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-06-06] (Overwolf LTD)
Task: {B4418451-ADAE-4B4A-ACF2-1156D8C0CAA9} - System32\Tasks\{3B57F17C-6AA3-4C62-82EB-0F2C06B4EF12} => pcalua.exe -a C:\Users\axelk\AppData\Roaming\AppTrailers\Uninstall.exe
Task: {C3848A7A-7D88-4349-9540-C75BDD395579} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {CEA438F3-0BE1-4ABB-BDC4-FC05E13A5342} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F9F9C01F-5782-4D86-86B6-D133AE3F6229} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-30 02:07 - 2016-07-30 02:06 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2016-07-30 02:07 - 2016-07-30 02:06 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2017-05-19 20:17 - 2017-05-19 20:17 - 00069632 _____ () D:\Program Files\CCleaner\lang\lang-1031.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 08:37 - 2017-06-08 08:37 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 43318784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 02427904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\skypert.dll
2016-09-30 20:49 - 2016-08-02 22:56 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2017-05-08 11:18 - 2017-05-08 11:20 - 00765440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-05-08 11:18 - 2017-05-08 11:20 - 10601984 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-05-08 11:18 - 2017-05-08 11:20 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-05 15:57 - 2017-05-05 16:01 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-07-30 01:06 - 2016-07-30 01:06 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-06-07 09:53 - 2017-06-07 09:53 - 03982336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1522.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-05-23 15:34 - 2017-05-23 15:34 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1522.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-24 12:32 - 2017-05-24 12:32 - 13096136 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-04-22 15:12 - 2017-04-22 15:12 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-04-22 15:12 - 2017-04-22 15:12 - 15069696 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2017-03-29 17:14 - 2017-03-29 17:14 - 04123032 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-07-30 01:03 - 2016-07-30 01:03 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-05-24 12:32 - 2017-05-24 12:32 - 01726976 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
2017-06-08 08:37 - 2017-06-08 08:37 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\PeopleApp.exe
2017-06-08 08:37 - 2017-06-08 08:37 - 08190976 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\PeopleApp.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 00132608 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 03903488 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\PeopleShared.dll
2017-05-23 15:34 - 2017-05-23 15:34 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 02567680 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 01920000 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\Microsoft.People.Relevance.dll
2016-07-30 00:56 - 2016-07-30 00:56 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 01631744 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\Microsoft.People.Native.dll
2017-05-24 12:32 - 2017-05-24 12:32 - 00018432 _____ () C:\Program Files\WindowsApps\ZattooEuropaAG.ZattooLiveTV_4.5.107.0_x64__cwpjhwd4pd0ma\Zattoo.exe
2017-05-24 12:32 - 2017-05-24 12:32 - 24365568 _____ () C:\Program Files\WindowsApps\ZattooEuropaAG.ZattooLiveTV_4.5.107.0_x64__cwpjhwd4pd0ma\Zattoo.dll
2017-05-09 18:10 - 2016-06-21 19:29 - 00210720 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-05-09 18:10 - 2016-06-21 19:30 - 00442144 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-05-09 18:10 - 2016-06-21 19:29 - 00059680 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-03-08 16:07 - 2017-03-08 16:07 - 00548882 _____ () D:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-09-30 18:46 - 2016-09-30 18:45 - 02493440 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00170216 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00997896 _____ () D:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 67717632 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00176992 _____ () D:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00223224 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00291824 _____ () D:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00684656 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-14 12:53 - 2017-05-14 12:53 - 68886856 _____ () C:\Program Files (x86)\Overwolf\0.104.210.0\libcef.DLL
2017-04-26 15:19 - 2017-04-26 15:19 - 02005976 ____R () D:\Program Files (x86)\Skype\Phone\skypert.dll
2017-05-09 18:10 - 2016-05-23 21:49 - 00899872 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-05-09 18:10 - 2016-10-18 16:57 - 00631072 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2017-03-18 23:03 - 2017-03-18 23:01 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-632498878-1310639711-2934333010-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\axelk\AppData\Local\Microsoft\Windows\Themes\1\DesktopBackground\berlin_skyline_2009.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{4A1044FB-C58A-40EF-A6DC-81FF9EC14C71}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B5A988B2-6ED0-4EFF-AA7A-93EE44BF0F03}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F3B4F35-A890-4D11-B2DB-C79065EABF6E}] => (Allow) D:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{087BB19E-3A8E-405E-A256-206C3EB05166}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe
FirewallRules: [{808F1B9E-1405-427D-AC50-182FCAAD68A0}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe
FirewallRules: [{C5986C44-5331-41F8-8336-16FB57EDFBB6}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe
FirewallRules: [{5914DEED-5002-4C36-8E96-86334DD1C20C}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe
FirewallRules: [{260D5894-7067-4C9D-882A-847B45D867D0}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
FirewallRules: [{2CBAAD81-B029-480C-A5C7-01172CCDCD0F}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{4864C0AF-5F7F-43D0-972D-22A0C357D1D3}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{01EB7B1F-CF4C-4484-9508-63DA87D2D717}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{8299F97F-70E5-49CE-ABCC-AB4C1FAA915A}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B64CE02C-D895-4FBD-B104-7E7FF44BC014}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{29904459-EC6F-4F55-826A-896B4728721E}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{594D49DF-82D5-4A40-8A36-84B3E2536945}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1134500B-B0DC-4E71-A92F-2B422A2975C0}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3AFDDE4E-018E-46CD-9B23-62D0418B05A4}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D70CF209-75E1-4654-BCFB-B6B07337C1D5}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{440102DB-0B8C-479C-91E3-62B26A3BF19A}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{49639792-4409-4E93-BF02-0EACF224E3D6}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{AE2A7072-2712-4E07-8F9E-794E69D96E8F}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{822B3CAD-89E2-4100-9B9E-C4A7574BBA4A}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B40C7412-CDCB-4491-A4D5-EEB6760F4DCA}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F48E5C2F-9F05-4C88-969E-B16F52526C76}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{878C6AED-E2DC-4A69-A036-584A79D590EE}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C42D6441-A71A-4865-B846-F3527A7B9086}] => (Allow) D:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{092EC3B6-115D-4FFD-8138-7D1AD1FB3DFE}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{F6C4B94B-6EC3-42B0-B54A-6AAD97B613C5}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{A6570FB1-53DC-48D1-98B7-6B38B0E646BE}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6C41311E-9293-4F27-AF49-D74C831F9684}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FE00941-5BAE-49FE-8225-C9136F4845FC}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F0D7BEF3-512F-4270-A385-E50365B9758F}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8CE021A7-9DE1-403B-893E-E8C0D563A839}] => (Allow) D:\Program Files (x86)\World of Tanks\WoTLauncher.exe
FirewallRules: [{2E457069-E15D-4520-A5EC-92A516D5063D}] => (Allow) D:\Program Files (x86)\World of Tanks\WoTLauncher.exe
FirewallRules: [{AF1667C3-4B7E-4E9B-B8BF-FA87C840A386}] => (Allow) D:\Program Files (x86)\World of Tanks\worldoftanks.exe
FirewallRules: [{BE9215E9-DCB0-46DF-9F81-189E9A77D904}] => (Allow) D:\Program Files (x86)\World of Tanks\worldoftanks.exe
FirewallRules: [{0D99E469-504A-462C-94F5-E7DCF80F8B19}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{B7E939F9-B3DC-4DE2-AA18-FC3A51CCC2B5}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{84F2C865-0465-4CFB-AC69-2C112EDAE3E1}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{604BAB7F-AC3B-4941-9861-532617021D85}] => (Allow) C:\Program Files (x86)\Baglook\Application\chrome.exe
FirewallRules: [{B38E82E2-C02A-4C0B-AF90-55E4D0E9E1C4}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{A13507CD-FC97-43AC-96B9-F4A940021A25}] => (Allow) D:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe

==================== Wiederherstellungspunkte =========================

29-05-2017 17:24:25 Installed EndNote X7
30-05-2017 10:32:32 JRT Pre-Junkware Removal
07-06-2017 09:43:59 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/08/2017 01:50:39 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (06/08/2017 01:45:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/08/2017 09:24:12 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-NEE8C9I)
Description: C:\Users\axelk\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalStateMicrosoft.MicrosoftEdge_8wekyb3d8bbwe-2147024894

Error: (06/08/2017 09:24:12 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-NEE8C9I)
Description: C:\Users\axelk\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalStateMicrosoft.MicrosoftEdge_8wekyb3d8bbwe-2147024894

Error: (06/08/2017 09:24:12 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-NEE8C9I)
Description: C:\Users\axelk\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalStateMicrosoft.MicrosoftEdge_8wekyb3d8bbwe-2147024894

Error: (06/08/2017 09:24:12 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-NEE8C9I)
Description: C:\Users\axelk\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalStateMicrosoft.MicrosoftEdge_8wekyb3d8bbwe-2147024894

Error: (06/08/2017 08:37:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (06/08/2017 08:37:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\GTAIV.exe".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/08/2017 08:37:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gta4Browser.exe".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/08/2017 08:36:50 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


Systemfehler:
=============
Error: (06/08/2017 01:45:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (06/08/2017 08:32:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "KMS-R@1n" wurde mit folgendem Fehler beendet: 
Das Endpunktformat ist unzulässig.

Error: (06/08/2017 08:32:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (06/08/2017 01:29:06 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NEE8C9I)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (06/07/2017 08:16:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (06/07/2017 05:17:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "KMS-R@1n" wurde mit folgendem Fehler beendet: 
Das Endpunktformat ist unzulässig.

Error: (06/07/2017 05:17:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (06/07/2017 05:16:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NEE8C9I)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (06/07/2017 04:38:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (06/07/2017 12:28:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


CodeIntegrity:
===================================
  Date: 2017-06-08 09:45:28.173
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.

  Date: 2017-06-08 09:45:27.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.

  Date: 2017-06-08 09:45:27.566
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.

  Date: 2017-06-08 09:45:27.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.

  Date: 2017-06-08 09:45:27.541
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.

  Date: 2017-06-08 09:45:27.529
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.

  Date: 2017-06-08 09:45:27.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.

  Date: 2017-06-08 09:45:27.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.

  Date: 2017-06-08 09:45:08.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.

  Date: 2017-06-08 09:45:04.606
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 8150.18 MB
Verfügbarer physikalischer RAM: 5456.92 MB
Summe virtueller Speicher: 9430.18 MB
Verfügbarer virtueller Speicher: 5578.75 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:116.72 GB) (Free:72.18 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:393.43 GB) NTFS
Drive g: (MAXTOR) (Fixed) (Total:465.76 GB) (Free:313.28 GB) NTFS
Drive h: (TREKSTOR) (Fixed) (Total:596.17 GB) (Free:19.12 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 117.4 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EBCA1A5A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 1FCD3B71)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 596.2 GB) (Disk ID: 000C3041)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

uxel · 08.06.2017, 15:18

und tdsskiller, ohne Funde:

Code:

ATTFilter

16:10:31.0663 0x425c  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
16:10:31.0663 0x425c  UEFI system
16:11:37.0882 0x425c  ============================================================
16:11:37.0882 0x425c  Current date / time: 2017/06/08 16:11:37.0882
16:11:37.0882 0x425c  SystemInfo:
16:11:37.0882 0x425c  
16:11:37.0882 0x425c  OS Version: 10.0.15063 ServicePack: 0.0
16:11:37.0882 0x425c  Product type: Workstation
16:11:37.0882 0x425c  ComputerName: DESKTOP-NEE8C9I
16:11:37.0883 0x425c  UserName: axelk
16:11:37.0883 0x425c  Windows directory: C:\WINDOWS
16:11:37.0883 0x425c  System windows directory: C:\WINDOWS
16:11:37.0883 0x425c  Running under WOW64
16:11:37.0883 0x425c  Processor architecture: Intel x64
16:11:37.0883 0x425c  Number of processors: 8
16:11:37.0883 0x425c  Page size: 0x1000
16:11:37.0883 0x425c  Boot type: Normal boot
16:11:37.0883 0x425c  CodeIntegrityOptions = 0x00000001
16:11:37.0883 0x425c  ============================================================
16:11:37.0994 0x425c  KLMD registered as C:\WINDOWS\system32\drivers\88224233.sys
16:11:37.0994 0x425c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19
16:11:38.0088 0x425c  System UUID: {486AD69C-ECB4-9D27-F5DD-EEF6199E5781}
16:11:38.0506 0x425c  Drive \Device\Harddisk0\DR0 - Size: 0x1D5849E000 ( 117.38 Gb ), SectorSize: 0x200, Cylinders: 0x3BDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:11:38.0531 0x425c  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:11:38.0538 0x425c  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:11:38.0548 0x425c  Drive \Device\Harddisk3\DR3 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:11:39.0036 0x425c  ============================================================
16:11:39.0036 0x425c  \Device\Harddisk0\DR0:
16:11:39.0036 0x425c  GPT partitions:
16:11:39.0037 0x425c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AF873563-F0A6-4FB6-9E59-993E504B6DFC}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
16:11:39.0037 0x425c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F784AABF-FC0A-4FE5-B76E-B9DB70A3ECE3}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
16:11:39.0037 0x425c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {71596DC4-BC1E-4FF8-B8B3-26AB4AC0149A}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xE96E4CF
16:11:39.0037 0x425c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BBB0E218-70A4-49BC-886C-A6A9BC02B9E8}, Name: , StartLBA 0xE9E1000, BlocksNum 0xE1000
16:11:39.0037 0x425c  MBR partitions:
16:11:39.0037 0x425c  \Device\Harddisk1\DR1:
16:11:39.0037 0x425c  MBR partitions:
16:11:39.0037 0x425c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:11:39.0037 0x425c  \Device\Harddisk2\DR2:
16:11:39.0046 0x425c  MBR partitions:
16:11:39.0046 0x425c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:11:39.0046 0x425c  \Device\Harddisk3\DR3:
16:11:39.0046 0x425c  MBR partitions:
16:11:39.0046 0x425c  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
16:11:39.0046 0x425c  ============================================================
16:11:39.0050 0x425c  C: <-> \Device\Harddisk0\DR0\Partition3
16:11:39.0077 0x425c  D: <-> \Device\Harddisk1\DR1\Partition1
16:11:39.0096 0x425c  G: <-> \Device\Harddisk2\DR2\Partition1
16:11:39.0113 0x425c  H: <-> \Device\Harddisk3\DR3\Partition1
16:11:39.0113 0x425c  ============================================================
16:11:39.0113 0x425c  Initialize success
16:11:39.0113 0x425c  ============================================================
16:12:14.0491 0x1fe0  ============================================================
16:12:14.0491 0x1fe0  Scan started
16:12:14.0491 0x1fe0  Mode: Manual; 
16:12:14.0491 0x1fe0  ============================================================
16:12:14.0491 0x1fe0  KSN ping started
16:12:14.0548 0x1fe0  KSN ping finished: true
16:12:15.0726 0x1fe0  ================ Scan system memory ========================
16:12:15.0726 0x1fe0  System memory - ok
16:12:15.0727 0x1fe0  ================ Scan services =============================
16:12:15.0778 0x1fe0  1394ohci - ok
16:12:15.0781 0x1fe0  3ware - ok
16:12:15.0785 0x1fe0  ACPI - ok
16:12:15.0787 0x1fe0  AcpiDev - ok
16:12:15.0791 0x1fe0  acpiex - ok
16:12:15.0794 0x1fe0  acpipagr - ok
16:12:15.0797 0x1fe0  AcpiPmi - ok
16:12:15.0800 0x1fe0  acpitime - ok
16:12:15.0808 0x1fe0  [ 8D6BA8E7676038A27FD4ECF12CC744B0, F5D59B764DCB4A06A51939533DC7B2391FD68E3979C48939C023A60DCE0D2101 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:12:15.0810 0x1fe0  AdobeARMservice - ok
16:12:15.0843 0x1fe0  [ E6A1D864EC90F4397DF5AB2633B34DD4, 05F1B7291EBDD9CA1D74649C0DAFCBE5F2CF93E92C5CA16A8AC10B6DF83101A0 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:12:15.0847 0x1fe0  AdobeFlashPlayerUpdateSvc - ok
16:12:15.0853 0x1fe0  ADP80XX - ok
16:12:15.0857 0x1fe0  AFD - ok
16:12:15.0907 0x1fe0  [ 078B785A7533B7059A236017B3B060A4, 43B3E716009136A5A5A86BF8546DE6C416CA3B7F8EEC242D9D44EF12111B7A6E ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
16:12:15.0938 0x1fe0  AGSService - ok
16:12:15.0944 0x1fe0  ahcache - ok
16:12:15.0948 0x1fe0  AJRouter - ok
16:12:15.0951 0x1fe0  ALG - ok
16:12:15.0953 0x1fe0  AmdK8 - ok
16:12:15.0957 0x1fe0  AmdPPM - ok
16:12:15.0960 0x1fe0  amdsata - ok
16:12:15.0963 0x1fe0  amdsbs - ok
16:12:15.0967 0x1fe0  amdxata - ok
16:12:15.0970 0x1fe0  AppID - ok
16:12:15.0973 0x1fe0  AppIDSvc - ok
16:12:15.0976 0x1fe0  Appinfo - ok
16:12:15.0979 0x1fe0  applockerfltr - ok
16:12:15.0983 0x1fe0  AppMgmt - ok
16:12:15.0986 0x1fe0  AppReadiness - ok
16:12:15.0989 0x1fe0  AppVClient - ok
16:12:15.0992 0x1fe0  AppvStrm - ok
16:12:15.0996 0x1fe0  AppvVemgr - ok
16:12:15.0999 0x1fe0  AppvVfs - ok
16:12:16.0003 0x1fe0  AppXSvc - ok
16:12:16.0005 0x1fe0  arcsas - ok
16:12:16.0253 0x1fe0  [ A760C2AFBA1A71E0F7310A6E900CB0E4, 3827C8D4DFC3FC850E9BD049E1B127BD1076DDEFDA19BBA9445FF201F6AE99F8 ] aswbIDSAgent    D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
16:12:16.0358 0x1fe0  aswbIDSAgent - ok
16:12:16.0376 0x1fe0  [ 0C19C91ED99964925FF8B05C23743AB1, BF513CCC0E5D2D2CE7D06F17ABC34CD3A55B59588267A5868ADFB723454AF6EB ] aswbidsdriver   C:\WINDOWS\system32\drivers\aswbidsdrivera.sys
16:12:16.0381 0x1fe0  aswbidsdriver - ok
16:12:16.0389 0x1fe0  [ 670839F4BA6D82F3035AADFE8274F02E, E4E8B1F3B9138CB2600158CC8507CBA31637E48BBA4D67398E05970B2CECA671 ] aswbidsh        C:\WINDOWS\system32\drivers\aswbidsha.sys
16:12:16.0392 0x1fe0  aswbidsh - ok
16:12:16.0402 0x1fe0  [ 5C561968CF601D76A98692DCC8CF74ED, 26D0F34CE4485A813200032CE6889575A13196E79A4B124DD19E4584B0C102DC ] aswblog         C:\WINDOWS\system32\drivers\aswbloga.sys
16:12:16.0407 0x1fe0  aswblog - ok
16:12:16.0412 0x1fe0  [ 335E5F19E7397A283B7ED20FE7B369EB, 6A31ABA0BA671EA796E8920EBD64DB28D3D7EB65C4FF68C3EB1DEF4FFC002163 ] aswbuniv        C:\WINDOWS\system32\drivers\aswbuniva.sys
16:12:16.0413 0x1fe0  aswbuniv - ok
16:12:16.0418 0x1fe0  [ BA02CA77D989710F79FD662019C4DF94, 2E989847BEE92EB8DE7492DE7AB9B4658CEFC38E678346B7548E6ECB528300D6 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
16:12:16.0419 0x1fe0  aswHwid - ok
16:12:16.0424 0x1fe0  [ 5E6FD2CB74138C6AF591779D2619BD6C, 7410384AE4280156451EB1EAC5CBA9E44834C49BD5A31049339895D5994AEF4E ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
16:12:16.0425 0x1fe0  aswKbd - ok
16:12:16.0430 0x1fe0  [ 2B1490F2F1CC76C9C9B61CE63D6E7973, BFD456C598E74974B81453805ADD0792BD9636BF8213306F40029560B20DE036 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:12:16.0432 0x1fe0  aswMonFlt - ok
16:12:16.0438 0x1fe0  [ F26D1F761E14789743275FA5D258EAB8, D532AD4DFFC73BE8A889B75BB50D33FFF674B5AB31F05AA75D9E0667363057F1 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
16:12:16.0440 0x1fe0  aswRdr - ok
16:12:16.0445 0x1fe0  [ C1007774450CFAB19D784D50C3410FC7, 2752FD77412D54D78A81DED9F05F094E589BCA5E360ECD420E28ECC844D35921 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
16:12:16.0447 0x1fe0  aswRvrt - ok
16:12:16.0469 0x1fe0  [ EB1991686949400C51B8C21CE013621E, 248545BDD5E8D1BD2D752AF7D3B77E8F1EA6453FD3B007851A04E9B634966448 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
16:12:16.0483 0x1fe0  aswSnx - ok
16:12:16.0498 0x1fe0  [ 7A17BD26C74F5329CB1DF029AE4DD357, 31F98B74F6BC2D75BDC83E3E2E60C9541D57912B6DF2C8A9241F3CFB17E0ACBB ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
16:12:16.0506 0x1fe0  aswSP - ok
16:12:16.0513 0x1fe0  [ 2933CBC7643168E4288D443B4125941C, 19DF1EB9F3EBF2496633D8D789E56EC8A59CF664ECC12A6BF69045BC2BC6CF48 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
16:12:16.0516 0x1fe0  aswStm - ok
16:12:16.0527 0x1fe0  [ E76C21203E29F2DCC489EF585E0B1A38, F64B8F5F2EFA10ADD64DE0574ADDE05DF1DFDEACF0E72879C9DD6DEB037E01A3 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
16:12:16.0532 0x1fe0  aswVmm - ok
16:12:16.0537 0x1fe0  AsyncMac - ok
16:12:16.0541 0x1fe0  atapi - ok
16:12:16.0544 0x1fe0  AudioEndpointBuilder - ok
16:12:16.0546 0x1fe0  Audiosrv - ok
16:12:16.0577 0x1fe0  [ D961A7C05A76302E782B1B0CF6546BA7, DAE7481B4FFC0746944213D10EF59C21BBA9937138D660E72E63F43BCDC1F799 ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:12:16.0581 0x1fe0  avast! Antivirus - ok
16:12:16.0586 0x1fe0  AxInstSV - ok
16:12:16.0588 0x1fe0  b06bdrv - ok
16:12:16.0591 0x1fe0  BasicDisplay - ok
16:12:16.0594 0x1fe0  BasicRender - ok
16:12:16.0600 0x1fe0  bcmfn2 - ok
16:12:16.0602 0x1fe0  BDESVC - ok
16:12:16.0605 0x1fe0  Beep - ok
16:12:16.0608 0x1fe0  BFE - ok
16:12:16.0612 0x1fe0  BITS - ok
16:12:16.0614 0x1fe0  bowser - ok
16:12:16.0617 0x1fe0  BrokerInfrastructure - ok
16:12:16.0621 0x1fe0  Browser - ok
16:12:16.0624 0x1fe0  BthAvrcpTg - ok
16:12:16.0627 0x1fe0  BthHFEnum - ok
16:12:16.0630 0x1fe0  bthhfhid - ok
16:12:16.0633 0x1fe0  BthHFSrv - ok
16:12:16.0635 0x1fe0  BTHMODEM - ok
16:12:16.0640 0x1fe0  bthserv - ok
16:12:16.0643 0x1fe0  buttonconverter - ok
16:12:16.0647 0x1fe0  CAD - ok
16:12:16.0650 0x1fe0  CapImg - ok
16:12:16.0652 0x1fe0  cdfs - ok
16:12:16.0655 0x1fe0  CDPSvc - ok
16:12:16.0657 0x1fe0  CDPUserSvc - ok
16:12:16.0666 0x1fe0  cdrom - ok
16:12:16.0669 0x1fe0  CertPropSvc - ok
16:12:16.0672 0x1fe0  cht4iscsi - ok
16:12:16.0674 0x1fe0  cht4vbd - ok
16:12:16.0678 0x1fe0  circlass - ok
16:12:16.0681 0x1fe0  CldFlt - ok
16:12:16.0684 0x1fe0  CLFS - ok
16:12:16.0687 0x1fe0  ClipSVC - ok
16:12:16.0690 0x1fe0  clreg - ok
16:12:16.0695 0x1fe0  CmBatt - ok
16:12:16.0697 0x1fe0  CNG - ok
16:12:16.0701 0x1fe0  cnghwassist - ok
16:12:16.0717 0x1fe0  CompositeBus - ok
16:12:16.0721 0x1fe0  COMSysApp - ok
16:12:16.0724 0x1fe0  condrv - ok
16:12:16.0727 0x1fe0  CoreMessagingRegistrar - ok
16:12:16.0732 0x1fe0  CryptSvc - ok
16:12:16.0735 0x1fe0  CSC - ok
16:12:16.0738 0x1fe0  CscService - ok
16:12:16.0741 0x1fe0  dam - ok
16:12:16.0746 0x1fe0  DcomLaunch - ok
16:12:16.0749 0x1fe0  defragsvc - ok
16:12:16.0752 0x1fe0  DeviceAssociationService - ok
16:12:16.0754 0x1fe0  DeviceInstall - ok
16:12:16.0757 0x1fe0  DevicesFlowUserSvc - ok
16:12:16.0763 0x1fe0  DevQueryBroker - ok
16:12:16.0766 0x1fe0  Dfsc - ok
16:12:16.0768 0x1fe0  Dhcp - ok
16:12:16.0772 0x1fe0  diagnosticshub.standardcollector.service - ok
16:12:16.0775 0x1fe0  DiagTrack - ok
16:12:16.0778 0x1fe0  Disk - ok
16:12:16.0782 0x1fe0  DmEnrollmentSvc - ok
16:12:16.0785 0x1fe0  dmvsc - ok
16:12:16.0788 0x1fe0  dmwappushservice - ok
16:12:16.0791 0x1fe0  Dnscache - ok
16:12:16.0795 0x1fe0  dot3svc - ok
16:12:16.0802 0x1fe0  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:12:16.0805 0x1fe0  dot4 - ok
16:12:16.0809 0x1fe0  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
16:12:16.0809 0x1fe0  Dot4Print - ok
16:12:16.0814 0x1fe0  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:12:16.0815 0x1fe0  dot4usb - ok
16:12:16.0819 0x1fe0  DPS - ok
16:12:16.0822 0x1fe0  drmkaud - ok
16:12:16.0825 0x1fe0  DsmSvc - ok
16:12:16.0828 0x1fe0  DsSvc - ok
16:12:16.0830 0x1fe0  DusmSvc - ok
16:12:16.0833 0x1fe0  DXGKrnl - ok
16:12:16.0836 0x1fe0  EapHost - ok
16:12:16.0839 0x1fe0  ebdrv - ok
16:12:16.0842 0x1fe0  EFS - ok
16:12:16.0845 0x1fe0  EhStorClass - ok
16:12:16.0848 0x1fe0  EhStorTcgDrv - ok
16:12:16.0851 0x1fe0  embeddedmode - ok
16:12:16.0853 0x1fe0  EntAppSvc - ok
16:12:16.0856 0x1fe0  ErrDev - ok
16:12:16.0863 0x1fe0  EventSystem - ok
16:12:16.0866 0x1fe0  exfat - ok
16:12:16.0868 0x1fe0  fastfat - ok
16:12:16.0871 0x1fe0  Fax - ok
16:12:16.0929 0x1fe0  [ 3FB162167962F3AB2934F7952D10081C, C70AD64EC3D76F7C3630DD95851D56A6DC35A741C55143F4B07D146A074F84B3 ] FA_Scheduler    D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
16:12:16.0931 0x1fe0  FA_Scheduler - ok
16:12:16.0934 0x1fe0  fdc - ok
16:12:16.0938 0x1fe0  fdPHost - ok
16:12:16.0941 0x1fe0  FDResPub - ok
16:12:16.0944 0x1fe0  fhsvc - ok
16:12:16.0947 0x1fe0  FileCrypt - ok
16:12:16.0951 0x1fe0  FileInfo - ok
16:12:16.0954 0x1fe0  Filetrace - ok
16:12:16.0957 0x1fe0  flpydisk - ok
16:12:16.0961 0x1fe0  FltMgr - ok
16:12:16.0964 0x1fe0  FontCache - ok
16:12:16.0968 0x1fe0  [ 439F6B3617F4EB31978FF5F625D5CCB1, 0D75048C93222550409E58338909EBECC1589170430CD101D829003A798F7BDA ] fortiapd        C:\WINDOWS\system32\drivers\fortiapd.sys
16:12:16.0969 0x1fe0  fortiapd - ok
16:12:16.0973 0x1fe0  [ 56077470FFF7BC072384D14AA95254DA, 038969FB67EF2C78D2818AFCCD27137370DD04BF8F6AD427F949782EA4049FCD ] FortiFilter     C:\WINDOWS\system32\DRIVERS\FortiFilter.sys
16:12:16.0975 0x1fe0  FortiFilter - ok
16:12:16.0979 0x1fe0  [ 2C5377EEF5AAAA0A1BB52B8E257C567D, D01052597DD14C1BDAB00084A8AFDE496152E0F6B4CF08DB93AD39A7F67F4D72 ] FortiFW         C:\WINDOWS\system32\drivers\FortiFW2.sys
16:12:16.0980 0x1fe0  FortiFW - ok
16:12:16.0986 0x1fe0  [ E277011610D0ED77C353E66B80FB6CED, 3844155BE7EEC3FB9E8F66959DEFAE1D00AEE8B41939397DECADA7D4B8EEDEE1 ] Fortips         C:\WINDOWS\system32\drivers\fortips.sys
16:12:16.0989 0x1fe0  Fortips - ok
16:12:16.0995 0x1fe0  [ 2191EF19F37918A9F42A193D2FCE4DCD, 2E23DD1D34BF3C493F565BBED0022E450C8B721CB8FFC815CC0BD7417C7E7C21 ] fortisniff      C:\WINDOWS\system32\drivers\fortisniff2.sys
16:12:16.0997 0x1fe0  fortisniff - ok
16:12:17.0001 0x1fe0  FrameServer - ok
16:12:17.0004 0x1fe0  FsDepends - ok
16:12:17.0007 0x1fe0  Fs_Rec - ok
16:12:17.0012 0x1fe0  [ 9000B3C397FFC56FD8CAB3CC1D517879, 3735CBA84F6C3568A82745FD89B66ECE95BC805BF8FAB573FAC6090ADDE76406 ] ft_vnic         C:\WINDOWS\System32\drivers\ftvnic.sys
16:12:17.0013 0x1fe0  ft_vnic - ok
16:12:17.0017 0x1fe0  fvevol - ok
16:12:17.0021 0x1fe0  gencounter - ok
16:12:17.0025 0x1fe0  genericusbfn - ok
16:12:17.0028 0x1fe0  [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt           C:\WINDOWS\System32\drivers\ggflt.sys
16:12:17.0029 0x1fe0  ggflt - ok
16:12:17.0033 0x1fe0  [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc          C:\WINDOWS\System32\drivers\ggsomc.sys
16:12:17.0034 0x1fe0  ggsomc - ok
16:12:17.0037 0x1fe0  GPIOClx0101 - ok
16:12:17.0041 0x1fe0  gpsvc - ok
16:12:17.0044 0x1fe0  GpuEnergyDrv - ok
16:12:17.0049 0x1fe0  HDAudBus - ok
16:12:17.0051 0x1fe0  HidBatt - ok
16:12:17.0054 0x1fe0  HidBth - ok
16:12:17.0059 0x1fe0  hidi2c - ok
16:12:17.0061 0x1fe0  hidinterrupt - ok
16:12:17.0065 0x1fe0  HidIr - ok
16:12:17.0068 0x1fe0  hidserv - ok
16:12:17.0070 0x1fe0  HidUsb - ok
16:12:17.0074 0x1fe0  HomeGroupListener - ok
16:12:17.0079 0x1fe0  HomeGroupProvider - ok
16:12:17.0150 0x1fe0  [ 930370725FA0FE272346583A7A7D6BDB, 98195638D548A6E5E574E062FDCF4E5833DDE834399787EC51C340699B6E5E64 ] hpqcxs08        D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:12:17.0154 0x1fe0  hpqcxs08 - ok
16:12:17.0172 0x1fe0  [ EE281DD6843F3F697C1AD7933EEB1E9B, 1ECE31C2150B92DDC1DCBBCECFE3E979F2C60B3F106280E3167BEC0269BF7A41 ] hpqddsvc        D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:12:17.0175 0x1fe0  hpqddsvc - ok
16:12:17.0178 0x1fe0  HpSAMD - ok
16:12:17.0181 0x1fe0  HTTP - ok
16:12:17.0185 0x1fe0  HvHost - ok
16:12:17.0188 0x1fe0  hvservice - ok
16:12:17.0190 0x1fe0  hwpolicy - ok
16:12:17.0193 0x1fe0  hyperkbd - ok
16:12:17.0197 0x1fe0  i8042prt - ok
16:12:17.0200 0x1fe0  iagpio - ok
16:12:17.0203 0x1fe0  iai2c - ok
16:12:17.0207 0x1fe0  iaLPSS2i_GPIO2 - ok
16:12:17.0210 0x1fe0  iaLPSS2i_GPIO2_BXT_P - ok
16:12:17.0213 0x1fe0  iaLPSS2i_I2C - ok
16:12:17.0216 0x1fe0  iaLPSS2i_I2C_BXT_P - ok
16:12:17.0220 0x1fe0  iaLPSSi_GPIO - ok
16:12:17.0223 0x1fe0  iaLPSSi_I2C - ok
16:12:17.0226 0x1fe0  iaStorAV - ok
16:12:17.0229 0x1fe0  iaStorV - ok
16:12:17.0232 0x1fe0  ibbus - ok
16:12:17.0236 0x1fe0  icssvc - ok
16:12:17.0239 0x1fe0  IKEEXT - ok
16:12:17.0242 0x1fe0  IndirectKmd - ok
16:12:17.0247 0x1fe0  intelide - ok
16:12:17.0249 0x1fe0  intelpep - ok
16:12:17.0252 0x1fe0  intelppm - ok
16:12:17.0289 0x1fe0  [ CD6FE4D2E29D70D9E2AA587DE5978A15, 03BA3338E0178FCB6FC7792FE4BB2B836CEA8B791D53DD4E273AB48621397DC5 ] IObitUnSvr      D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
16:12:17.0295 0x1fe0  IObitUnSvr - ok
16:12:17.0298 0x1fe0  iorate - ok
16:12:17.0301 0x1fe0  IpFilterDriver - ok
16:12:17.0305 0x1fe0  iphlpsvc - ok
16:12:17.0307 0x1fe0  IPMIDRV - ok
16:12:17.0310 0x1fe0  IPNAT - ok
16:12:17.0314 0x1fe0  IpxlatCfgSvc - ok
16:12:17.0316 0x1fe0  irda - ok
16:12:17.0320 0x1fe0  IRENUM - ok
16:12:17.0324 0x1fe0  irmon - ok
16:12:17.0327 0x1fe0  isapnp - ok
16:12:17.0330 0x1fe0  iScsiPrt - ok
16:12:17.0333 0x1fe0  kbdclass - ok
16:12:17.0336 0x1fe0  kbdhid - ok
16:12:17.0339 0x1fe0  kdnic - ok
16:12:17.0342 0x1fe0  KeyIso - ok
16:12:17.0346 0x1fe0  [ 0F9FD9565E6EB157FA9BE11ED9C1DC9F, 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE ] KMS-R@1n        C:\Windows\KMS-R@1n.exe
16:12:17.0347 0x1fe0  KMS-R@1n - ok
16:12:17.0349 0x1fe0  KSecDD - ok
16:12:17.0352 0x1fe0  KSecPkg - ok
16:12:17.0355 0x1fe0  ksthunk - ok
16:12:17.0358 0x1fe0  KtmRm - ok
16:12:17.0365 0x1fe0  [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C             C:\WINDOWS\System32\drivers\L1C63x64.sys
16:12:17.0368 0x1fe0  L1C - ok
16:12:17.0371 0x1fe0  LanmanServer - ok
16:12:17.0376 0x1fe0  LanmanWorkstation - ok
16:12:17.0381 0x1fe0  lfsvc - ok
16:12:17.0385 0x1fe0  [ 16E18CED459B1824234890386EE66CD5, 8058F2AFE6EF96A7D2DED432997FD8655970C9EA75A938EE4557D6A2CB4CC989 ] libusb0         C:\WINDOWS\system32\DRIVERS\libusb0.sys
16:12:17.0386 0x1fe0  libusb0 - ok
16:12:17.0391 0x1fe0  LicenseManager - ok
16:12:17.0395 0x1fe0  lltdio - ok
16:12:17.0400 0x1fe0  lltdsvc - ok
16:12:17.0405 0x1fe0  lmhosts - ok
16:12:17.0411 0x1fe0  LSI_SAS - ok
16:12:17.0414 0x1fe0  LSI_SAS2i - ok
16:12:17.0417 0x1fe0  LSI_SAS3i - ok
16:12:17.0422 0x1fe0  LSI_SSS - ok
16:12:17.0425 0x1fe0  LSM - ok
16:12:17.0428 0x1fe0  luafv - ok
16:12:17.0432 0x1fe0  MapsBroker - ok
16:12:17.0435 0x1fe0  mausbhost - ok
16:12:17.0438 0x1fe0  mausbip - ok
16:12:17.0578 0x1fe0  [ D76E56108E6482905D3FAEA0649919E4, E10285889570A01E544B027F4A17BA7242E5E3EF93D20A19B05091DB237C6DD1 ] MBAMService     D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
16:12:17.0642 0x1fe0  MBAMService - ok
16:12:17.0656 0x1fe0  [ 913F4230E29E312D1B4B02E2BAC67C87, 5C772DA7F2454CAFEA981E18ABCE717FE0D065EE996FB758817F3EF775B0AC14 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
16:12:17.0660 0x1fe0  MBAMSwissArmy - ok
16:12:17.0663 0x1fe0  megasas - ok
16:12:17.0666 0x1fe0  megasas2i - ok
16:12:17.0669 0x1fe0  megasr - ok
16:12:17.0677 0x1fe0  [ 6D1671CB2E5402F01D2F13ECF764CAA1, 4778630F602FE8F9B9112DC5BB7A179632000D10D80C28E93711404108FCC6E0 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
16:12:17.0681 0x1fe0  MEIx64 - ok
16:12:17.0685 0x1fe0  MessagingService - ok
16:12:17.0689 0x1fe0  mlx4_bus - ok
16:12:17.0692 0x1fe0  MMCSS - ok
16:12:17.0694 0x1fe0  Modem - ok
16:12:17.0698 0x1fe0  monitor - ok
16:12:17.0701 0x1fe0  mouclass - ok
16:12:17.0704 0x1fe0  mouhid - ok
16:12:17.0706 0x1fe0  mountmgr - ok
16:12:17.0715 0x1fe0  [ F7D0E1DDA812C25EE003070835706963, C293053B2B3B85F694B92DFE80E166726BE002FC7B3C5EBF3573980B64D1B097 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:12:17.0718 0x1fe0  MozillaMaintenance - ok
16:12:17.0722 0x1fe0  mpsdrv - ok
16:12:17.0725 0x1fe0  MpsSvc - ok
16:12:17.0728 0x1fe0  MRxDAV - ok
16:12:17.0731 0x1fe0  mrxsmb - ok
16:12:17.0735 0x1fe0  mrxsmb10 - ok
16:12:17.0737 0x1fe0  mrxsmb20 - ok
16:12:17.0741 0x1fe0  MsBridge - ok
16:12:17.0745 0x1fe0  MSDTC - ok
16:12:17.0748 0x1fe0  Msfs - ok
16:12:17.0751 0x1fe0  msgpiowin32 - ok
16:12:17.0754 0x1fe0  mshidkmdf - ok
16:12:17.0757 0x1fe0  mshidumdf - ok
16:12:17.0760 0x1fe0  msisadrv - ok
16:12:17.0763 0x1fe0  MSiSCSI - ok
16:12:17.0766 0x1fe0  msiserver - ok
16:12:17.0769 0x1fe0  MSKSSRV - ok
16:12:17.0772 0x1fe0  MsLldp - ok
16:12:17.0775 0x1fe0  MSPCLOCK - ok
16:12:17.0779 0x1fe0  MSPQM - ok
16:12:17.0782 0x1fe0  MsRPC - ok
16:12:17.0786 0x1fe0  MsSecFlt - ok
16:12:17.0790 0x1fe0  mssmbios - ok
16:12:17.0795 0x1fe0  MSTEE - ok
16:12:17.0798 0x1fe0  MTConfig - ok
16:12:17.0801 0x1fe0  Mup - ok
16:12:17.0804 0x1fe0  mvumis - ok
16:12:17.0809 0x1fe0  NativeWifiP - ok
16:12:17.0812 0x1fe0  NaturalAuthentication - ok
16:12:17.0814 0x1fe0  NcaSvc - ok
16:12:17.0817 0x1fe0  NcbService - ok
16:12:17.0820 0x1fe0  NcdAutoSetup - ok
16:12:17.0824 0x1fe0  ndfltr - ok
16:12:17.0828 0x1fe0  NDIS - ok
16:12:17.0832 0x1fe0  NdisCap - ok
16:12:17.0835 0x1fe0  NdisImPlatform - ok
16:12:17.0837 0x1fe0  NdisTapi - ok
16:12:17.0841 0x1fe0  Ndisuio - ok
16:12:17.0847 0x1fe0  NdisVirtualBus - ok
16:12:17.0851 0x1fe0  NdisWan - ok
16:12:17.0854 0x1fe0  ndiswanlegacy - ok
16:12:17.0857 0x1fe0  ndproxy - ok
16:12:17.0861 0x1fe0  Ndu - ok
16:12:17.0867 0x1fe0  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
16:12:17.0872 0x1fe0  Net Driver HPZ12 - ok
16:12:17.0875 0x1fe0  NetAdapterCx - ok
16:12:17.0878 0x1fe0  NetBIOS - ok
16:12:17.0882 0x1fe0  NetBT - ok
16:12:17.0885 0x1fe0  Netlogon - ok
16:12:17.0888 0x1fe0  Netman - ok
16:12:17.0891 0x1fe0  netprofm - ok
16:12:17.0894 0x1fe0  NetSetupSvc - ok
16:12:17.0902 0x1fe0  NetTcpPortSharing - ok
16:12:17.0906 0x1fe0  netvsc - ok
16:12:17.0912 0x1fe0  NgcCtnrSvc - ok
16:12:17.0915 0x1fe0  NgcSvc - ok
16:12:17.0918 0x1fe0  NlaSvc - ok
16:12:17.0922 0x1fe0  Npfs - ok
16:12:17.0925 0x1fe0  npsvctrig - ok
16:12:17.0929 0x1fe0  nsi - ok
16:12:17.0933 0x1fe0  nsiproxy - ok
16:12:17.0937 0x1fe0  NTFS - ok
16:12:17.0940 0x1fe0  Null - ok
16:12:17.0943 0x1fe0  nvdimmn - ok
16:12:17.0953 0x1fe0  [ 6E256C42FD27FADEA9BDD2E98CB53FE4, 8E2BDADFCC4B0C7208E937462DDF9CD9810E1B66375BD22F26C5D94376BDEC44 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
16:12:17.0957 0x1fe0  NVHDA - ok
16:12:18.0238 0x1fe0  [ BD000446F0B4FA1E87E7D10356C49564, 95F495549F35FFD64D3132D46923D1502C10AC77E7031EE1DE629E218EC584E0 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys
16:12:18.0441 0x1fe0  nvlddmkm - ok
16:12:18.0458 0x1fe0  nvraid - ok
16:12:18.0462 0x1fe0  nvstor - ok
16:12:18.0465 0x1fe0  OneSyncSvc - ok
16:12:18.0549 0x1fe0  [ 4FF47A8FEE5906C7243405F51E452614, 9DB7DD43BB8DA0487CE79241E226697F3F9726EA4A291722FD4B532C081092E6 ] Origin Client Service D:\Program Files (x86)\Origin\OriginClientService.exe
16:12:18.0579 0x1fe0  Origin Client Service - ok
16:12:18.0659 0x1fe0  [ CA0B62365F8189BC478DEDC3B6BC1E18, 3FBF94CD20F286D66A7CFE760191704123D26D8D5FAEE3C9F8F93E8AEDF13B41 ] Origin Web Helper Service D:\Program Files (x86)\Origin\OriginWebHelperService.exe
16:12:18.0696 0x1fe0  Origin Web Helper Service - ok
16:12:18.0729 0x1fe0  [ 1FA09B19F725F0A0EA41F99DE7A9B18B, 24E9DF5883A5C373E6A92A9726F38FA83C4EA501471A6432F52A9533A1C53321 ] OverwolfUpdater C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
16:12:18.0748 0x1fe0  OverwolfUpdater - ok
16:12:18.0753 0x1fe0  p2pimsvc - ok
16:12:18.0756 0x1fe0  p2psvc - ok
16:12:18.0760 0x1fe0  Parport - ok
16:12:18.0764 0x1fe0  partmgr - ok
16:12:18.0769 0x1fe0  PcaSvc - ok
16:12:18.0772 0x1fe0  pci - ok
16:12:18.0775 0x1fe0  pciide - ok
16:12:18.0779 0x1fe0  pcmcia - ok
16:12:18.0783 0x1fe0  pcw - ok
16:12:18.0786 0x1fe0  pdc - ok
16:12:18.0789 0x1fe0  PEAUTH - ok
16:12:18.0792 0x1fe0  PeerDistSvc - ok
16:12:18.0795 0x1fe0  percsas2i - ok
16:12:18.0799 0x1fe0  percsas3i - ok
16:12:18.0819 0x1fe0  PerfHost - ok
16:12:18.0828 0x1fe0  PhoneSvc - ok
16:12:18.0832 0x1fe0  PimIndexMaintenanceSvc - ok
16:12:18.0837 0x1fe0  pla - ok
16:12:18.0841 0x1fe0  PlugPlay - ok
16:12:18.0843 0x1fe0  pmem - ok
16:12:18.0849 0x1fe0  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
16:12:18.0854 0x1fe0  Pml Driver HPZ12 - ok
16:12:18.0858 0x1fe0  PNRPAutoReg - ok
16:12:18.0861 0x1fe0  PNRPsvc - ok
16:12:18.0865 0x1fe0  PolicyAgent - ok
16:12:18.0869 0x1fe0  Power - ok
16:12:18.0874 0x1fe0  [ ED29F9D445957946D6A62E3F65B9D98E, 4786047C45B272479DCB957BD2DF6D82B366EC3A13E745AA7784DCE944147472 ] pppop           C:\WINDOWS\System32\drivers\pppop64.sys
16:12:18.0876 0x1fe0  pppop - ok
16:12:18.0880 0x1fe0  PptpMiniport - ok
16:12:18.0933 0x1fe0  [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
16:12:18.0973 0x1fe0  PrintNotify - ok
16:12:18.0980 0x1fe0  Processor - ok
16:12:18.0983 0x1fe0  ProfSvc - ok
16:12:18.0985 0x1fe0  Psched - ok
16:12:18.0989 0x1fe0  QWAVE - ok
16:12:18.0993 0x1fe0  QWAVEdrv - ok
16:12:18.0996 0x1fe0  RasAcd - ok
16:12:18.0999 0x1fe0  RasAgileVpn - ok
16:12:19.0003 0x1fe0  RasAuto - ok
16:12:19.0006 0x1fe0  Rasl2tp - ok
16:12:19.0013 0x1fe0  RasMan - ok
16:12:19.0016 0x1fe0  RasPppoe - ok
16:12:19.0019 0x1fe0  RasSstp - ok
16:12:19.0023 0x1fe0  rdbss - ok
16:12:19.0029 0x1fe0  rdpbus - ok
16:12:19.0032 0x1fe0  RDPDR - ok
16:12:19.0037 0x1fe0  RdpVideoMiniport - ok
16:12:19.0041 0x1fe0  rdyboost - ok
16:12:19.0044 0x1fe0  ReFS - ok
16:12:19.0048 0x1fe0  ReFSv1 - ok
16:12:19.0052 0x1fe0  RemoteAccess - ok
16:12:19.0055 0x1fe0  RemoteRegistry - ok
16:12:19.0058 0x1fe0  RetailDemo - ok
16:12:19.0061 0x1fe0  RmSvc - ok
16:12:19.0064 0x1fe0  RpcEptMapper - ok
16:12:19.0067 0x1fe0  RpcLocator - ok
16:12:19.0070 0x1fe0  RpcSs - ok
16:12:19.0072 0x1fe0  rspndr - ok
16:12:19.0078 0x1fe0  [ 38BC2EA9A3F77372AE1AE1A022AE1826, CCBCEC24535404FA8B7750F7A1F7DB5F422DC8EC77C6B877B1D2FBE283AE47E5 ] RTL2831UBDA     C:\WINDOWS\system32\drivers\RTL2831UBDA.sys
16:12:19.0081 0x1fe0  RTL2831UBDA - ok
16:12:19.0086 0x1fe0  [ 6D33D376247D88AD0CAAEC40AC2E44D0, 9773D77EABF549D0913EDC10EA6D6CE0BB8CA209721A3896672AF93F97A91665 ] RTL2831UUSB     C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys
16:12:19.0087 0x1fe0  RTL2831UUSB - ok
16:12:19.0091 0x1fe0  s3cap - ok
16:12:19.0094 0x1fe0  SamSs - ok
16:12:19.0097 0x1fe0  sbp2port - ok
16:12:19.0100 0x1fe0  SCardSvr - ok
16:12:19.0103 0x1fe0  ScDeviceEnum - ok
16:12:19.0106 0x1fe0  scfilter - ok
16:12:19.0109 0x1fe0  Schedule - ok
16:12:19.0112 0x1fe0  scmbus - ok
16:12:19.0115 0x1fe0  SCPolicySvc - ok
16:12:19.0119 0x1fe0  sdbus - ok
16:12:19.0122 0x1fe0  SDFRd - ok
16:12:19.0124 0x1fe0  SDRSVC - ok
16:12:19.0127 0x1fe0  sdstor - ok
16:12:19.0130 0x1fe0  seclogon - ok
16:12:19.0133 0x1fe0  SecurityHealthService - ok
16:12:19.0137 0x1fe0  SEMgrSvc - ok
16:12:19.0140 0x1fe0  SENS - ok
16:12:19.0144 0x1fe0  Sense - ok
16:12:19.0147 0x1fe0  SensorDataService - ok
16:12:19.0151 0x1fe0  SensorService - ok
16:12:19.0155 0x1fe0  SensrSvc - ok
16:12:19.0159 0x1fe0  SerCx - ok
16:12:19.0164 0x1fe0  SerCx2 - ok
16:12:19.0168 0x1fe0  Serenum - ok
16:12:19.0170 0x1fe0  Serial - ok
16:12:19.0173 0x1fe0  sermouse - ok
16:12:19.0176 0x1fe0  SessionEnv - ok
16:12:19.0179 0x1fe0  sfloppy - ok
16:12:19.0183 0x1fe0  SharedAccess - ok
16:12:19.0188 0x1fe0  ShellHWDetection - ok
16:12:19.0191 0x1fe0  shpamsvc - ok
16:12:19.0195 0x1fe0  SiSRaid2 - ok
16:12:19.0200 0x1fe0  SiSRaid4 - ok
16:12:19.0234 0x1fe0  [ E6DA1192D36D2D29FF8387917C2D70A6, 6F6AB7A2E45D7E05F5ED0B08B1ED9FFA03BDBFAF5E80F8B9E2C4D6CF6F74B851 ] SkypeUpdate     D:\Program Files (x86)\Skype\Updater\Updater.exe
16:12:19.0239 0x1fe0  SkypeUpdate - ok
16:12:19.0243 0x1fe0  smphost - ok
16:12:19.0247 0x1fe0  SmsRouter - ok
16:12:19.0251 0x1fe0  SNMPTRAP - ok
16:12:19.0254 0x1fe0  spaceport - ok
16:12:19.0257 0x1fe0  SpatialGraphFilter - ok
16:12:19.0261 0x1fe0  SpbCx - ok
16:12:19.0265 0x1fe0  spectrum - ok
16:12:19.0268 0x1fe0  Spooler - ok
16:12:19.0270 0x1fe0  sppsvc - ok
16:12:19.0273 0x1fe0  srv - ok
16:12:19.0277 0x1fe0  srv2 - ok
16:12:19.0281 0x1fe0  srvnet - ok
16:12:19.0284 0x1fe0  SSDPSRV - ok
16:12:19.0287 0x1fe0  SstpSvc - ok
16:12:19.0290 0x1fe0  StateRepository - ok
16:12:19.0320 0x1fe0  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:12:19.0340 0x1fe0  Steam Client Service - ok
16:12:19.0345 0x1fe0  stexstor - ok
16:12:19.0349 0x1fe0  stisvc - ok
16:12:19.0352 0x1fe0  storahci - ok
16:12:19.0355 0x1fe0  storflt - ok
16:12:19.0359 0x1fe0  stornvme - ok
16:12:19.0364 0x1fe0  storqosflt - ok
16:12:19.0367 0x1fe0  StorSvc - ok
16:12:19.0369 0x1fe0  storufs - ok
16:12:19.0372 0x1fe0  storvsc - ok
16:12:19.0375 0x1fe0  svsvc - ok
16:12:19.0378 0x1fe0  swenum - ok
16:12:19.0382 0x1fe0  swprv - ok
16:12:19.0385 0x1fe0  Synth3dVsc - ok
16:12:19.0388 0x1fe0  SysMain - ok
16:12:19.0391 0x1fe0  SystemEventsBroker - ok
16:12:19.0394 0x1fe0  TabletInputService - ok
16:12:19.0397 0x1fe0  TapiSrv - ok
16:12:19.0401 0x1fe0  Tcpip - ok
16:12:19.0403 0x1fe0  Tcpip6 - ok
16:12:19.0408 0x1fe0  tcpipreg - ok
16:12:19.0412 0x1fe0  tdx - ok
16:12:19.0606 0x1fe0  [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer      D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
16:12:19.0715 0x1fe0  TeamViewer - ok
16:12:19.0724 0x1fe0  terminpt - ok
16:12:19.0727 0x1fe0  TermService - ok
16:12:19.0731 0x1fe0  Themes - ok
16:12:19.0734 0x1fe0  TieringEngineService - ok
16:12:19.0738 0x1fe0  tiledatamodelsvc - ok
16:12:19.0741 0x1fe0  TimeBrokerSvc - ok
16:12:19.0744 0x1fe0  TokenBroker - ok
16:12:19.0747 0x1fe0  TPM - ok
16:12:19.0750 0x1fe0  TrkWks - ok
16:12:19.0754 0x1fe0  TrustedInstaller - ok
16:12:19.0759 0x1fe0  TsUsbFlt - ok
16:12:19.0762 0x1fe0  TsUsbGD - ok
16:12:19.0765 0x1fe0  tsusbhub - ok
16:12:19.0768 0x1fe0  tunnel - ok
16:12:19.0773 0x1fe0  tzautoupdate - ok
16:12:19.0775 0x1fe0  UASPStor - ok
16:12:19.0780 0x1fe0  UcmCx0101 - ok
16:12:19.0784 0x1fe0  UcmTcpciCx0101 - ok
16:12:19.0788 0x1fe0  UcmUcsi - ok
16:12:19.0792 0x1fe0  Ucx01000 - ok
16:12:19.0796 0x1fe0  UdeCx - ok
16:12:19.0800 0x1fe0  udfs - ok
16:12:19.0803 0x1fe0  UEFI - ok
16:12:19.0806 0x1fe0  UevAgentDriver - ok
16:12:19.0810 0x1fe0  UevAgentService - ok
16:12:19.0813 0x1fe0  Ufx01000 - ok
16:12:19.0816 0x1fe0  UfxChipidea - ok
16:12:19.0818 0x1fe0  ufxsynopsys - ok
16:12:19.0825 0x1fe0  UI0Detect - ok
16:12:19.0828 0x1fe0  umbus - ok
16:12:19.0831 0x1fe0  UmPass - ok
16:12:19.0835 0x1fe0  UmRdpService - ok
16:12:19.0837 0x1fe0  UnistoreSvc - ok
16:12:19.0845 0x1fe0  upnphost - ok
16:12:19.0848 0x1fe0  UrsChipidea - ok
16:12:19.0851 0x1fe0  UrsCx01000 - ok
16:12:19.0854 0x1fe0  UrsSynopsys - ok
16:12:19.0857 0x1fe0  usbaudio - ok
16:12:19.0860 0x1fe0  usbccgp - ok
16:12:19.0864 0x1fe0  usbcir - ok
16:12:19.0867 0x1fe0  usbehci - ok
16:12:19.0870 0x1fe0  usbhub - ok
16:12:19.0873 0x1fe0  USBHUB3 - ok
16:12:19.0876 0x1fe0  usbohci - ok
16:12:19.0879 0x1fe0  usbprint - ok
16:12:19.0884 0x1fe0  [ 96B48485A7CC2C0A63C196A16403C5F3, 4E364DE1FE19D14D5BA4F4360563BB49F4DEC90430771C12376C0B1BB70CFD37 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:12:19.0886 0x1fe0  usbscan - ok
16:12:19.0890 0x1fe0  usbser - ok
16:12:19.0892 0x1fe0  USBSTOR - ok
16:12:19.0896 0x1fe0  usbuhci - ok
16:12:19.0899 0x1fe0  USBXHCI - ok
16:12:19.0903 0x1fe0  UserDataSvc - ok
16:12:19.0907 0x1fe0  UserManager - ok
16:12:19.0910 0x1fe0  UsoSvc - ok
16:12:19.0913 0x1fe0  VaultSvc - ok
16:12:19.0918 0x1fe0  [ 57BFF0ADE329BC2596F060A07D3AF2B9, CEC4CE14B8BB5DAB58F30399999703A4FFF601768890DB185D21C2C9EA3A5666 ] VBAudioVMVAIOMME C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys
16:12:19.0920 0x1fe0  VBAudioVMVAIOMME - ok
16:12:19.0924 0x1fe0  vdrvroot - ok
16:12:19.0927 0x1fe0  vds - ok
16:12:19.0931 0x1fe0  VerifierExt - ok
16:12:19.0934 0x1fe0  vhdmp - ok
16:12:19.0937 0x1fe0  vhf - ok
16:12:19.0954 0x1fe0  [ 20D3701C516BB42F81A22EB727B9E419, 08A8D12626A322790C6679554D49AE388E33316121226DE9FCA9C22C8F509C56 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
16:12:19.0965 0x1fe0  VIAHdAudAddService - ok
16:12:19.0969 0x1fe0  [ 097A1A16F9F38715CEAA092DE626F517, 5D51D74C3264ADEA1A50F6620150B284E54C5294A548D1BC940B3B5FF5343998 ] VIAKaraokeService C:\WINDOWS\system32\viakaraokesrv.exe
16:12:19.0982 0x1fe0  VIAKaraokeService - ok
16:12:19.0986 0x1fe0  vmbus - ok
16:12:19.0988 0x1fe0  VMBusHID - ok
16:12:19.0991 0x1fe0  vmgid - ok
16:12:19.0995 0x1fe0  vmicguestinterface - ok
16:12:19.0997 0x1fe0  vmicheartbeat - ok
16:12:20.0001 0x1fe0  vmickvpexchange - ok
16:12:20.0004 0x1fe0  vmicrdv - ok
16:12:20.0007 0x1fe0  vmicshutdown - ok
16:12:20.0010 0x1fe0  vmictimesync - ok
16:12:20.0013 0x1fe0  vmicvmsession - ok
16:12:20.0016 0x1fe0  vmicvss - ok
16:12:20.0020 0x1fe0  volmgr - ok
16:12:20.0024 0x1fe0  volmgrx - ok
16:12:20.0027 0x1fe0  volsnap - ok
16:12:20.0031 0x1fe0  volume - ok
16:12:20.0034 0x1fe0  vpci - ok
16:12:20.0037 0x1fe0  vsmraid - ok
16:12:20.0041 0x1fe0  VSS - ok
16:12:20.0045 0x1fe0  VSTXRAID - ok
16:12:20.0048 0x1fe0  vwifibus - ok
16:12:20.0051 0x1fe0  vwififlt - ok
16:12:20.0055 0x1fe0  W32Time - ok
16:12:20.0057 0x1fe0  WacomPen - ok
16:12:20.0062 0x1fe0  WalletService - ok
16:12:20.0065 0x1fe0  wanarp - ok
16:12:20.0068 0x1fe0  wanarpv6 - ok
16:12:20.0072 0x1fe0  wbengine - ok
16:12:20.0076 0x1fe0  WbioSrvc - ok
16:12:20.0080 0x1fe0  wcifs - ok
16:12:20.0085 0x1fe0  Wcmsvc - ok
16:12:20.0088 0x1fe0  wcncsvc - ok
16:12:20.0091 0x1fe0  wcnfs - ok
16:12:20.0094 0x1fe0  WdBoot - ok
16:12:20.0098 0x1fe0  Wdf01000 - ok
16:12:20.0102 0x1fe0  WdFilter - ok
16:12:20.0105 0x1fe0  WdiServiceHost - ok
16:12:20.0108 0x1fe0  WdiSystemHost - ok
16:12:20.0112 0x1fe0  wdiwifi - ok
16:12:20.0115 0x1fe0  WdNisDrv - ok
16:12:20.0118 0x1fe0  WdNisSvc - ok
16:12:20.0122 0x1fe0  WebClient - ok
16:12:20.0125 0x1fe0  Wecsvc - ok
16:12:20.0129 0x1fe0  WEPHOSTSVC - ok
16:12:20.0133 0x1fe0  wercplsupport - ok
16:12:20.0136 0x1fe0  WerSvc - ok
16:12:20.0141 0x1fe0  WFDSConMgrSvc - ok
16:12:20.0145 0x1fe0  WFPLWFS - ok
16:12:20.0148 0x1fe0  WiaRpc - ok
16:12:20.0151 0x1fe0  WIMMount - ok
16:12:20.0153 0x1fe0  WinDefend - ok
16:12:20.0159 0x1fe0  WindowsTrustedRT - ok
16:12:20.0163 0x1fe0  WindowsTrustedRTProxy - ok
16:12:20.0167 0x1fe0  WinHttpAutoProxySvc - ok
16:12:20.0171 0x1fe0  WinMad - ok
16:12:20.0178 0x1fe0  Winmgmt - ok
16:12:20.0182 0x1fe0  WinNat - ok
16:12:20.0185 0x1fe0  WinRM - ok
16:12:20.0191 0x1fe0  WINUSB - ok
16:12:20.0195 0x1fe0  WinVerbs - ok
16:12:20.0199 0x1fe0  wisvc - ok
16:12:20.0202 0x1fe0  WlanSvc - ok
16:12:20.0205 0x1fe0  wlidsvc - ok
16:12:20.0208 0x1fe0  wlpasvc - ok
16:12:20.0211 0x1fe0  WmiAcpi - ok
16:12:20.0215 0x1fe0  wmiApSrv - ok
16:12:20.0218 0x1fe0  WMPNetworkSvc - ok
16:12:20.0227 0x1fe0  [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
16:12:20.0233 0x1fe0  Wof - ok
16:12:20.0238 0x1fe0  workfolderssvc - ok
16:12:20.0242 0x1fe0  WPDBusEnum - ok
16:12:20.0245 0x1fe0  WpdUpFltr - ok
16:12:20.0249 0x1fe0  WpnService - ok
16:12:20.0252 0x1fe0  WpnUserService - ok
16:12:20.0256 0x1fe0  ws2ifsl - ok
16:12:20.0260 0x1fe0  wscsvc - ok
16:12:20.0263 0x1fe0  WSearch - ok
16:12:20.0268 0x1fe0  wuauserv - ok
16:12:20.0271 0x1fe0  WudfPf - ok
16:12:20.0273 0x1fe0  WUDFRd - ok
16:12:20.0276 0x1fe0  wudfsvc - ok
16:12:20.0281 0x1fe0  WUDFWpdFs - ok
16:12:20.0284 0x1fe0  WwanSvc - ok
16:12:20.0288 0x1fe0  xbgm - ok
16:12:20.0291 0x1fe0  XblAuthManager - ok
16:12:20.0295 0x1fe0  XblGameSave - ok
16:12:20.0298 0x1fe0  xboxgip - ok
16:12:20.0302 0x1fe0  XboxGipSvc - ok
16:12:20.0305 0x1fe0  XboxNetApiSvc - ok
16:12:20.0308 0x1fe0  xinputhid - ok
16:12:20.0353 0x1fe0  [ 322600D57876851514AE6DFE705EBF7C, 9AF962D9700B4103935A3A533515F7BA8B3EF66274B8CDE22CDC259A67AB599C ] XperiaCompanionService C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
16:12:20.0384 0x1fe0  XperiaCompanionService - ok
16:12:20.0386 0x1fe0  ================ Scan global ===============================
16:12:20.0398 0x1fe0  [ Global ] - ok
16:12:20.0398 0x1fe0  ================ Scan MBR ==================================
16:12:20.0401 0x1fe0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:12:20.0409 0x1fe0  \Device\Harddisk0\DR0 - ok
16:12:20.0422 0x1fe0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:12:20.0431 0x1fe0  \Device\Harddisk1\DR1 - ok
16:12:20.0443 0x1fe0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
16:12:20.0448 0x1fe0  \Device\Harddisk2\DR2 - ok
16:12:20.0452 0x1fe0  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk3\DR3
16:12:21.0831 0x1fe0  \Device\Harddisk3\DR3 - ok
16:12:21.0831 0x1fe0  ================ Scan VBR ==================================
16:12:21.0833 0x1fe0  [ 161A07F9608647D652EE3BA63E691018 ] \Device\Harddisk0\DR0\Partition1
16:12:21.0834 0x1fe0  \Device\Harddisk0\DR0\Partition1 - ok
16:12:21.0836 0x1fe0  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
16:12:21.0836 0x1fe0  \Device\Harddisk0\DR0\Partition2 - ok
16:12:21.0840 0x1fe0  [ E12CB558778D141071425F22F399E7BA ] \Device\Harddisk0\DR0\Partition3
16:12:21.0841 0x1fe0  \Device\Harddisk0\DR0\Partition3 - ok
16:12:21.0844 0x1fe0  [ FCD394C36574A7D0C82D1582BF7F2ECD ] \Device\Harddisk0\DR0\Partition4
16:12:21.0846 0x1fe0  \Device\Harddisk0\DR0\Partition4 - ok
16:12:21.0854 0x1fe0  [ 7C7693CF0F248165AFCD537E21247F3A ] \Device\Harddisk1\DR1\Partition1
16:12:21.0855 0x1fe0  \Device\Harddisk1\DR1\Partition1 - ok
16:12:21.0857 0x1fe0  [ A89D815E09A00625A16E03F6BC4C42FB ] \Device\Harddisk2\DR2\Partition1
16:12:21.0860 0x1fe0  \Device\Harddisk2\DR2\Partition1 - ok
16:12:21.0864 0x1fe0  [ E9F11B7605797CF9B7C2D3D3E90E7E06 ] \Device\Harddisk3\DR3\Partition1
16:12:21.0866 0x1fe0  \Device\Harddisk3\DR3\Partition1 - ok
16:12:21.0867 0x1fe0  ================ Scan generic autorun ======================
16:12:21.0867 0x1fe0  SecurityHealth - ok
16:12:21.0951 0x1fe0  [ DB5598036532462FEAFE35A82FA6A225, CE12077EAC32A544C92C1FEB851C2B6C9B6D855944FE8A3CF618D57F5A7F119B ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
16:12:22.0027 0x1fe0  HDAudDeck - ok
16:12:22.0054 0x1fe0  [ 8DD6F98101EBBA3FC92C8092333A6B32, 80FE7E4433731614B92F8C0256EA5440508C535EBDA45188D1225BFEDA6F0F67 ] D:\Program Files\AVAST Software\Avast\AvLaunch.exe
16:12:22.0058 0x1fe0  AvastUI.exe - ok
16:12:22.0163 0x1fe0  [ 5602FF42444B4991E69C62E493BDAEC4, 7AE46CA0CD1E1C091B31EE4A691C26823E0F1AB1CA6B1C29E6C662BF7E28A996 ] D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
16:12:22.0237 0x1fe0  Malwarebytes TrayApp - ok
16:12:22.0254 0x1fe0  [ 395CB6E8C67BFB1063AD86987909C184, 15F3BA6DF6D0C5C8FB9FF0AB661A5A652F26BAB7A0FB0DB47874069522400B16 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:12:22.0267 0x1fe0  SunJavaUpdateSched - ok
16:12:22.0289 0x1fe0  OneDriveSetup - ok
16:12:22.0290 0x1fe0  OneDriveSetup - ok
16:12:22.0323 0x1fe0  [ 00F30FDFDE3E276C1A731C2DF951D67E, 018E6933882FCC41EE96E198E6F7ECEFB53EC650B1044A58876B26EDE011158B ] C:\Users\axelk\AppData\Local\Microsoft\OneDrive\OneDrive.exe
16:12:22.0348 0x1fe0  OneDrive - ok
16:12:22.0374 0x1fe0  [ 54C4D03796D44AA8A0BABE7B1B66DC30, C22DDD28A0F838E9025F9212339B4377D2A9269D781D64727ADD365A62773E83 ] C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
16:12:22.0388 0x1fe0  Overwolf - ok
16:12:22.0636 0x1fe0  [ 4A4FF358B1ECCAEDBBDAEF293613CEC5, 0697FCBC726F2BC2573495CD878F9309235DB7289DD76FB9406233D01D546272 ] D:\Program Files\CCleaner\CCleaner64.exe
16:12:22.0853 0x1fe0  CCleaner Monitoring - ok
16:12:22.0954 0x1fe0  [ 0B4431D8286AB24483CEBA4503DCB6B1, 70D54CDDC8CBFAEB11CABF7A1DEA69CBE420EFCA96381E8753AD9326407875EE ] D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe
16:12:22.0998 0x1fe0  World of Tanks - ok
16:12:23.0039 0x1fe0  [ 5F025EBD25CC30866AD7CC3301EFA329, 35ED27A0AB49EA85465F84D0E396F113CE22CD229C25286166C9B1F3222DC6D1 ] C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
16:12:23.0080 0x1fe0  XperiaCompanionAgent - ok
16:12:23.0115 0x1fe0  Skype - ok
16:12:23.0117 0x1fe0  Waiting for KSN requests completion. In queue: 42
16:12:24.0135 0x1fe0  AV detected via SS2: Avast Antivirus, D:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 17.4.3482.0 ), 0x41000 ( enabled : updated )
16:12:24.0138 0x1fe0  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.0 ), 0x60100 ( disabled : updated )
16:12:24.0142 0x1fe0  Win FW state via NFP2: enabled ( trusted )
16:12:24.0230 0x1fe0  ============================================================
16:12:24.0230 0x1fe0  Scan finished
16:12:24.0230 0x1fe0  ============================================================
16:12:24.0236 0x4100  Detected object count: 0
16:12:24.0236 0x4100  Actual detected object count: 0
16:13:22.0022 0x3088  ============================================================
16:13:22.0022 0x3088  Scan started
16:13:22.0022 0x3088  Mode: Manual; SigCheck; TDLFS; 
16:13:22.0022 0x3088  ============================================================
16:13:22.0022 0x3088  KSN ping started
16:13:22.0061 0x3088  KSN ping finished: true
16:13:22.0521 0x3088  ================ Scan system memory ========================
16:13:22.0521 0x3088  System memory - ok
16:13:22.0521 0x3088  ================ Scan services =============================
16:13:22.0563 0x3088  1394ohci - ok
16:13:22.0566 0x3088  3ware - ok
16:13:22.0569 0x3088  ACPI - ok
16:13:22.0572 0x3088  AcpiDev - ok
16:13:22.0575 0x3088  acpiex - ok
16:13:22.0579 0x3088  acpipagr - ok
16:13:22.0583 0x3088  AcpiPmi - ok
16:13:22.0586 0x3088  acpitime - ok
16:13:22.0593 0x3088  [ 8D6BA8E7676038A27FD4ECF12CC744B0, F5D59B764DCB4A06A51939533DC7B2391FD68E3979C48939C023A60DCE0D2101 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:13:22.0622 0x3088  AdobeARMservice - ok
16:13:22.0650 0x3088  [ E6A1D864EC90F4397DF5AB2633B34DD4, 05F1B7291EBDD9CA1D74649C0DAFCBE5F2CF93E92C5CA16A8AC10B6DF83101A0 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:13:22.0666 0x3088  AdobeFlashPlayerUpdateSvc - ok
16:13:22.0673 0x3088  ADP80XX - ok
16:13:22.0678 0x3088  AFD - ok
16:13:22.0726 0x3088  [ 078B785A7533B7059A236017B3B060A4, 43B3E716009136A5A5A86BF8546DE6C416CA3B7F8EEC242D9D44EF12111B7A6E ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
16:13:22.0774 0x3088  AGSService - ok
16:13:22.0782 0x3088  ahcache - ok
16:13:22.0786 0x3088  AJRouter - ok
16:13:22.0788 0x3088  ALG - ok
16:13:22.0791 0x3088  AmdK8 - ok
16:13:22.0794 0x3088  AmdPPM - ok
16:13:22.0797 0x3088  amdsata - ok
16:13:22.0801 0x3088  amdsbs - ok
16:13:22.0804 0x3088  amdxata - ok
16:13:22.0807 0x3088  AppID - ok
16:13:22.0810 0x3088  AppIDSvc - ok
16:13:22.0813 0x3088  Appinfo - ok
16:13:22.0816 0x3088  applockerfltr - ok
16:13:22.0820 0x3088  AppMgmt - ok
16:13:22.0823 0x3088  AppReadiness - ok
16:13:22.0826 0x3088  AppVClient - ok
16:13:22.0829 0x3088  AppvStrm - ok
16:13:22.0832 0x3088  AppvVemgr - ok
16:13:22.0834 0x3088  AppvVfs - ok
16:13:22.0838 0x3088  AppXSvc - ok
16:13:22.0841 0x3088  arcsas - ok
16:13:23.0069 0x3088  [ A760C2AFBA1A71E0F7310A6E900CB0E4, 3827C8D4DFC3FC850E9BD049E1B127BD1076DDEFDA19BBA9445FF201F6AE99F8 ] aswbIDSAgent    D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
16:13:23.0217 0x3088  aswbIDSAgent - ok
16:13:23.0236 0x3088  [ 0C19C91ED99964925FF8B05C23743AB1, BF513CCC0E5D2D2CE7D06F17ABC34CD3A55B59588267A5868ADFB723454AF6EB ] aswbidsdriver   C:\WINDOWS\system32\drivers\aswbidsdrivera.sys
16:13:23.0249 0x3088  aswbidsdriver - ok
16:13:23.0257 0x3088  [ 670839F4BA6D82F3035AADFE8274F02E, E4E8B1F3B9138CB2600158CC8507CBA31637E48BBA4D67398E05970B2CECA671 ] aswbidsh        C:\WINDOWS\system32\drivers\aswbidsha.sys
16:13:23.0267 0x3088  aswbidsh - ok
16:13:23.0278 0x3088  [ 5C561968CF601D76A98692DCC8CF74ED, 26D0F34CE4485A813200032CE6889575A13196E79A4B124DD19E4584B0C102DC ] aswblog         C:\WINDOWS\system32\drivers\aswbloga.sys
16:13:23.0291 0x3088  aswblog - ok
16:13:23.0296 0x3088  [ 335E5F19E7397A283B7ED20FE7B369EB, 6A31ABA0BA671EA796E8920EBD64DB28D3D7EB65C4FF68C3EB1DEF4FFC002163 ] aswbuniv        C:\WINDOWS\system32\drivers\aswbuniva.sys
16:13:23.0305 0x3088  aswbuniv - ok
16:13:23.0309 0x3088  [ BA02CA77D989710F79FD662019C4DF94, 2E989847BEE92EB8DE7492DE7AB9B4658CEFC38E678346B7548E6ECB528300D6 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
16:13:23.0318 0x3088  aswHwid - ok
16:13:23.0322 0x3088  [ 5E6FD2CB74138C6AF591779D2619BD6C, 7410384AE4280156451EB1EAC5CBA9E44834C49BD5A31049339895D5994AEF4E ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
16:13:23.0331 0x3088  aswKbd - ok
16:13:23.0336 0x3088  [ 2B1490F2F1CC76C9C9B61CE63D6E7973, BFD456C598E74974B81453805ADD0792BD9636BF8213306F40029560B20DE036 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:13:23.0347 0x3088  aswMonFlt - ok
16:13:23.0352 0x3088  [ F26D1F761E14789743275FA5D258EAB8, D532AD4DFFC73BE8A889B75BB50D33FFF674B5AB31F05AA75D9E0667363057F1 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
16:13:23.0362 0x3088  aswRdr - ok
16:13:23.0367 0x3088  [ C1007774450CFAB19D784D50C3410FC7, 2752FD77412D54D78A81DED9F05F094E589BCA5E360ECD420E28ECC844D35921 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
16:13:23.0377 0x3088  aswRvrt - ok
16:13:23.0399 0x3088  [ EB1991686949400C51B8C21CE013621E, 248545BDD5E8D1BD2D752AF7D3B77E8F1EA6453FD3B007851A04E9B634966448 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
16:13:23.0425 0x3088  aswSnx - ok
16:13:23.0441 0x3088  [ 7A17BD26C74F5329CB1DF029AE4DD357, 31F98B74F6BC2D75BDC83E3E2E60C9541D57912B6DF2C8A9241F3CFB17E0ACBB ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
16:13:23.0459 0x3088  aswSP - ok
16:13:23.0467 0x3088  [ 2933CBC7643168E4288D443B4125941C, 19DF1EB9F3EBF2496633D8D789E56EC8A59CF664ECC12A6BF69045BC2BC6CF48 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
16:13:23.0479 0x3088  aswStm - ok
16:13:23.0489 0x3088  [ E76C21203E29F2DCC489EF585E0B1A38, F64B8F5F2EFA10ADD64DE0574ADDE05DF1DFDEACF0E72879C9DD6DEB037E01A3 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
16:13:23.0504 0x3088  aswVmm - ok
16:13:23.0509 0x3088  AsyncMac - ok
16:13:23.0514 0x3088  atapi - ok
16:13:23.0517 0x3088  AudioEndpointBuilder - ok
16:13:23.0520 0x3088  Audiosrv - ok
16:13:23.0551 0x3088  [ D961A7C05A76302E782B1B0CF6546BA7, DAE7481B4FFC0746944213D10EF59C21BBA9937138D660E72E63F43BCDC1F799 ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:13:23.0564 0x3088  avast! Antivirus - ok
16:13:23.0570 0x3088  AxInstSV - ok
16:13:23.0573 0x3088  b06bdrv - ok
16:13:23.0578 0x3088  BasicDisplay - ok
16:13:23.0581 0x3088  BasicRender - ok
16:13:23.0587 0x3088  bcmfn2 - ok
16:13:23.0590 0x3088  BDESVC - ok
16:13:23.0593 0x3088  Beep - ok
16:13:23.0596 0x3088  BFE - ok
16:13:23.0598 0x3088  BITS - ok
16:13:23.0601 0x3088  bowser - ok
16:13:23.0605 0x3088  BrokerInfrastructure - ok
16:13:23.0607 0x3088  Browser - ok
16:13:23.0610 0x3088  BthAvrcpTg - ok
16:13:23.0613 0x3088  BthHFEnum - ok
16:13:23.0616 0x3088  bthhfhid - ok
16:13:23.0619 0x3088  BthHFSrv - ok
16:13:23.0622 0x3088  BTHMODEM - ok
16:13:23.0626 0x3088  bthserv - ok
16:13:23.0629 0x3088  buttonconverter - ok
16:13:23.0632 0x3088  CAD - ok
16:13:23.0636 0x3088  CapImg - ok
16:13:23.0638 0x3088  cdfs - ok
16:13:23.0641 0x3088  CDPSvc - ok
16:13:23.0644 0x3088  CDPUserSvc - ok
16:13:23.0648 0x3088  cdrom - ok
16:13:23.0651 0x3088  CertPropSvc - ok
16:13:23.0653 0x3088  cht4iscsi - ok
16:13:23.0656 0x3088  cht4vbd - ok
16:13:23.0660 0x3088  circlass - ok
16:13:23.0663 0x3088  CldFlt - ok
16:13:23.0666 0x3088  CLFS - ok
16:13:23.0669 0x3088  ClipSVC - ok
16:13:23.0672 0x3088  clreg - ok
16:13:23.0678 0x3088  CmBatt - ok
16:13:23.0682 0x3088  CNG - ok
16:13:23.0685 0x3088  cnghwassist - ok
16:13:23.0700 0x3088  CompositeBus - ok
16:13:23.0703 0x3088  COMSysApp - ok
16:13:23.0706 0x3088  condrv - ok
16:13:23.0709 0x3088  CoreMessagingRegistrar - ok
16:13:23.0714 0x3088  CryptSvc - ok
16:13:23.0718 0x3088  CSC - ok
16:13:23.0721 0x3088  CscService - ok
16:13:23.0724 0x3088  dam - ok
16:13:23.0728 0x3088  DcomLaunch - ok
16:13:23.0731 0x3088  defragsvc - ok
16:13:23.0734 0x3088  DeviceAssociationService - ok
16:13:23.0737 0x3088  DeviceInstall - ok
16:13:23.0741 0x3088  DevicesFlowUserSvc - ok
16:13:23.0745 0x3088  DevQueryBroker - ok
16:13:23.0748 0x3088  Dfsc - ok
16:13:23.0751 0x3088  Dhcp - ok
16:13:23.0754 0x3088  diagnosticshub.standardcollector.service - ok
16:13:23.0758 0x3088  DiagTrack - ok
16:13:23.0761 0x3088  Disk - ok
16:13:23.0764 0x3088  DmEnrollmentSvc - ok
16:13:23.0767 0x3088  dmvsc - ok
16:13:23.0770 0x3088  dmwappushservice - ok
16:13:23.0773 0x3088  Dnscache - ok
16:13:23.0777 0x3088  dot3svc - ok
16:13:23.0784 0x3088  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:13:23.0795 0x3088  dot4 - ok
16:13:23.0799 0x3088  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
16:13:23.0806 0x3088  Dot4Print - ok
16:13:23.0811 0x3088  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:13:23.0819 0x3088  dot4usb - ok
16:13:23.0822 0x3088  DPS - ok
16:13:23.0825 0x3088  drmkaud - ok
16:13:23.0829 0x3088  DsmSvc - ok
16:13:23.0833 0x3088  DsSvc - ok
16:13:23.0835 0x3088  DusmSvc - ok
16:13:23.0839 0x3088  DXGKrnl - ok
16:13:23.0843 0x3088  EapHost - ok
16:13:23.0846 0x3088  ebdrv - ok
16:13:23.0850 0x3088  EFS - ok
16:13:23.0853 0x3088  EhStorClass - ok
16:13:23.0856 0x3088  EhStorTcgDrv - ok
16:13:23.0859 0x3088  embeddedmode - ok
16:13:23.0862 0x3088  EntAppSvc - ok
16:13:23.0865 0x3088  ErrDev - ok
16:13:23.0870 0x3088  EventSystem - ok
16:13:23.0873 0x3088  exfat - ok
16:13:23.0877 0x3088  fastfat - ok
16:13:23.0880 0x3088  Fax - ok
16:13:23.0936 0x3088  [ 3FB162167962F3AB2934F7952D10081C, C70AD64EC3D76F7C3630DD95851D56A6DC35A741C55143F4B07D146A074F84B3 ] FA_Scheduler    D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
16:13:23.0949 0x3088  FA_Scheduler - detected UnsignedFile.Multi.Generic ( 1 )
16:13:23.0949 0x3088  Detect skipped due to KSN trusted
16:13:23.0949 0x3088  FA_Scheduler - ok
16:13:23.0952 0x3088  fdc - ok
16:13:23.0955 0x3088  fdPHost - ok
16:13:23.0958 0x3088  FDResPub - ok
16:13:23.0962 0x3088  fhsvc - ok
16:13:23.0966 0x3088  FileCrypt - ok
16:13:23.0968 0x3088  FileInfo - ok
16:13:23.0971 0x3088  Filetrace - ok
16:13:23.0974 0x3088  flpydisk - ok
16:13:23.0976 0x3088  FltMgr - ok
16:13:23.0979 0x3088  FontCache - ok
16:13:23.0984 0x3088  [ 439F6B3617F4EB31978FF5F625D5CCB1, 0D75048C93222550409E58338909EBECC1589170430CD101D829003A798F7BDA ] fortiapd        C:\WINDOWS\system32\drivers\fortiapd.sys
16:13:23.0993 0x3088  fortiapd - ok
16:13:23.0998 0x3088  [ 56077470FFF7BC072384D14AA95254DA, 038969FB67EF2C78D2818AFCCD27137370DD04BF8F6AD427F949782EA4049FCD ] FortiFilter     C:\WINDOWS\system32\DRIVERS\FortiFilter.sys
16:13:24.0009 0x3088  FortiFilter - ok
16:13:24.0013 0x3088  [ 2C5377EEF5AAAA0A1BB52B8E257C567D, D01052597DD14C1BDAB00084A8AFDE496152E0F6B4CF08DB93AD39A7F67F4D72 ] FortiFW         C:\WINDOWS\system32\drivers\FortiFW2.sys
16:13:24.0022 0x3088  FortiFW - ok
16:13:24.0033 0x3088  [ E277011610D0ED77C353E66B80FB6CED, 3844155BE7EEC3FB9E8F66959DEFAE1D00AEE8B41939397DECADA7D4B8EEDEE1 ] Fortips         C:\WINDOWS\system32\drivers\fortips.sys
16:13:24.0044 0x3088  Fortips - ok
16:13:24.0050 0x3088  [ 2191EF19F37918A9F42A193D2FCE4DCD, 2E23DD1D34BF3C493F565BBED0022E450C8B721CB8FFC815CC0BD7417C7E7C21 ] fortisniff      C:\WINDOWS\system32\drivers\fortisniff2.sys
16:13:24.0061 0x3088  fortisniff - ok
16:13:24.0066 0x3088  FrameServer - ok
16:13:24.0069 0x3088  FsDepends - ok
16:13:24.0071 0x3088  Fs_Rec - ok
16:13:24.0077 0x3088  [ 9000B3C397FFC56FD8CAB3CC1D517879, 3735CBA84F6C3568A82745FD89B66ECE95BC805BF8FAB573FAC6090ADDE76406 ] ft_vnic         C:\WINDOWS\System32\drivers\ftvnic.sys
16:13:24.0087 0x3088  ft_vnic - ok
16:13:24.0090 0x3088  fvevol - ok
16:13:24.0093 0x3088  gencounter - ok
16:13:24.0096 0x3088  genericusbfn - ok
16:13:24.0101 0x3088  [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt           C:\WINDOWS\System32\drivers\ggflt.sys
16:13:24.0108 0x3088  ggflt - ok
16:13:24.0113 0x3088  [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc          C:\WINDOWS\System32\drivers\ggsomc.sys
16:13:24.0123 0x3088  ggsomc - ok
16:13:24.0128 0x3088  GPIOClx0101 - ok
16:13:24.0132 0x3088  gpsvc - ok
16:13:24.0134 0x3088  GpuEnergyDrv - ok
16:13:24.0137 0x3088  HDAudBus - ok
16:13:24.0141 0x3088  HidBatt - ok
16:13:24.0144 0x3088  HidBth - ok
16:13:24.0147 0x3088  hidi2c - ok
16:13:24.0150 0x3088  hidinterrupt - ok
16:13:24.0153 0x3088  HidIr - ok
16:13:24.0156 0x3088  hidserv - ok
16:13:24.0159 0x3088  HidUsb - ok
16:13:24.0162 0x3088  HomeGroupListener - ok
16:13:24.0166 0x3088  HomeGroupProvider - ok
16:13:24.0240 0x3088  [ 930370725FA0FE272346583A7A7D6BDB, 98195638D548A6E5E574E062FDCF4E5833DDE834399787EC51C340699B6E5E64 ] hpqcxs08        D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:13:24.0253 0x3088  hpqcxs08 - ok
16:13:24.0271 0x3088  [ EE281DD6843F3F697C1AD7933EEB1E9B, 1ECE31C2150B92DDC1DCBBCECFE3E979F2C60B3F106280E3167BEC0269BF7A41 ] hpqddsvc        D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:13:24.0280 0x3088  hpqddsvc - ok
16:13:24.0283 0x3088  HpSAMD - ok
16:13:24.0286 0x3088  HTTP - ok
16:13:24.0288 0x3088  HvHost - ok
16:13:24.0291 0x3088  hvservice - ok
16:13:24.0294 0x3088  hwpolicy - ok
16:13:24.0297 0x3088  hyperkbd - ok
16:13:24.0300 0x3088  i8042prt - ok
16:13:24.0303 0x3088  iagpio - ok
16:13:24.0306 0x3088  iai2c - ok
16:13:24.0309 0x3088  iaLPSS2i_GPIO2 - ok
16:13:24.0312 0x3088  iaLPSS2i_GPIO2_BXT_P - ok
16:13:24.0315 0x3088  iaLPSS2i_I2C - ok
16:13:24.0318 0x3088  iaLPSS2i_I2C_BXT_P - ok
16:13:24.0322 0x3088  iaLPSSi_GPIO - ok
16:13:24.0325 0x3088  iaLPSSi_I2C - ok
16:13:24.0328 0x3088  iaStorAV - ok
16:13:24.0331 0x3088  iaStorV - ok
16:13:24.0334 0x3088  ibbus - ok
16:13:24.0338 0x3088  icssvc - ok
16:13:24.0340 0x3088  IKEEXT - ok
16:13:24.0344 0x3088  IndirectKmd - ok
16:13:24.0349 0x3088  intelide - ok
16:13:24.0352 0x3088  intelpep - ok
16:13:24.0355 0x3088  intelppm - ok
16:13:24.0387 0x3088  [ CD6FE4D2E29D70D9E2AA587DE5978A15, 03BA3338E0178FCB6FC7792FE4BB2B836CEA8B791D53DD4E273AB48621397DC5 ] IObitUnSvr      D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
16:13:24.0401 0x3088  IObitUnSvr - ok
16:13:24.0404 0x3088  iorate - ok
16:13:24.0407 0x3088  IpFilterDriver - ok
16:13:24.0410 0x3088  iphlpsvc - ok
16:13:24.0413 0x3088  IPMIDRV - ok
16:13:24.0415 0x3088  IPNAT - ok
16:13:24.0419 0x3088  IpxlatCfgSvc - ok
16:13:24.0422 0x3088  irda - ok
16:13:24.0424 0x3088  IRENUM - ok
16:13:24.0427 0x3088  irmon - ok
16:13:24.0430 0x3088  isapnp - ok
16:13:24.0433 0x3088  iScsiPrt - ok
16:13:24.0438 0x3088  kbdclass - ok
16:13:24.0441 0x3088  kbdhid - ok
16:13:24.0444 0x3088  kdnic - ok
16:13:24.0446 0x3088  KeyIso - ok
16:13:24.0449 0x3088  [ 0F9FD9565E6EB157FA9BE11ED9C1DC9F, 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE ] KMS-R@1n        C:\Windows\KMS-R@1n.exe
16:13:24.0457 0x3088  KMS-R@1n - detected UnsignedFile.Multi.Generic ( 1 )
16:13:24.0457 0x3088  Detect skipped due to KSN trusted
16:13:24.0457 0x3088  KMS-R@1n - ok
16:13:24.0461 0x3088  KSecDD - ok
16:13:24.0465 0x3088  KSecPkg - ok
16:13:24.0467 0x3088  ksthunk - ok
16:13:24.0470 0x3088  KtmRm - ok
16:13:24.0475 0x3088  [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C             C:\WINDOWS\System32\drivers\L1C63x64.sys
16:13:24.0485 0x3088  L1C - ok
16:13:24.0488 0x3088  LanmanServer - ok
16:13:24.0491 0x3088  LanmanWorkstation - ok
16:13:24.0495 0x3088  lfsvc - ok
16:13:24.0500 0x3088  [ 16E18CED459B1824234890386EE66CD5, 8058F2AFE6EF96A7D2DED432997FD8655970C9EA75A938EE4557D6A2CB4CC989 ] libusb0         C:\WINDOWS\system32\DRIVERS\libusb0.sys
16:13:24.0510 0x3088  libusb0 - ok
16:13:24.0513 0x3088  LicenseManager - ok
16:13:24.0516 0x3088  lltdio - ok
16:13:24.0520 0x3088  lltdsvc - ok
16:13:24.0522 0x3088  lmhosts - ok
16:13:24.0527 0x3088  LSI_SAS - ok
16:13:24.0530 0x3088  LSI_SAS2i - ok
16:13:24.0533 0x3088  LSI_SAS3i - ok
16:13:24.0536 0x3088  LSI_SSS - ok
16:13:24.0539 0x3088  LSM - ok
16:13:24.0543 0x3088  luafv - ok
16:13:24.0546 0x3088  MapsBroker - ok
16:13:24.0548 0x3088  mausbhost - ok
16:13:24.0551 0x3088  mausbip - ok
16:13:24.0700 0x3088  [ D76E56108E6482905D3FAEA0649919E4, E10285889570A01E544B027F4A17BA7242E5E3EF93D20A19B05091DB237C6DD1 ] MBAMService     D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
16:13:24.0790 0x3088  MBAMService - ok
16:13:24.0803 0x3088  [ 913F4230E29E312D1B4B02E2BAC67C87, 5C772DA7F2454CAFEA981E18ABCE717FE0D065EE996FB758817F3EF775B0AC14 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
16:13:24.0816 0x3088  MBAMSwissArmy - ok
16:13:24.0820 0x3088  megasas - ok
16:13:24.0824 0x3088  megasas2i - ok
16:13:24.0828 0x3088  megasr - ok
16:13:24.0835 0x3088  [ 6D1671CB2E5402F01D2F13ECF764CAA1, 4778630F602FE8F9B9112DC5BB7A179632000D10D80C28E93711404108FCC6E0 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
16:13:24.0852 0x3088  MEIx64 - ok
16:13:24.0856 0x3088  MessagingService - ok
16:13:24.0863 0x3088  mlx4_bus - ok
16:13:24.0866 0x3088  MMCSS - ok
16:13:24.0870 0x3088  Modem - ok
16:13:24.0873 0x3088  monitor - ok
16:13:24.0876 0x3088  mouclass - ok
16:13:24.0881 0x3088  mouhid - ok
16:13:24.0883 0x3088  mountmgr - ok
16:13:24.0892 0x3088  [ F7D0E1DDA812C25EE003070835706963, C293053B2B3B85F694B92DFE80E166726BE002FC7B3C5EBF3573980B64D1B097 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:13:24.0904 0x3088  MozillaMaintenance - ok
16:13:24.0907 0x3088  mpsdrv - ok
16:13:24.0911 0x3088  MpsSvc - ok
16:13:24.0914 0x3088  MRxDAV - ok
16:13:24.0918 0x3088  mrxsmb - ok
16:13:24.0921 0x3088  mrxsmb10 - ok
16:13:24.0923 0x3088  mrxsmb20 - ok
16:13:24.0927 0x3088  MsBridge - ok
16:13:24.0930 0x3088  MSDTC - ok
16:13:24.0935 0x3088  Msfs - ok
16:13:24.0939 0x3088  msgpiowin32 - ok
16:13:24.0942 0x3088  mshidkmdf - ok
16:13:24.0944 0x3088  mshidumdf - ok
16:13:24.0947 0x3088  msisadrv - ok
16:13:24.0951 0x3088  MSiSCSI - ok
16:13:24.0954 0x3088  msiserver - ok
16:13:24.0956 0x3088  MSKSSRV - ok
16:13:24.0960 0x3088  MsLldp - ok
16:13:24.0963 0x3088  MSPCLOCK - ok
16:13:24.0966 0x3088  MSPQM - ok
16:13:24.0970 0x3088  MsRPC - ok
16:13:24.0974 0x3088  MsSecFlt - ok
16:13:24.0977 0x3088  mssmbios - ok
16:13:24.0980 0x3088  MSTEE - ok
16:13:24.0984 0x3088  MTConfig - ok
16:13:24.0986 0x3088  Mup - ok
16:13:24.0990 0x3088  mvumis - ok
16:13:24.0994 0x3088  NativeWifiP - ok
16:13:24.0998 0x3088  NaturalAuthentication - ok
16:13:25.0001 0x3088  NcaSvc - ok
16:13:25.0003 0x3088  NcbService - ok
16:13:25.0006 0x3088  NcdAutoSetup - ok
16:13:25.0009 0x3088  ndfltr - ok
16:13:25.0012 0x3088  NDIS - ok
16:13:25.0015 0x3088  NdisCap - ok
16:13:25.0017 0x3088  NdisImPlatform - ok
16:13:25.0021 0x3088  NdisTapi - ok
16:13:25.0024 0x3088  Ndisuio - ok
16:13:25.0027 0x3088  NdisVirtualBus - ok
16:13:25.0030 0x3088  NdisWan - ok
16:13:25.0034 0x3088  ndiswanlegacy - ok
16:13:25.0036 0x3088  ndproxy - ok
16:13:25.0040 0x3088  Ndu - ok
16:13:25.0045 0x3088  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
16:13:25.0058 0x3088  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:13:25.0058 0x3088  Detect skipped due to KSN trusted
16:13:25.0058 0x3088  Net Driver HPZ12 - ok
16:13:25.0061 0x3088  NetAdapterCx - ok
16:13:25.0064 0x3088  NetBIOS - ok
16:13:25.0068 0x3088  NetBT - ok
16:13:25.0070 0x3088  Netlogon - ok
16:13:25.0074 0x3088  Netman - ok
16:13:25.0078 0x3088  netprofm - ok
16:13:25.0081 0x3088  NetSetupSvc - ok
16:13:25.0089 0x3088  NetTcpPortSharing - ok
16:13:25.0092 0x3088  netvsc - ok
16:13:25.0097 0x3088  NgcCtnrSvc - ok
16:13:25.0100 0x3088  NgcSvc - ok
16:13:25.0103 0x3088  NlaSvc - ok
16:13:25.0106 0x3088  Npfs - ok
16:13:25.0108 0x3088  npsvctrig - ok
16:13:25.0112 0x3088  nsi - ok
16:13:25.0114 0x3088  nsiproxy - ok
16:13:25.0118 0x3088  NTFS - ok
16:13:25.0122 0x3088  Null - ok
16:13:25.0124 0x3088  nvdimmn - ok
16:13:25.0134 0x3088  [ 6E256C42FD27FADEA9BDD2E98CB53FE4, 8E2BDADFCC4B0C7208E937462DDF9CD9810E1B66375BD22F26C5D94376BDEC44 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
16:13:25.0147 0x3088  NVHDA - ok
16:13:25.0434 0x3088  [ BD000446F0B4FA1E87E7D10356C49564, 95F495549F35FFD64D3132D46923D1502C10AC77E7031EE1DE629E218EC584E0 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys
16:13:25.0701 0x3088  nvlddmkm - ok
16:13:25.0734 0x3088  nvraid - ok
16:13:25.0737 0x3088  nvstor - ok
16:13:25.0741 0x3088  OneSyncSvc - ok
16:13:25.0830 0x3088  [ 4FF47A8FEE5906C7243405F51E452614, 9DB7DD43BB8DA0487CE79241E226697F3F9726EA4A291722FD4B532C081092E6 ] Origin Client Service D:\Program Files (x86)\Origin\OriginClientService.exe
16:13:25.0876 0x3088  Origin Client Service - ok
16:13:25.0958 0x3088  [ CA0B62365F8189BC478DEDC3B6BC1E18, 3FBF94CD20F286D66A7CFE760191704123D26D8D5FAEE3C9F8F93E8AEDF13B41 ] Origin Web Helper Service D:\Program Files (x86)\Origin\OriginWebHelperService.exe
16:13:26.0004 0x3088  Origin Web Helper Service - ok
16:13:26.0037 0x3088  [ 1FA09B19F725F0A0EA41F99DE7A9B18B, 24E9DF5883A5C373E6A92A9726F38FA83C4EA501471A6432F52A9533A1C53321 ] OverwolfUpdater C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
16:13:26.0073 0x3088  OverwolfUpdater - ok
16:13:26.0079 0x3088  p2pimsvc - ok
16:13:26.0084 0x3088  p2psvc - ok
16:13:26.0087 0x3088  Parport - ok
16:13:26.0089 0x3088  partmgr - ok
16:13:26.0092 0x3088  PcaSvc - ok
16:13:26.0095 0x3088  pci - ok
16:13:26.0099 0x3088  pciide - ok
16:13:26.0103 0x3088  pcmcia - ok
16:13:26.0105 0x3088  pcw - ok
16:13:26.0108 0x3088  pdc - ok
16:13:26.0111 0x3088  PEAUTH - ok
16:13:26.0114 0x3088  PeerDistSvc - ok
16:13:26.0117 0x3088  percsas2i - ok
16:13:26.0120 0x3088  percsas3i - ok
16:13:26.0140 0x3088  PerfHost - ok
16:13:26.0148 0x3088  PhoneSvc - ok
16:13:26.0151 0x3088  PimIndexMaintenanceSvc - ok
16:13:26.0155 0x3088  pla - ok
16:13:26.0158 0x3088  PlugPlay - ok
16:13:26.0161 0x3088  pmem - ok
16:13:26.0167 0x3088  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
16:13:26.0179 0x3088  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:13:26.0179 0x3088  Detect skipped due to KSN trusted
16:13:26.0179 0x3088  Pml Driver HPZ12 - ok
16:13:26.0182 0x3088  PNRPAutoReg - ok
16:13:26.0185 0x3088  PNRPsvc - ok
16:13:26.0188 0x3088  PolicyAgent - ok
16:13:26.0191 0x3088  Power - ok
16:13:26.0196 0x3088  [ ED29F9D445957946D6A62E3F65B9D98E, 4786047C45B272479DCB957BD2DF6D82B366EC3A13E745AA7784DCE944147472 ] pppop           C:\WINDOWS\System32\drivers\pppop64.sys
16:13:26.0205 0x3088  pppop - ok
16:13:26.0209 0x3088  PptpMiniport - ok
16:13:26.0262 0x3088  [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
16:13:26.0356 0x3088  PrintNotify - ok
16:13:26.0362 0x3088  Processor - ok
16:13:26.0365 0x3088  ProfSvc - ok
16:13:26.0368 0x3088  Psched - ok
16:13:26.0371 0x3088  QWAVE - ok
16:13:26.0373 0x3088  QWAVEdrv - ok
16:13:26.0377 0x3088  RasAcd - ok
16:13:26.0381 0x3088  RasAgileVpn - ok
16:13:26.0384 0x3088  RasAuto - ok
16:13:26.0386 0x3088  Rasl2tp - ok
16:13:26.0390 0x3088  RasMan - ok
16:13:26.0393 0x3088  RasPppoe - ok
16:13:26.0395 0x3088  RasSstp - ok
16:13:26.0400 0x3088  rdbss - ok
16:13:26.0404 0x3088  rdpbus - ok
16:13:26.0407 0x3088  RDPDR - ok
16:13:26.0412 0x3088  RdpVideoMiniport - ok
16:13:26.0415 0x3088  rdyboost - ok
16:13:26.0418 0x3088  ReFS - ok
16:13:26.0421 0x3088  ReFSv1 - ok
16:13:26.0426 0x3088  RemoteAccess - ok
16:13:26.0429 0x3088  RemoteRegistry - ok
16:13:26.0432 0x3088  RetailDemo - ok
16:13:26.0434 0x3088  RmSvc - ok
16:13:26.0438 0x3088  RpcEptMapper - ok
16:13:26.0441 0x3088  RpcLocator - ok
16:13:26.0444 0x3088  RpcSs - ok
16:13:26.0447 0x3088  rspndr - ok
16:13:26.0453 0x3088  [ 38BC2EA9A3F77372AE1AE1A022AE1826, CCBCEC24535404FA8B7750F7A1F7DB5F422DC8EC77C6B877B1D2FBE283AE47E5 ] RTL2831UBDA     C:\WINDOWS\system32\drivers\RTL2831UBDA.sys
16:13:26.0463 0x3088  RTL2831UBDA - ok
16:13:26.0468 0x3088  [ 6D33D376247D88AD0CAAEC40AC2E44D0, 9773D77EABF549D0913EDC10EA6D6CE0BB8CA209721A3896672AF93F97A91665 ] RTL2831UUSB     C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys
16:13:26.0476 0x3088  RTL2831UUSB - ok
16:13:26.0481 0x3088  s3cap - ok
16:13:26.0484 0x3088  SamSs - ok
16:13:26.0487 0x3088  sbp2port - ok
16:13:26.0490 0x3088  SCardSvr - ok
16:13:26.0493 0x3088  ScDeviceEnum - ok
16:13:26.0497 0x3088  scfilter - ok
16:13:26.0500 0x3088  Schedule - ok
16:13:26.0503 0x3088  scmbus - ok
16:13:26.0505 0x3088  SCPolicySvc - ok
16:13:26.0508 0x3088  sdbus - ok
16:13:26.0512 0x3088  SDFRd - ok
16:13:26.0516 0x3088  SDRSVC - ok
16:13:26.0519 0x3088  sdstor - ok
16:13:26.0522 0x3088  seclogon - ok
16:13:26.0524 0x3088  SecurityHealthService - ok
16:13:26.0528 0x3088  SEMgrSvc - ok
16:13:26.0530 0x3088  SENS - ok
16:13:26.0534 0x3088  Sense - ok
16:13:26.0538 0x3088  SensorDataService - ok
16:13:26.0541 0x3088  SensorService - ok
16:13:26.0545 0x3088  SensrSvc - ok
16:13:26.0547 0x3088  SerCx - ok
16:13:26.0551 0x3088  SerCx2 - ok
16:13:26.0554 0x3088  Serenum - ok
16:13:26.0557 0x3088  Serial - ok
16:13:26.0562 0x3088  sermouse - ok
16:13:26.0565 0x3088  SessionEnv - ok
16:13:26.0568 0x3088  sfloppy - ok
16:13:26.0571 0x3088  SharedAccess - ok
16:13:26.0574 0x3088  ShellHWDetection - ok
16:13:26.0579 0x3088  shpamsvc - ok
16:13:26.0582 0x3088  SiSRaid2 - ok
16:13:26.0585 0x3088  SiSRaid4 - ok
16:13:26.0616 0x3088  [ E6DA1192D36D2D29FF8387917C2D70A6, 6F6AB7A2E45D7E05F5ED0B08B1ED9FFA03BDBFAF5E80F8B9E2C4D6CF6F74B851 ] SkypeUpdate     D:\Program Files (x86)\Skype\Updater\Updater.exe
16:13:26.0635 0x3088  SkypeUpdate - ok
16:13:26.0640 0x3088  smphost - ok
16:13:26.0644 0x3088  SmsRouter - ok
16:13:26.0649 0x3088  SNMPTRAP - ok
16:13:26.0652 0x3088  spaceport - ok
16:13:26.0655 0x3088  SpatialGraphFilter - ok
16:13:26.0659 0x3088  SpbCx - ok
16:13:26.0662 0x3088  spectrum - ok
16:13:26.0665 0x3088  Spooler - ok
16:13:26.0668 0x3088  sppsvc - ok
16:13:26.0671 0x3088  srv - ok
16:13:26.0673 0x3088  srv2 - ok
16:13:26.0676 0x3088  srvnet - ok
16:13:26.0680 0x3088  SSDPSRV - ok
16:13:26.0683 0x3088  SstpSvc - ok
16:13:26.0686 0x3088  StateRepository - ok
16:13:26.0715 0x3088  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:13:26.0748 0x3088  Steam Client Service - ok
16:13:26.0753 0x3088  stexstor - ok
16:13:26.0756 0x3088  stisvc - ok
16:13:26.0760 0x3088  storahci - ok
16:13:26.0763 0x3088  storflt - ok
16:13:26.0766 0x3088  stornvme - ok
16:13:26.0769 0x3088  storqosflt - ok
16:13:26.0771 0x3088  StorSvc - ok
16:13:26.0774 0x3088  storufs - ok
16:13:26.0778 0x3088  storvsc - ok
16:13:26.0781 0x3088  svsvc - ok
16:13:26.0784 0x3088  swenum - ok
16:13:26.0788 0x3088  swprv - ok
16:13:26.0790 0x3088  Synth3dVsc - ok
16:13:26.0793 0x3088  SysMain - ok
16:13:26.0797 0x3088  SystemEventsBroker - ok
16:13:26.0800 0x3088  TabletInputService - ok
16:13:26.0803 0x3088  TapiSrv - ok
16:13:26.0806 0x3088  Tcpip - ok
16:13:26.0809 0x3088  Tcpip6 - ok
16:13:26.0813 0x3088  tcpipreg - ok
16:13:26.0817 0x3088  tdx - ok
16:13:27.0019 0x3088  [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer      D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
16:13:27.0159 0x3088  TeamViewer - ok
16:13:27.0169 0x3088  terminpt - ok
16:13:27.0172 0x3088  TermService - ok
16:13:27.0175 0x3088  Themes - ok
16:13:27.0179 0x3088  TieringEngineService - ok
16:13:27.0183 0x3088  tiledatamodelsvc - ok
16:13:27.0186 0x3088  TimeBrokerSvc - ok
16:13:27.0189 0x3088  TokenBroker - ok
16:13:27.0192 0x3088  TPM - ok
16:13:27.0195 0x3088  TrkWks - ok
16:13:27.0199 0x3088  TrustedInstaller - ok
16:13:27.0204 0x3088  TsUsbFlt - ok
16:13:27.0207 0x3088  TsUsbGD - ok
16:13:27.0210 0x3088  tsusbhub - ok
16:13:27.0214 0x3088  tunnel - ok
16:13:27.0220 0x3088  tzautoupdate - ok
16:13:27.0222 0x3088  UASPStor - ok
16:13:27.0225 0x3088  UcmCx0101 - ok
16:13:27.0228 0x3088  UcmTcpciCx0101 - ok
16:13:27.0231 0x3088  UcmUcsi - ok
16:13:27.0234 0x3088  Ucx01000 - ok
16:13:27.0238 0x3088  UdeCx - ok
16:13:27.0240 0x3088  udfs - ok
16:13:27.0243 0x3088  UEFI - ok
16:13:27.0246 0x3088  UevAgentDriver - ok
16:13:27.0249 0x3088  UevAgentService - ok
16:13:27.0252 0x3088  Ufx01000 - ok
16:13:27.0255 0x3088  UfxChipidea - ok
16:13:27.0258 0x3088  ufxsynopsys - ok
16:13:27.0264 0x3088  UI0Detect - ok
16:13:27.0267 0x3088  umbus - ok
16:13:27.0270 0x3088  UmPass - ok
16:13:27.0273 0x3088  UmRdpService - ok
16:13:27.0278 0x3088  UnistoreSvc - ok
16:13:27.0283 0x3088  upnphost - ok
16:13:27.0286 0x3088  UrsChipidea - ok
16:13:27.0290 0x3088  UrsCx01000 - ok
16:13:27.0294 0x3088  UrsSynopsys - ok
16:13:27.0297 0x3088  usbaudio - ok
16:13:27.0301 0x3088  usbccgp - ok
16:13:27.0304 0x3088  usbcir - ok
16:13:27.0307 0x3088  usbehci - ok
16:13:27.0309 0x3088  usbhub - ok
16:13:27.0313 0x3088  USBHUB3 - ok
16:13:27.0317 0x3088  usbohci - ok
16:13:27.0319 0x3088  usbprint - ok
16:13:27.0324 0x3088  [ 96B48485A7CC2C0A63C196A16403C5F3, 4E364DE1FE19D14D5BA4F4360563BB49F4DEC90430771C12376C0B1BB70CFD37 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:13:27.0338 0x3088  usbscan - ok
16:13:27.0342 0x3088  usbser - ok
16:13:27.0344 0x3088  USBSTOR - ok
16:13:27.0348 0x3088  usbuhci - ok
16:13:27.0352 0x3088  USBXHCI - ok
16:13:27.0356 0x3088  UserDataSvc - ok
16:13:27.0362 0x3088  UserManager - ok
16:13:27.0365 0x3088  UsoSvc - ok
16:13:27.0368 0x3088  VaultSvc - ok
16:13:27.0373 0x3088  [ 57BFF0ADE329BC2596F060A07D3AF2B9, CEC4CE14B8BB5DAB58F30399999703A4FFF601768890DB185D21C2C9EA3A5666 ] VBAudioVMVAIOMME C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys
16:13:27.0383 0x3088  VBAudioVMVAIOMME - ok
16:13:27.0387 0x3088  vdrvroot - ok
16:13:27.0390 0x3088  vds - ok
16:13:27.0394 0x3088  VerifierExt - ok
16:13:27.0397 0x3088  vhdmp - ok
16:13:27.0401 0x3088  vhf - ok
16:13:27.0418 0x3088  [ 20D3701C516BB42F81A22EB727B9E419, 08A8D12626A322790C6679554D49AE388E33316121226DE9FCA9C22C8F509C56 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
16:13:27.0438 0x3088  VIAHdAudAddService - ok
16:13:27.0444 0x3088  [ 097A1A16F9F38715CEAA092DE626F517, 5D51D74C3264ADEA1A50F6620150B284E54C5294A548D1BC940B3B5FF5343998 ] VIAKaraokeService C:\WINDOWS\system32\viakaraokesrv.exe
16:13:27.0462 0x3088  VIAKaraokeService - ok
16:13:27.0466 0x3088  vmbus - ok
16:13:27.0468 0x3088  VMBusHID - ok
16:13:27.0471 0x3088  vmgid - ok
16:13:27.0474 0x3088  vmicguestinterface - ok
16:13:27.0478 0x3088  vmicheartbeat - ok
16:13:27.0482 0x3088  vmickvpexchange - ok
16:13:27.0485 0x3088  vmicrdv - ok
16:13:27.0488 0x3088  vmicshutdown - ok
16:13:27.0490 0x3088  vmictimesync - ok
16:13:27.0493 0x3088  vmicvmsession - ok
16:13:27.0496 0x3088  vmicvss - ok
16:13:27.0500 0x3088  volmgr - ok
16:13:27.0504 0x3088  volmgrx - ok
16:13:27.0506 0x3088  volsnap - ok
16:13:27.0510 0x3088  volume - ok
16:13:27.0513 0x3088  vpci - ok
16:13:27.0516 0x3088  vsmraid - ok
16:13:27.0520 0x3088  VSS - ok
16:13:27.0523 0x3088  VSTXRAID - ok
16:13:27.0526 0x3088  vwifibus - ok
16:13:27.0529 0x3088  vwififlt - ok
16:13:27.0532 0x3088  W32Time - ok
16:13:27.0535 0x3088  WacomPen - ok
16:13:27.0538 0x3088  WalletService - ok
16:13:27.0542 0x3088  wanarp - ok
16:13:27.0546 0x3088  wanarpv6 - ok
16:13:27.0549 0x3088  wbengine - ok
16:13:27.0552 0x3088  WbioSrvc - ok
16:13:27.0555 0x3088  wcifs - ok
16:13:27.0560 0x3088  Wcmsvc - ok
16:13:27.0563 0x3088  wcncsvc - ok
16:13:27.0566 0x3088  wcnfs - ok
16:13:27.0569 0x3088  WdBoot - ok
16:13:27.0573 0x3088  Wdf01000 - ok
16:13:27.0576 0x3088  WdFilter - ok
16:13:27.0580 0x3088  WdiServiceHost - ok
16:13:27.0583 0x3088  WdiSystemHost - ok
16:13:27.0586 0x3088  wdiwifi - ok
16:13:27.0589 0x3088  WdNisDrv - ok
16:13:27.0592 0x3088  WdNisSvc - ok
16:13:27.0596 0x3088  WebClient - ok
16:13:27.0600 0x3088  Wecsvc - ok
16:13:27.0603 0x3088  WEPHOSTSVC - ok
16:13:27.0607 0x3088  wercplsupport - ok
16:13:27.0610 0x3088  WerSvc - ok
16:13:27.0613 0x3088  WFDSConMgrSvc - ok
16:13:27.0616 0x3088  WFPLWFS - ok
16:13:27.0619 0x3088  WiaRpc - ok
16:13:27.0623 0x3088  WIMMount - ok
16:13:27.0625 0x3088  WinDefend - ok
16:13:27.0631 0x3088  WindowsTrustedRT - ok
16:13:27.0633 0x3088  WindowsTrustedRTProxy - ok
16:13:27.0637 0x3088  WinHttpAutoProxySvc - ok
16:13:27.0640 0x3088  WinMad - ok
16:13:27.0647 0x3088  Winmgmt - ok
16:13:27.0651 0x3088  WinNat - ok
16:13:27.0654 0x3088  WinRM - ok
16:13:27.0660 0x3088  WINUSB - ok
16:13:27.0663 0x3088  WinVerbs - ok
16:13:27.0666 0x3088  wisvc - ok
16:13:27.0669 0x3088  WlanSvc - ok
16:13:27.0672 0x3088  wlidsvc - ok
16:13:27.0676 0x3088  wlpasvc - ok
16:13:27.0678 0x3088  WmiAcpi - ok
16:13:27.0684 0x3088  wmiApSrv - ok
16:13:27.0687 0x3088  WMPNetworkSvc - ok
16:13:27.0694 0x3088  [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
16:13:27.0710 0x3088  Wof - ok
16:13:27.0716 0x3088  workfolderssvc - ok
16:13:27.0720 0x3088  WPDBusEnum - ok
16:13:27.0723 0x3088  WpdUpFltr - ok
16:13:27.0726 0x3088  WpnService - ok
16:13:27.0730 0x3088  WpnUserService - ok
16:13:27.0735 0x3088  ws2ifsl - ok
16:13:27.0738 0x3088  wscsvc - ok
16:13:27.0741 0x3088  WSearch - ok
16:13:27.0746 0x3088  wuauserv - ok
16:13:27.0750 0x3088  WudfPf - ok
16:13:27.0752 0x3088  WUDFRd - ok
16:13:27.0756 0x3088  wudfsvc - ok
16:13:27.0760 0x3088  WUDFWpdFs - ok
16:13:27.0765 0x3088  WwanSvc - ok
16:13:27.0769 0x3088  xbgm - ok
16:13:27.0772 0x3088  XblAuthManager - ok
16:13:27.0775 0x3088  XblGameSave - ok
16:13:27.0779 0x3088  xboxgip - ok
16:13:27.0783 0x3088  XboxGipSvc - ok
16:13:27.0787 0x3088  XboxNetApiSvc - ok
16:13:27.0790 0x3088  xinputhid - ok
16:13:27.0835 0x3088  [ 322600D57876851514AE6DFE705EBF7C, 9AF962D9700B4103935A3A533515F7BA8B3EF66274B8CDE22CDC259A67AB599C ] XperiaCompanionService C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
16:13:27.0883 0x3088  XperiaCompanionService - ok
16:13:27.0886 0x3088  ================ Scan global ===============================
16:13:27.0895 0x3088  [ Global ] - ok
16:13:27.0895 0x3088  ================ Scan MBR ==================================
16:13:27.0897 0x3088  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:13:27.0947 0x3088  \Device\Harddisk0\DR0 - ok
16:13:27.0962 0x3088  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:13:28.0023 0x3088  \Device\Harddisk1\DR1 - ok
16:13:28.0027 0x3088  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
16:13:28.0132 0x3088  \Device\Harddisk2\DR2 - ok
16:13:28.0136 0x3088  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk3\DR3
16:13:30.0059 0x3088  \Device\Harddisk3\DR3 - ok
16:13:30.0059 0x3088  ================ Scan VBR ==================================
16:13:30.0061 0x3088  [ 161A07F9608647D652EE3BA63E691018 ] \Device\Harddisk0\DR0\Partition1
16:13:30.0062 0x3088  \Device\Harddisk0\DR0\Partition1 - ok
16:13:30.0064 0x3088  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
16:13:30.0065 0x3088  \Device\Harddisk0\DR0\Partition2 - ok
16:13:30.0067 0x3088  [ E12CB558778D141071425F22F399E7BA ] \Device\Harddisk0\DR0\Partition3
16:13:30.0068 0x3088  \Device\Harddisk0\DR0\Partition3 - ok
16:13:30.0071 0x3088  [ FCD394C36574A7D0C82D1582BF7F2ECD ] \Device\Harddisk0\DR0\Partition4
16:13:30.0073 0x3088  \Device\Harddisk0\DR0\Partition4 - ok
16:13:30.0096 0x3088  [ 7C7693CF0F248165AFCD537E21247F3A ] \Device\Harddisk1\DR1\Partition1
16:13:30.0098 0x3088  \Device\Harddisk1\DR1\Partition1 - ok
16:13:30.0100 0x3088  [ A89D815E09A00625A16E03F6BC4C42FB ] \Device\Harddisk2\DR2\Partition1
16:13:30.0102 0x3088  \Device\Harddisk2\DR2\Partition1 - ok
16:13:30.0105 0x3088  [ E9F11B7605797CF9B7C2D3D3E90E7E06 ] \Device\Harddisk3\DR3\Partition1
16:13:30.0107 0x3088  \Device\Harddisk3\DR3\Partition1 - ok
16:13:30.0108 0x3088  ================ Scan generic autorun ======================
16:13:30.0108 0x3088  SecurityHealth - ok
16:13:30.0191 0x3088  [ DB5598036532462FEAFE35A82FA6A225, CE12077EAC32A544C92C1FEB851C2B6C9B6D855944FE8A3CF618D57F5A7F119B ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
16:13:30.0282 0x3088  HDAudDeck - ok
16:13:30.0311 0x3088  [ 8DD6F98101EBBA3FC92C8092333A6B32, 80FE7E4433731614B92F8C0256EA5440508C535EBDA45188D1225BFEDA6F0F67 ] D:\Program Files\AVAST Software\Avast\AvLaunch.exe
16:13:30.0323 0x3088  AvastUI.exe - ok
16:13:30.0428 0x3088  [ 5602FF42444B4991E69C62E493BDAEC4, 7AE46CA0CD1E1C091B31EE4A691C26823E0F1AB1CA6B1C29E6C662BF7E28A996 ] D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
16:13:30.0488 0x3088  Malwarebytes TrayApp - ok
16:13:30.0504 0x3088  [ 395CB6E8C67BFB1063AD86987909C184, 15F3BA6DF6D0C5C8FB9FF0AB661A5A652F26BAB7A0FB0DB47874069522400B16 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:13:30.0521 0x3088  SunJavaUpdateSched - ok
16:13:30.0541 0x3088  OneDriveSetup - ok
16:13:30.0543 0x3088  OneDriveSetup - ok
16:13:30.0574 0x3088  [ 00F30FDFDE3E276C1A731C2DF951D67E, 018E6933882FCC41EE96E198E6F7ECEFB53EC650B1044A58876B26EDE011158B ] C:\Users\axelk\AppData\Local\Microsoft\OneDrive\OneDrive.exe
16:13:30.0611 0x3088  OneDrive - ok
16:13:30.0635 0x3088  [ 54C4D03796D44AA8A0BABE7B1B66DC30, C22DDD28A0F838E9025F9212339B4377D2A9269D781D64727ADD365A62773E83 ] C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
16:13:30.0662 0x3088  Overwolf - ok
16:13:30.0900 0x3088  [ 4A4FF358B1ECCAEDBBDAEF293613CEC5, 0697FCBC726F2BC2573495CD878F9309235DB7289DD76FB9406233D01D546272 ] D:\Program Files\CCleaner\CCleaner64.exe
16:13:31.0074 0x3088  CCleaner Monitoring - ok
16:13:31.0185 0x3088  [ 0B4431D8286AB24483CEBA4503DCB6B1, 70D54CDDC8CBFAEB11CABF7A1DEA69CBE420EFCA96381E8753AD9326407875EE ] D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe
16:13:31.0246 0x3088  World of Tanks - ok
16:13:31.0287 0x3088  [ 5F025EBD25CC30866AD7CC3301EFA329, 35ED27A0AB49EA85465F84D0E396F113CE22CD229C25286166C9B1F3222DC6D1 ] C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
16:13:31.0330 0x3088  XperiaCompanionAgent - ok
16:13:31.0373 0x3088  Skype - ok
16:13:31.0378 0x3088  AV detected via SS2: Avast Antivirus, D:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 17.4.3482.0 ), 0x41000 ( enabled : updated )
16:13:31.0379 0x3088  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.0 ), 0x60100 ( disabled : updated )
16:13:31.0381 0x3088  Win FW state via NFP2: enabled ( trusted )
16:13:31.0442 0x3088  ============================================================
16:13:31.0442 0x3088  Scan finished
16:13:31.0442 0x3088  ============================================================
16:13:31.0449 0x36e4  Detected object count: 0
16:13:31.0449 0x36e4  Actual detected object count: 0

M-K-D-B · 08.06.2017, 21:53

Ich bitte um Beachtung meiner Hinweise, insbesondere Punkt 6.

uxel · 08.06.2017, 22:20

Brauchst du etwas nochmal?

und lag's am Administrator oder am Unterordner?

M-K-D-B · 09.06.2017, 14:59

Zitat:

Zitat von uxel

(...) am Unterordner?

daran

Meine Hinweise zu Beginn sind da eindeutig.

uxel · 09.06.2017, 17:38

Ich schließe daraus, dass FRST und Addition nochmal gemacht werden sollen.
Eindeutige und prägnante Anweisungen sind i.d.R. immer besser als Verweise auf große Textbausteine. (kleine Anmerkung meinerseits, nicht persönlich nehmen)

Hier also die neuen Logs:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2017 01
durchgeführt von axelk (Administrator) auf DESKTOP-NEE8C9I (09-06-2017 18:00:21)
Gestartet von C:\Users\axelk\Desktop
Geladene Profile: axelk (Verfügbare Profile: axelk)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(AVAST Software s.r.o.) D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Wargaming.net) D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.104.211.0\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.211.0\OverwolfHelper.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.211.0\OverwolfHelper64.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1522.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\update_task.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2016-07-30] (VIA)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-04] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ACHTUNG
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-06-06] ()
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [World of Tanks] => D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2088832 2016-12-22] (Sony)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
Startup: C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2017-05-12]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicy: Beschränkung <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4beea3e3-899f-4d05-a6a5-2d83c6087d76}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-632498878-1310639711-2934333010-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 0ksa54iq.default-1493836180353
FF ProfilePath: C:\Users\axelk\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 [2017-06-09]
FF Homepage: Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 -> about:home
FF Extension: (I don't care about cookies) - C:\Users\axelk\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2017-05-03]
FF Extension: (Adblock Plus) - C:\Users\axelk\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @FortinetCacheClean -> D:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> D:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> D:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-02-25]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-04] (AVAST Software)
R2 FA_Scheduler; D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [119826 2017-03-08] (Fortinet Inc.) [Datei ist nicht signiert]
R3 hpqcxs08; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2011-04-29] (Hewlett-Packard Co.)
R2 hpqddsvc; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
R2 IObitUnSvr; D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-07-31] () [Datei ist nicht signiert]
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-30] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-06-06] (Overwolf LTD)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies)
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27768 2016-07-30] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-04] (AVAST Software)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [18000 2017-03-08] (Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [37456 2017-03-08] (Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [147536 2017-03-08] (Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [85072 2017-03-08] (Fortinet Inc)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Inc)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2016-10-05] (Sony Mobile Communications)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2017-05-06] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-09] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Inc.)
S3 RTL2831UBDA; C:\WINDOWS\system32\drivers\RTL2831UBDA.sys [116000 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys [39968 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-05-12] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-06-09 18:00 - 2017-06-09 18:00 - 00018918 _____ C:\Users\axelk\Desktop\FRST.txt
2017-06-09 10:07 - 2017-06-09 10:07 - 00000222 _____ C:\Users\axelk\Desktop\PAYDAY 2.url
2017-06-09 10:07 - 2017-06-09 10:07 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-08 16:10 - 2017-06-08 16:19 - 00167226 _____ C:\TDSSKiller.3.1.0.15_08.06.2017_16.10.31_log.txt
2017-06-08 16:09 - 2017-06-08 16:09 - 04922400 _____ (AO Kaspersky Lab) C:\Users\axelk\Desktop\tdsskiller(1).exe
2017-06-07 23:32 - 2017-06-07 23:32 - 00000000 ____D C:\Users\axelk\.TeamSpeak 3
2017-06-07 23:32 - 2017-06-07 23:32 - 00000000 ____D C:\Users\axelk\.QtWebEngineProcess
2017-06-06 22:44 - 2017-06-06 22:44 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-05 18:34 - 2017-06-05 18:34 - 00000000 ____D C:\Users\axelk\AppData\Roaming\SolidDocuments
2017-06-03 10:41 - 2017-06-03 10:41 - 00000794 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-02 17:38 - 2017-06-02 17:38 - 00000835 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-06-02 10:17 - 2017-06-02 10:21 - 00000000 ____D C:\Program Files (x86)\IObit
2017-06-02 10:17 - 2017-06-02 10:17 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2017-06-01 22:03 - 2017-06-01 22:20 - 00182046 _____ C:\TDSSKiller.3.1.0.15_01.06.2017_22.03.51_log.txt
2017-06-01 21:59 - 2017-06-08 16:06 - 02435072 _____ (Farbar) C:\Users\axelk\Desktop\FRST64.exe
2017-06-01 10:31 - 2017-06-01 10:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-01 10:31 - 2017-05-01 22:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-06-01 10:31 - 2017-03-10 23:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-01 10:31 - 2017-03-10 23:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-01 10:31 - 2017-03-10 23:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-01 10:31 - 2017-03-10 23:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-01 10:30 - 2017-05-19 18:07 - 00521816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-06-01 10:29 - 2017-06-01 10:31 - 00000000 ____D C:\WINDOWS\LastGood
2017-05-30 19:34 - 2017-06-09 18:00 - 00000000 ____D C:\FRST
2017-05-30 10:35 - 2017-05-30 10:35 - 00000000 ____D C:\Program Files (x86)\ESET
2017-05-30 10:14 - 2017-05-30 10:23 - 00000000 ____D C:\AdwCleaner
2017-05-29 12:43 - 2017-05-29 12:43 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-22 11:55 - 2017-05-22 11:55 - 00001236 _____ C:\Users\axelk\Desktop\Firefox.lnk
2017-05-19 18:05 - 2017-05-19 18:05 - 35397528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-19 18:04 - 2017-05-19 18:04 - 28632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-19 18:04 - 2017-05-19 18:04 - 00969624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-19 18:04 - 2017-05-19 18:04 - 00920664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 01996696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438205.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 01598360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438205.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 01062808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 00999832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-19 18:03 - 2017-05-19 18:03 - 00054680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 40210512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 35290192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 03800984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-19 18:02 - 2017-05-19 18:02 - 03256408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 11161992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 10648512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 09102480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 08891160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 00703880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-19 17:48 - 2017-05-19 17:48 - 00591672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-19 17:47 - 2017-05-19 17:47 - 11129704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-19 17:47 - 2017-05-19 17:47 - 09335520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-19 17:47 - 2017-05-19 17:47 - 03647864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-19 14:22 - 2017-05-19 14:22 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-05-19 14:22 - 2017-05-19 14:22 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-05-19 13:12 - 2017-06-09 08:15 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-19 13:12 - 2017-06-06 19:34 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-19 13:12 - 2017-06-02 21:50 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-19 13:12 - 2017-06-02 21:50 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-19 13:12 - 2017-06-02 21:50 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00000974 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-19 12:31 - 2017-05-19 12:31 - 00000000 ____D C:\Users\axelk\AppData\Local\Macromedia
2017-05-18 16:44 - 2017-05-19 12:43 - 00003475 _____ C:\Users\axelk\AppData\Roaming\go00001.bak
2017-05-18 13:56 - 2017-05-18 13:56 - 00000000 ____D C:\Users\axelk\AppData\Local\PeerDistRepub
2017-05-17 22:55 - 2017-05-17 22:55 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-17 22:55 - 2017-05-17 22:55 - 00000000 ____D C:\Program Files (x86)\Skype
2017-05-17 12:54 - 2017-06-09 17:58 - 00000000 ____D C:\Users\axelk\AppData\LocalLow\Mozilla
2017-05-17 11:29 - 2017-05-17 11:29 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Sun
2017-05-17 11:24 - 2017-06-09 09:06 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\axelk\AppData\Local\VirtualStore
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\axelk\AppData\Local\DBG
2017-05-16 12:58 - 2017-05-16 12:58 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Program Files (x86)\UltraUXThemePatcher
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll.backup
2017-05-12 14:50 - 2017-06-09 02:09 - 00004421 _____ C:\Users\axelk\AppData\Roaming\VoiceMeeterDefault.xml
2017-05-12 14:46 - 2017-05-12 14:46 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files\VB
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files (x86)\VB
2017-05-12 14:05 - 2017-05-12 14:05 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-12 14:05 - 2017-05-12 14:05 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-12 14:05 - 2017-05-12 14:05 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-12 14:04 - 2017-05-12 14:04 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-12 14:04 - 2017-05-12 14:04 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-12 14:04 - 2017-05-12 14:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-12 14:02 - 2017-05-12 13:08 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-12 14:01 - 2017-05-12 14:01 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-12 13:23 - 2017-05-12 13:23 - 00000020 ___SH C:\Users\axelk\ntuser.ini
2017-05-12 13:19 - 2017-06-09 08:19 - 03329016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-12 13:15 - 2017-06-09 08:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-12 13:15 - 2017-05-31 12:25 - 00004044 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469838226
2017-05-12 13:15 - 2017-05-12 13:25 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-12 13:15 - 2017-05-12 13:15 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00003332 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-12 13:15 - 2017-05-12 13:15 - 00002942 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-12 13:15 - 2017-05-12 13:15 - 00002668 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00002254 _____ C:\WINDOWS\System32\Tasks\{3B57F17C-6AA3-4C62-82EB-0F2C06B4EF12}
2017-05-12 13:15 - 2017-05-12 13:15 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-12 13:10 - 2017-05-12 13:13 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-12 13:10 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-12 13:09 - 2017-06-09 02:10 - 00000000 ____D C:\Users\axelk
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Vorlagen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Startmenü
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Netzwerkumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Lokale Einstellungen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Eigene Dateien
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Druckumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\AppData\Local\Verlauf
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\AppData\Local\Anwendungsdaten
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\axelk\Anwendungsdaten
2017-05-12 13:09 - 2017-05-01 22:51 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-12 13:09 - 2017-05-01 22:51 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-12 13:09 - 2017-04-25 23:11 - 07944687 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-12 13:08 - 2017-06-09 17:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-12 13:08 - 2017-06-09 01:00 - 00389544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-12 13:08 - 2017-06-01 10:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-12 13:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____D C:\Program Files\VIA
2017-05-11 18:06 - 2017-05-11 18:06 - 00001100 _____ C:\Users\axelk\Desktop\TWD Staffel 7 - Verknüpfung.lnk
2017-05-11 17:48 - 2017-05-17 11:23 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-11 01:10 - 2017-03-04 08:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-05-10 15:25 - 2017-05-10 15:25 - 00000000 ____D C:\Users\axelk\AppData\Local\UNP
2017-05-10 11:24 - 2017-05-10 11:24 - 00001252 _____ C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update- und Datenschutzeinstellungen.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-06-09 18:00 - 2016-07-30 23:50 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Skype
2017-06-09 10:11 - 2016-08-01 14:40 - 00000000 ____D C:\Users\axelk\AppData\Local\Steam
2017-06-09 09:01 - 2016-08-01 15:52 - 00000000 ____D C:\Users\axelk\AppData\Local\Overwolf
2017-06-09 08:19 - 2017-03-20 06:41 - 01608110 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-09 08:19 - 2017-03-20 06:41 - 00397172 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-09 02:10 - 2017-03-18 13:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-09 02:09 - 2016-07-30 10:20 - 00000000 ____D C:\Users\axelk\AppData\Roaming\vlc
2017-06-09 01:01 - 2016-08-01 16:00 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-06-08 21:29 - 2016-07-30 00:25 - 00000000 ____D C:\Users\axelk\AppData\Local\Packages
2017-06-08 09:29 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-08 09:24 - 2016-07-30 00:31 - 00000000 ____D C:\Users\axelk\AppData\Local\MicrosoftEdge
2017-06-08 08:37 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-08 00:38 - 2016-08-01 15:54 - 00000000 ____D C:\Users\axelk\AppData\Roaming\TS3Client
2017-06-07 17:14 - 2016-08-01 04:01 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-07 17:13 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-07 17:13 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-02 10:21 - 2017-05-09 18:10 - 00000000 ____D C:\Users\axelk\AppData\LocalLow\IObit
2017-06-02 10:17 - 2017-05-09 18:10 - 00000000 ____D C:\Users\axelk\AppData\Roaming\IObit
2017-06-01 10:31 - 2014-04-09 23:47 - 00000000 ____D C:\temp
2017-05-31 16:43 - 2016-09-26 01:02 - 00000735 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-30 09:51 - 2016-07-30 10:49 - 00202476 _____ C:\WINDOWS\hpoins14.dat
2017-05-30 09:49 - 2015-10-30 09:24 - 00000127 _____ C:\WINDOWS\win.ini
2017-05-29 12:42 - 2016-07-30 00:25 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Adobe
2017-05-23 12:08 - 2016-07-31 00:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 12:06 - 2016-07-31 00:14 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-21 21:09 - 2016-07-30 00:27 - 00000000 ____D C:\Users\axelk\AppData\Local\Comms
2017-05-19 18:07 - 2017-03-20 06:43 - 00427608 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-05-19 18:03 - 2017-01-04 16:19 - 01609232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-05-19 18:03 - 2017-01-04 16:19 - 00226712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-05-19 17:47 - 2017-01-04 16:02 - 04136736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-19 15:14 - 2017-04-26 16:23 - 00000000 ____D C:\Insist
2017-05-19 14:22 - 2017-01-04 11:07 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb
2017-05-18 09:40 - 2017-03-30 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-18 09:40 - 2016-07-30 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-17 12:54 - 2016-07-30 00:32 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Mozilla
2017-05-17 11:26 - 2017-05-06 14:41 - 00000831 _____ C:\Users\Public\Desktop\freenet TV Player.lnk
2017-05-17 11:26 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-17 11:25 - 2017-05-06 14:41 - 00000000 ____D C:\Users\axelk\AppData\Roaming\freenet TV Player
2017-05-17 11:23 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 __RSD C:\WINDOWS\Media
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\security
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-16 11:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-12 22:44 - 2016-07-30 02:21 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
2017-05-12 14:07 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-12 13:25 - 2016-07-30 00:28 - 00002428 _____ C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-12 13:24 - 2016-09-30 09:57 - 00000000 ____D C:\Users\axelk\AppData\Local\ConnectedDevicesPlatform
2017-05-12 13:23 - 2016-04-27 07:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-12 13:18 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-12 13:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-12 13:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-12 13:15 - 2017-03-20 06:43 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-12 13:15 - 2016-09-30 09:54 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-12 13:13 - 2017-05-09 19:09 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-12 13:13 - 2016-08-01 16:00 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-05-12 13:13 - 2016-08-01 15:17 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-05-12 13:13 - 2016-08-01 03:10 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-05-12 13:13 - 2016-07-30 01:42 - 00000000 ____D C:\Users\axelk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-12 13:11 - 2016-07-30 00:21 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-12 13:10 - 2017-02-11 12:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-12 13:10 - 2016-07-30 02:08 - 00000000 ____D C:\Program Files\Intel
2017-05-12 13:10 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-12 13:09 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-11 18:06 - 2017-05-09 17:25 - 00016896 ___SH C:\Users\axelk\Desktop\Thumbs.db

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-05-18 16:44 - 2017-05-19 12:43 - 0003475 _____ () C:\Users\axelk\AppData\Roaming\go00001.bak
2017-05-12 14:50 - 2017-06-09 02:09 - 0004421 _____ () C:\Users\axelk\AppData\Roaming\VoiceMeeterDefault.xml
2016-08-01 04:09 - 2016-08-01 04:09 - 0000042 _____ () C:\Users\axelk\AppData\Roaming\WB.CFG
2017-04-05 20:20 - 2017-04-05 20:20 - 0007602 _____ () C:\Users\axelk\AppData\Local\Resmon.ResmonCfg
2016-07-30 10:49 - 2017-05-30 09:51 - 0008122 _____ () C:\ProgramData\hpzinstall.log
2017-05-16 11:32 - 2017-05-16 12:58 - 0003475 _____ () C:\ProgramData\_MC000001.bak

Einige Dateien in TEMP:
====================
2017-06-08 09:29 - 2017-05-02 09:43 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\axelk\AppData\Local\Temp\HD-Common.dll
2017-06-08 09:29 - 2017-05-02 09:43 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\axelk\AppData\Local\Temp\HD-InstallerUtils.dll
2017-06-08 09:29 - 2017-05-02 09:40 - 0187416 _____ (BlueStack Systems) C:\Users\axelk\AppData\Local\Temp\HD-LibraryHandler.dll
2017-06-08 09:29 - 2017-05-02 09:39 - 0246808 _____ (BlueStack Systems) C:\Users\axelk\AppData\Local\Temp\HD-Logger-Native.dll
2017-06-08 09:29 - 2017-05-02 09:42 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\axelk\AppData\Local\Temp\HD-Uninstaller.exe
2017-06-03 10:40 - 2017-06-03 10:40 - 32100680 _____ () C:\Users\axelk\AppData\Local\Temp\vlc-2.2.6-win64.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-06-01 10:27

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
durchgeführt von axelk (09-06-2017 18:00:54)
Gestartet von C:\Users\axelk\Desktop
Windows 10 Pro Version 1703 (X64) (2017-05-12 11:18:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-632498878-1310639711-2934333010-500 - Administrator - Disabled)
axelk (S-1-5-21-632498878-1310639711-2934333010-1001 - Administrator - Enabled) => C:\Users\axelk
DefaultAccount (S-1-5-21-632498878-1310639711-2934333010-503 - Limited - Disabled)
Gast (S-1-5-21-632498878-1310639711-2934333010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-632498878-1310639711-2934333010-1003 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Ansel (Version: 382.05 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_NS_LP_DocCD (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F2100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F2100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FortiClient (HKLM\...\{C8080F10-F9D9-42C8-81AF-C6DB77E66BFD}) (Version: 5.4.3.0870 - Fortinet Inc)
freenet TV Player (HKLM-x32\...\{DF667F39-4FD4-4E40-9B09-BC335DC77F31}_is1) (Version: 1.1.0.8 - Media Broadcast)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Deskjet All-In-One Software (HKLM\...\{2CB8566A-8EA6-417A-BAB1-1B10A88C79BB}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.3.0.17 - IObit)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 de)) (Version: 53.0 - Mozilla)
Mozilla Firefox 53.0.2 (x86 de) (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Mozilla Firefox 53.0.2 (x86 de)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Mozilla Thunderbird 52.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 de)) (Version: 52.1.1 - Mozilla)
NAPS2 5.3.0 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version:  - Ben Olden-Cooligan)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.211.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.13.201609091558 - Sony Mobile Communications Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.2.1.0 - Manuel Hoefs (Zottel))
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.7.0.0 - Winaero)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
Xperia Companion (HKLM-x32\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony)
Xperia Companion (x32 Version: 1.4.7.0 - Sony) Hidden
Xperia Companion Service (Version: 1.4.7.0 - Sony) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0918E41B-4ACE-47C9-B324-87B92369844D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {11366A5A-5391-4243-B53D-B7703B089700} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-04] (AVAST Software)
Task: {2262A505-C723-4B93-8C54-D54CFEF132B7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {3A93EF94-0E07-4AEB-B93A-23B6119E3ED3} - System32\Tasks\SafeZone scheduled Autoupdate 1469838226 => D:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {7CC7B710-7F65-4E9F-B3C5-51FE25349CF9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-06-06] (Overwolf LTD)
Task: {B4418451-ADAE-4B4A-ACF2-1156D8C0CAA9} - System32\Tasks\{3B57F17C-6AA3-4C62-82EB-0F2C06B4EF12} => pcalua.exe -a C:\Users\axelk\AppData\Roaming\AppTrailers\Uninstall.exe
Task: {C3848A7A-7D88-4349-9540-C75BDD395579} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {CEA438F3-0BE1-4ABB-BDC4-FC05E13A5342} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F9F9C01F-5782-4D86-86B6-D133AE3F6229} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-09-30 20:49 - 2016-08-02 22:56 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-30 02:07 - 2016-07-30 02:06 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2016-07-30 02:07 - 2016-07-30 02:06 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2017-05-19 20:17 - 2017-05-19 20:17 - 00069632 _____ () D:\Program Files\CCleaner\lang\lang-1031.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 08:37 - 2017-06-08 08:37 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 43318784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 08:37 - 2017-06-08 08:37 - 02427904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-08 11:18 - 2017-05-08 11:20 - 00765440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-05-08 11:18 - 2017-05-08 11:20 - 10601984 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-05-08 11:18 - 2017-05-08 11:20 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-05 15:57 - 2017-05-05 16:01 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-07-30 01:06 - 2016-07-30 01:06 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 15:57 - 2017-05-05 16:01 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-06-07 09:53 - 2017-06-07 09:53 - 03982336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1522.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-05-23 15:34 - 2017-05-23 15:34 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1522.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-24 12:32 - 2017-05-24 12:32 - 13096136 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-04-22 15:12 - 2017-04-22 15:12 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-04-22 15:12 - 2017-04-22 15:12 - 15069696 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2017-03-29 17:14 - 2017-03-29 17:14 - 04123032 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-07-30 01:03 - 2016-07-30 01:03 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-05-24 12:32 - 2017-05-24 12:32 - 01726976 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
2017-05-08 11:18 - 2017-05-08 11:20 - 00054272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-05-09 18:10 - 2016-06-21 19:29 - 00210720 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-05-09 18:10 - 2016-06-21 19:30 - 00442144 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-05-09 18:10 - 2016-06-21 19:29 - 00059680 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-09-30 18:46 - 2016-09-30 18:45 - 02493440 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
2017-03-08 16:07 - 2017-03-08 16:07 - 00548882 _____ () D:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00170216 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00997896 _____ () D:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 67717632 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00176992 _____ () D:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00223224 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00291824 _____ () D:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-04 10:44 - 2017-05-04 10:44 - 00684656 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2017-06-06 10:21 - 2017-06-06 10:21 - 68886856 _____ () C:\Program Files (x86)\Overwolf\0.104.211.0\libcef.DLL
2017-04-26 15:19 - 2017-04-26 15:19 - 02005976 ____R () D:\Program Files (x86)\Skype\Phone\skypert.dll
2017-05-09 18:10 - 2016-05-23 21:49 - 00899872 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-05-09 18:10 - 2016-10-18 16:57 - 00631072 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2013-03-12 18:10 - 2017-05-17 03:54 - 00678176 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 01:36 - 2016-09-01 03:02 - 04969248 _____ () D:\Program Files (x86)\Steam\v8.dll
2014-06-25 15:48 - 2017-06-08 07:42 - 02485536 _____ () D:\Program Files (x86)\Steam\video.dll
2015-01-20 01:36 - 2016-09-01 03:02 - 01195296 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2014-08-30 03:09 - 2016-01-27 09:49 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-20 01:36 - 2016-09-01 03:02 - 01563936 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2014-08-30 03:09 - 2016-01-27 09:49 - 02549760 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 03:09 - 2016-01-27 09:49 - 00491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 03:09 - 2016-01-27 09:49 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 03:09 - 2016-01-27 09:49 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2013-02-25 08:39 - 2017-06-08 07:42 - 00877856 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-11 22:42 - 2016-07-05 00:17 - 00266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2017-06-09 10:11 - 2017-05-08 21:45 - 69516064 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 10:11 - 2017-05-17 03:54 - 00678176 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2013-02-21 16:23 - 2017-06-08 07:42 - 00385312 _____ () D:\Program Files (x86)\Steam\steam.dll
2015-01-20 01:36 - 2015-09-25 01:52 - 00119208 _____ () D:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2017-03-18 23:03 - 2017-03-18 23:01 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-632498878-1310639711-2934333010-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\axelk\AppData\Local\Microsoft\Windows\Themes\1\DesktopBackground\berlin_skyline_2009.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{4A1044FB-C58A-40EF-A6DC-81FF9EC14C71}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B5A988B2-6ED0-4EFF-AA7A-93EE44BF0F03}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F3B4F35-A890-4D11-B2DB-C79065EABF6E}] => (Allow) D:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{087BB19E-3A8E-405E-A256-206C3EB05166}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe
FirewallRules: [{808F1B9E-1405-427D-AC50-182FCAAD68A0}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe
FirewallRules: [{C5986C44-5331-41F8-8336-16FB57EDFBB6}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe
FirewallRules: [{5914DEED-5002-4C36-8E96-86334DD1C20C}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe
FirewallRules: [{260D5894-7067-4C9D-882A-847B45D867D0}] => (Allow) D:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
FirewallRules: [{2CBAAD81-B029-480C-A5C7-01172CCDCD0F}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{4864C0AF-5F7F-43D0-972D-22A0C357D1D3}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{01EB7B1F-CF4C-4484-9508-63DA87D2D717}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{8299F97F-70E5-49CE-ABCC-AB4C1FAA915A}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B64CE02C-D895-4FBD-B104-7E7FF44BC014}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{29904459-EC6F-4F55-826A-896B4728721E}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{594D49DF-82D5-4A40-8A36-84B3E2536945}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1134500B-B0DC-4E71-A92F-2B422A2975C0}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3AFDDE4E-018E-46CD-9B23-62D0418B05A4}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D70CF209-75E1-4654-BCFB-B6B07337C1D5}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{440102DB-0B8C-479C-91E3-62B26A3BF19A}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{49639792-4409-4E93-BF02-0EACF224E3D6}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{AE2A7072-2712-4E07-8F9E-794E69D96E8F}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{822B3CAD-89E2-4100-9B9E-C4A7574BBA4A}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B40C7412-CDCB-4491-A4D5-EEB6760F4DCA}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F48E5C2F-9F05-4C88-969E-B16F52526C76}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{878C6AED-E2DC-4A69-A036-584A79D590EE}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C42D6441-A71A-4865-B846-F3527A7B9086}] => (Allow) D:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{092EC3B6-115D-4FFD-8138-7D1AD1FB3DFE}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{F6C4B94B-6EC3-42B0-B54A-6AAD97B613C5}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{A6570FB1-53DC-48D1-98B7-6B38B0E646BE}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6C41311E-9293-4F27-AF49-D74C831F9684}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FE00941-5BAE-49FE-8225-C9136F4845FC}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F0D7BEF3-512F-4270-A385-E50365B9758F}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8CE021A7-9DE1-403B-893E-E8C0D563A839}] => (Allow) D:\Program Files (x86)\World of Tanks\WoTLauncher.exe
FirewallRules: [{2E457069-E15D-4520-A5EC-92A516D5063D}] => (Allow) D:\Program Files (x86)\World of Tanks\WoTLauncher.exe
FirewallRules: [{AF1667C3-4B7E-4E9B-B8BF-FA87C840A386}] => (Allow) D:\Program Files (x86)\World of Tanks\worldoftanks.exe
FirewallRules: [{BE9215E9-DCB0-46DF-9F81-189E9A77D904}] => (Allow) D:\Program Files (x86)\World of Tanks\worldoftanks.exe
FirewallRules: [{0D99E469-504A-462C-94F5-E7DCF80F8B19}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{B7E939F9-B3DC-4DE2-AA18-FC3A51CCC2B5}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{84F2C865-0465-4CFB-AC69-2C112EDAE3E1}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{604BAB7F-AC3B-4941-9861-532617021D85}] => (Allow) C:\Program Files (x86)\Baglook\Application\chrome.exe
FirewallRules: [{B38E82E2-C02A-4C0B-AF90-55E4D0E9E1C4}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{A13507CD-FC97-43AC-96B9-F4A940021A25}] => (Allow) D:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{AAEB23ED-010A-445A-A664-54B81EE68B21}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{D4711B0A-E501-4AE0-8808-2E18947B77D8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{8BE9E02E-F3EB-4256-A469-6C7EE60FE3BD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{F68492F1-89A9-46F6-BD82-981A1374C26F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{18662886-2EFB-4CBC-B810-4422F5C2C62C}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E7A8C2EE-4E76-4969-8539-332AE9EF1C4D}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

==================== Wiederherstellungspunkte =========================

29-05-2017 17:24:25 Installed EndNote X7
30-05-2017 10:32:32 JRT Pre-Junkware Removal
07-06-2017 09:43:59 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/09/2017 05:45:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/09/2017 09:01:16 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/09/2017 08:22:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (06/09/2017 08:21:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\GTAIV.exe".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/09/2017 08:21:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gta4Browser.exe".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/09/2017 08:21:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007139F
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/09/2017 08:15:50 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007139F
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/09/2017 08:15:26 AM) (Source: KMS-QAD) (EventID: 1001) (User: )
Description: Event-ID 1001

Error: (06/09/2017 01:07:51 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/09/2017 01:01:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007007B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


Systemfehler:
=============
Error: (06/09/2017 05:45:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (06/09/2017 10:11:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (06/09/2017 10:11:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (06/09/2017 08:15:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "KMS-R@1n" wurde mit folgendem Fehler beendet: 
Das Endpunktformat ist unzulässig.

Error: (06/09/2017 08:15:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (06/09/2017 02:10:01 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NEE8C9I)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (06/09/2017 02:10:00 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (06/09/2017 02:10:00 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (06/09/2017 02:09:58 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NEE8C9I)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (06/09/2017 01:00:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "KMS-R@1n" wurde mit folgendem Fehler beendet: 
Das Endpunktformat ist unzulässig.


CodeIntegrity:
===================================
  Date: 2017-06-09 17:45:09.546
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-09 17:45:09.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.211.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-09 17:45:09.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.211.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-09 17:45:09.518
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-09 17:45:09.505
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.211.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-09 17:45:09.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.211.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-09 17:45:09.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-09 17:45:09.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.211.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-09 17:45:09.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.104.211.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-06-09 17:45:04.435
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8150.18 MB
Verfügbarer physikalischer RAM: 5590.16 MB
Summe virtueller Speicher: 9430.18 MB
Verfügbarer virtueller Speicher: 5308.24 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:116.72 GB) (Free:72.03 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:355.12 GB) NTFS
Drive g: (MAXTOR) (Fixed) (Total:465.76 GB) (Free:313.28 GB) NTFS
Drive h: (TREKSTOR) (Fixed) (Total:596.17 GB) (Free:17.83 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 117.4 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EBCA1A5A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 1FCD3B71)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 596.2 GB) (Disk ID: 000C3041)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

MfG

uxel

PS: Darf ich mir wieder Office mit legaler Lizenz aufspielen? (Vgl. Hinweis 4)

M-K-D-B · 10.06.2017, 13:21

Servus,

Office kannst du nach den folgenden Schritten wieder installieren.

Lesestoff:
Warnung vor vlc.de

Den Logdateien ist zu entnehmen, dass du den bekannten VLC Player fälschlicherweise von vlc.de heruntergeladen hast.
Auf dieser Seite gibt es den VLC Player nur in Kombination mit unerwünschter Software wie "Startfenster", "VLC Updater" oder "GoodGame".
Diese Software kann die Startseiten deiner Internetbrowser manipulieren und hat keinerlei Nutzen oder Mehrwert.

Ich möchte dich in deinem eigenen Interesse dringend darum bitten, den VLC Player nur noch von der offiziellen Homepage videolan.org herunterzuladen.

Schritt 1

Kopiere den Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
CloseProcesses:
GroupPolicy: Beschränkung <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ACHTUNG
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-02-25]
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-07-31] () [Datei ist nicht signiert]
C:\Windows\KMS-R@1n.exe
Task: {0918E41B-4ACE-47C9-B324-87B92369844D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {B4418451-ADAE-4B4A-ACF2-1156D8C0CAA9} - System32\Tasks\{3B57F17C-6AA3-4C62-82EB-0F2C06B4EF12} => pcalua.exe -a C:\Users\axelk\AppData\Roaming\AppTrailers\Uninstall.exe
C:\Users\axelk\AppData\Roaming\AppTrailers
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
End::

Starte nun FRST und klicke den Entfernen Button.
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Image File Execution Options Schlüssel
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Firewall
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4

Starte die FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

08.06.2017, 21:53	#11
M-K-D-B /// TB-Ausbilder	cloudfront.net und anderes entfernt - Ist jetzt alles sauber? Ich bitte um Beachtung meiner Hinweise, insbesondere Punkt 6.

cloudfront.net und anderes entfernt - Ist jetzt alles sauber?

Log-Analyse und Auswertung: cloudfront.net und anderes entfernt - Ist jetzt alles sauber?