| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mozilla macht sich selbständigWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.07.2017, 10:30
| #1 | |
 |  Mozilla macht sich selbständig Hallo, seit tagen meine Browser spielt verrückt.Egal was ich klicke öffnet sich werbung seiten. Ich habe diese thema http://www.trojaner-board.de/137905-...s-werbung.html gefunden und ich habe alle stritte gemacht wie beschrieben. Ich weiß jede problem ist anderes aber seit jahren war ich nicht registriert auf eure Forum, ich habe aber immer hier alle Lösungen gefunden für meine pc probleme. Ich wollte jetzt nur posten die Ergebnisse und deine meihnung dazu lessen. EdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.047 - Bericht erstellt am 11/07/2017 um 10:52:51
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-07-10.1 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Desktop\AdwCleaner_6.047.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Users\User\AppData\Local\Essentware
[-] Ordner gelöscht: C:\Users\User\AppData\Roaming\Gameo
[-] Ordner gelöscht: C:\Program Files\Essentware
[-] Ordner gelöscht: C:\ProgramData\Essentware
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\Essentware
[-] Ordner gelöscht: C:\Users\Public\Documents\Guid
[-] Ordner gelöscht: C:\Program Files (x86)\Chip Digital GmbH
[-] Ordner gelöscht: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
[-] Ordner gelöscht: C:\Windows\SysWOW64\SSL
[-] Ordner gelöscht: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\extensions\amcontextmenu@loucypher
***** [ Dateien ] *****
[-] Datei gelöscht: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[-] Datei gelöscht: C:\Windows\SysNative\LavasoftTcpService64.dll
[-] Datei gelöscht: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[-] Datei gelöscht: C:\Windows\SysWOW64\lavasofttcpservice.dll
[-] Datei gelöscht: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
[-] Datei gelöscht: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\extensions\378507@extcorp.net.xpi
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
[-] Aufgabe gelöscht: Microsoft\Windows\Windows Error Reporting\ErrorReporting
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{56AD7EEE-D6C0-410E-8A7B-811DEA764554}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{E8EB2F1F-661E-4A7F-8F9A-77DEB757A906}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Schlüssel gelöscht: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Essentware
[-] Schlüssel gelöscht: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\MICROSOFT\wewewe
[-] Schlüssel gelöscht: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\VideoBox
[-] Schlüssel gelöscht: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\AppDataLow\Software\AppTrailers
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Essentware
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\MICROSOFT\wewewe
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\VideoBox
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\AppDataLow\Software\AppTrailers
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Lavasoft\Web Companion
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Essentware
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\MICROSOFT\wewewe
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\VideoBox
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\AppDataLow\Software\AppTrailers
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Essentware
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\DMunversion
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\PCKeeperLive
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Schlüssel gelöscht: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
[-] Wert gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [9765 Bytes] - [11/07/2017 10:52:51]
C:\AdwCleaner\AdwCleaner[R0].txt - [3222 Bytes] - [15/01/2015 01:34:28]
C:\AdwCleaner\AdwCleaner[R1].txt - [3282 Bytes] - [15/01/2015 01:39:29]
C:\AdwCleaner\AdwCleaner[R2].txt - [1023 Bytes] - [15/01/2015 01:42:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [3328 Bytes] - [15/01/2015 01:40:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [9471 Bytes] - [11/07/2017 10:48:21]
C:\AdwCleaner\AdwCleaner[S2].txt - [9543 Bytes] - [11/07/2017 10:51:38]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10276 Bytes] ##########
DDS: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18698 BrowserJavaVersion: 11.101.2
Run by User at 10:57:16 on 2017-07-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8175.6153 [GMT 2:00]
.
AV: Avira Antivirus *Enabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
SP: Avira Antivirus *Enabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\TEMP\gBA69.tmp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\TEMP\g5772.tmp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.de/
BHO: PDF Architect 3 Helper: {06E08260-0695-4EC1-A74B-1310D8899D93} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
TB: PDF Architect 3 Toolbar: {2DFF3579-5AA7-45B9-9328-1D38EA230861} - LocalServer32 - <no file>
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDrives = dword:65536
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
Trusted Zone: localhost
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{6C4BD96B-A427-4D85-884C-39D2AB9856B3} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{D3BE78AE-491A-4EB0-9B35-2AA566EFA4D5} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{DC4E859E-275F-455F-B61D-4ECFB9081F0F} : DHCPNameServer = 192.168.2.1 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [VIAxHCUtl] C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
x64-RunOnce: [USER-PC] C:\Windows\Temp\gB1A2.tmp.exe
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Hosts: 127.0.0.1 gf.tools.avast.com
Hosts: 127.0.0.1 pair.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.blocklist.detailsURL -
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: extensions.blocklist.interval - 86400
FF - user.js: extensions.blocklist.itemURL -
FF - user.js: extensions.blocklist.url -
============= SERVICES / DRIVERS ===============
.
R0 avdevprot;avdevprot;C:\Windows\System32\drivers\avdevprot.sys [2017-6-14 64504]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-11-18 35328]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-11-18 490968]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-11-18 490968]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-9-27 52896]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-11-18 185032]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2017-6-8 356256]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-11-18 78600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-9-15 1165368]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-9-15 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-9-15 2522680]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-11 411968]
R2 TeamViewer;TeamViewer 12;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-7-19 10351856]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-9-27 31080]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-2-6 25816]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-9-15 28216]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-9-15 3634232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2016-11-13 56384]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-26 769168]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2016-7-19 35112]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-11-26 58536]
S2 AntiVirMailService;Avira Email-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2015-4-1 1128432]
S2 AntiVirWebService;Avira Browser-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-11-18 1524216]
S2 chip1click;chip 1-click download service;"C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe" --> C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-26 125064]
S2 MBAMService;MBAMService;C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [2016-2-6 1135416]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-4-5 317400]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2013-11-26 106816]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2013-5-28 227648]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-12-10 126952]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-12-10 389608]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-9-27 38248]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-9-27 55336]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-12-10 1847296]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-11-20 96256]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-9-27 301680]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-9-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-9-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-9-27 156520]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-9-27 278640]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-6-14 116224]
S3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\l1c51x64.sys [2013-11-27 104600]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-2-6 63704]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2013-11-20 230280]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-15 59392]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2013-11-20 225792]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2013-11-20 296960]
.
=============== Created Last 30 ================
.
2017-07-11 07:23:51 -------- d-----w- C:\Windows\pss
2017-07-09 19:22:43 -------- d-----w- C:\Windows.old
2017-07-09 18:27:56 -------- dc----w- C:\Program Files (x86)\BestCleanerW
2017-07-09 18:26:53 -------- d-----w- C:\ProgramData\WindowsErrorReporting
2017-07-07 07:14:50 525312 ----a-w- C:\Windows\a4d6805b664cde1f9bb2b86f4effdfd7.exe
2017-07-07 01:50:26 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FC16A10-9BEA-46C6-8E68-9CB07A52D5DB}\mpengine.dll
2017-06-14 15:26:58 117248 ----a-w- C:\Windows\System32\drivers\tdx.sys
2017-06-14 14:53:14 64504 ----a-w- C:\Windows\System32\drivers\avdevprot.sys
.
==================== Find3M ====================
.
2017-06-16 17:30:08 803328 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-06-16 17:30:08 144896 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-06-14 14:50:24 34128 ----a-w- C:\Windows\System32\drivers\avusbflt.sys
2017-06-14 14:50:24 185032 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2017-04-17 01:27:45 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2016-09-29 19:50:20 626688 -c--a-w- C:\Program Files (x86)\openoffice413.msi
2016-09-29 19:50:20 478720 -c--a-w- C:\Program Files (x86)\setup.exe
.
============= FINISH: 10:59:57,60 ===============
Zitat:
|
|
12.07.2017, 13:23
| #2 |
| /// TB-Ausbilder   | Mozilla macht sich selbständig Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
13.07.2017, 12:12
| #3 |
| | Mozilla macht sich selbständig Hallo, hier die ergebnisse
__________________FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
durchgeführt von User (Administrator) auf USER-PC (13-07-2017 12:49:39)
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\Temp\gBA69.tmp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Windows\DAODx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Metin2) C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\Leya2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [918008 2017-07-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Policies\Explorer: [NoDrives] 65536
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-15] (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{6C4BD96B-A427-4D85-884C-39D2AB9856B3}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{D3BE78AE-491A-4EB0-9B35-2AA566EFA4D5}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{DC4E859E-275F-455F-B61D-4ECFB9081F0F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131443818593567354&GUID=AF74E006-E462-9E9B-F1B1-6ED446CD6A78
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-16] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-16] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869 [2017-07-13]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\user.js [2017-06-29]
FF Homepage: Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869 -> hxxps://www.google.de/
FF Session Restore: Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869 -> ist aktiviert.
FF Extension: (MEGA) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\Extensions\firefox@mega.co.nz.xpi [2017-07-12]
FF Extension: (PAYBACK Internet Assistent) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\Extensions\toolbar-ff@payback.de-sh.xpi [2017-07-07]
FF Extension: (Save Button for Pinterest) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2017-06-19]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-07]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-07]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-07]
CHR Extension: (Chrome IG Story) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2017-05-07]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-07]
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-07-10]
CHR Extension: (Tables) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-07-09]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07]
CHR Extension: (Tools for Instagram™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\khnadcdfjbjgojiilfdebbpiepokangj [2017-05-07]
CHR Extension: (Fair AdBlocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-07]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Fast search) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-07-09]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-07-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1524216 2017-07-12] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [Datei ist nicht signiert]
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 chip1click; "C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [185032 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [149976 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [104600 2012-11-19] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-07-13 12:49 - 2017-07-13 12:50 - 00017369 _____ C:\Users\User\Desktop\FRST.txt
2017-07-13 12:49 - 2017-07-13 12:49 - 00000000 ____D C:\FRST
2017-07-13 12:48 - 2017-07-13 12:49 - 02435584 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-07-13 12:47 - 2017-07-13 12:47 - 01780224 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2017-07-12 08:47 - 2017-07-13 03:05 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-12 08:47 - 2017-07-13 03:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 08:47 - 2017-07-13 03:05 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 08:47 - 2017-07-13 03:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 08:47 - 2017-07-13 03:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 08:47 - 2017-07-13 03:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 08:47 - 2017-07-13 03:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 08:47 - 2017-07-13 03:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 08:47 - 2017-07-13 03:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 08:47 - 2017-07-13 03:05 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 08:40 - 2017-07-13 03:04 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 08:40 - 2017-07-13 03:04 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 08:40 - 2017-07-13 03:04 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 08:39 - 2017-07-13 03:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 08:39 - 2017-07-13 03:04 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 08:39 - 2017-07-13 03:04 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 08:39 - 2017-07-13 03:04 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 08:39 - 2017-07-13 03:04 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 08:39 - 2017-07-13 03:04 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 08:39 - 2017-07-13 03:04 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 08:39 - 2017-07-13 03:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 08:39 - 2017-07-13 03:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 08:39 - 2017-07-13 03:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 08:39 - 2017-07-13 03:04 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 08:39 - 2017-07-13 03:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 08:39 - 2017-07-13 03:04 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 08:39 - 2017-07-13 03:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 08:39 - 2017-07-06 06:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-11 13:00 - 2017-07-11 13:00 - 00000218 _____ C:\Users\User\AppData\Local\recently-used.xbel
2017-07-11 11:00 - 2017-07-11 11:00 - 00020538 _____ C:\Users\User\Desktop\attach.txt
2017-07-11 11:00 - 2017-07-11 10:59 - 00016150 _____ C:\Users\User\Desktop\dds.txt
2017-07-11 10:49 - 2017-07-11 10:50 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.exe
2017-07-11 10:43 - 2017-07-11 10:43 - 04110280 _____ C:\Users\User\Desktop\AdwCleaner_6.047.exe
2017-07-11 09:23 - 2017-07-11 09:23 - 00000000 ____D C:\Windows\pss
2017-07-11 08:57 - 2017-07-11 08:57 - 01708384 _____ (Essentware) C:\Users\User\Downloads\PCKeeper Installer.exe
2017-07-11 08:50 - 2017-07-11 09:25 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-07-11 08:33 - 2017-07-11 08:33 - 00058016 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-10 22:11 - 2017-07-13 03:30 - 00268536 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-10 20:27 - 2017-07-13 12:41 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-07-10 16:29 - 2017-07-10 16:29 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-10 16:29 - 2017-07-10 16:29 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-10 16:19 - 2017-07-10 16:21 - 44887856 _____ C:\Users\User\Downloads\Firefox Setup 54.0.exe
2017-07-09 21:22 - 2017-07-13 06:26 - 00000000 ____D C:\Windows.old
2017-07-09 20:31 - 2017-07-09 20:31 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-09 20:29 - 2017-07-13 12:50 - 00016754 _____ C:\Windows\System32\Tasks\Pingpes Backdooks D-Jur
2017-07-09 20:27 - 2017-07-09 20:46 - 00000000 ___DC C:\Program Files (x86)\BestCleanerW
2017-07-09 20:26 - 2017-07-10 20:27 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-09 20:26 - 2017-07-09 20:46 - 00003156 _____ C:\Windows\System32\Tasks\3e90bb1c6f886d4faf5a00d311015ade
2017-07-07 09:14 - 2017-07-07 09:14 - 00525312 _____ C:\Windows\a4d6805b664cde1f9bb2b86f4effdfd7.exe
2017-07-07 09:14 - 2017-07-07 09:14 - 00051621 _____ C:\Windows\uninstaller.dat
2017-07-01 17:57 - 2017-07-01 17:57 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-07-01 17:57 - 2017-07-01 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-25 16:53 - 2017-06-25 16:53 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\User\Downloads\DiscordSetup.exe
2017-06-24 12:35 - 2017-06-24 12:37 - 34831833 _____ C:\Users\User\Downloads\Tote.Maedchen.luegen.nicht.S01E11.Kassette.6.Seite.A.German.DD51.720p.NetflixUHD.x264-TVS.mkv.mp4.part
2017-06-24 12:34 - 2017-06-24 12:47 - 22560217 _____ C:\Users\User\Downloads\Tote.Maedchen.luegen.nicht.S01E05.Kassette.3.Seite.A.German.DD51.720p.NetflixUHD.x264-TVS.mkv.mp4.part
2017-06-24 12:34 - 2017-06-24 12:37 - 71286233 _____ C:\Users\User\Downloads\Tote.Maedchen.luegen.nicht.S01E10.Kassette.5.Seite.B.German.DD51.720p.NetflixUHD.x264-TVS.mkv.mp4.part
2017-06-24 12:32 - 2017-06-24 12:43 - 69074386 _____ C:\Users\User\Downloads\Tote.Maedchen.luegen.nicht.S01E08.Kassette.4.Seite.B.REPACK.German.DD51.720p.NetflixUHD.x264-TVS.mkv.mp4.part
2017-06-18 00:54 - 2017-06-19 19:40 - 00000000 ____D C:\Users\User\AppData\LocalLow\BitTorrent
2017-06-14 17:27 - 2017-06-15 03:02 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 17:27 - 2017-06-15 03:02 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 17:27 - 2017-06-15 03:02 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 17:27 - 2017-06-15 03:02 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-14 17:27 - 2017-06-15 03:02 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-14 17:27 - 2017-06-15 03:02 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-14 17:27 - 2017-06-15 03:02 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-14 17:27 - 2017-06-15 03:02 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 17:27 - 2017-06-15 03:02 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-14 17:27 - 2017-06-15 03:02 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 17:27 - 2017-06-15 03:02 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 17:27 - 2017-06-15 03:02 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-14 17:27 - 2017-06-15 03:02 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-14 17:26 - 2017-06-15 03:02 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-14 17:26 - 2017-06-15 03:02 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 17:26 - 2017-06-15 03:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 17:26 - 2017-06-15 03:02 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-14 17:26 - 2017-06-15 03:02 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-14 17:26 - 2017-06-15 03:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-14 17:26 - 2017-06-15 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-14 16:53 - 2017-06-14 16:50 - 00064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-07-13 12:28 - 2017-04-14 21:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2017-07-13 10:13 - 2014-11-17 20:28 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{750A8533-2060-42A5-8FEC-823ADDDF5A6A}
2017-07-13 06:33 - 2013-07-15 13:29 - 00000000 ____D C:\Windows\system32\MRT
2017-07-13 03:55 - 2009-07-14 06:45 - 00033776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-13 03:55 - 2009-07-14 06:45 - 00033776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-13 03:30 - 2013-11-28 03:14 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-13 03:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-13 03:26 - 2014-12-10 18:48 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-13 03:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-13 03:10 - 2015-02-24 16:33 - 00001050 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-13 03:10 - 2012-04-22 04:16 - 00001050 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-13 03:05 - 2013-07-14 17:33 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 22:44 - 2014-11-18 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-12 09:30 - 2014-11-17 21:50 - 00803328 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 09:30 - 2014-11-17 21:50 - 00144896 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 09:30 - 2014-11-17 21:50 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-12 09:30 - 2014-11-17 21:50 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-07-12 09:30 - 2014-11-17 21:50 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-11 23:58 - 2015-01-06 14:47 - 00000000 ___DC C:\Program Files (x86)\Steam
2017-07-11 23:52 - 2016-08-02 23:30 - 00000000 ____D C:\Users\User\AppData\Roaming\WhatsApp
2017-07-11 23:49 - 2017-04-14 21:24 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2017-07-11 20:45 - 2013-11-26 13:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-11 14:07 - 2014-11-19 13:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-07-11 12:34 - 2017-04-11 08:58 - 00000000 ____D C:\Users\User\AppData\Roaming\inkscape
2017-07-11 10:52 - 2015-01-15 01:34 - 00000000 ____D C:\AdwCleaner
2017-07-11 09:25 - 2014-11-17 21:52 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-11 08:33 - 2013-11-28 03:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-11 08:31 - 2011-06-26 22:08 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2017-07-10 20:45 - 2017-01-07 21:24 - 00000000 ____D C:\Users\User\Desktop\Vicky
2017-07-10 16:19 - 2017-04-23 03:33 - 00000000 ____D C:\ProgramData\VMware
2017-07-10 15:21 - 2014-12-02 15:08 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2017-07-10 15:19 - 2017-01-26 14:37 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
2017-07-09 23:17 - 2009-07-14 19:58 - 17276452 _____ C:\Windows\system32\perfh007.dat
2017-07-09 23:17 - 2009-07-14 19:58 - 05387018 _____ C:\Windows\system32\perfc007.dat
2017-07-09 23:17 - 2009-07-14 07:13 - 00006810 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-09 20:36 - 2017-05-07 19:14 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-09 20:36 - 2017-05-07 19:14 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-09 20:05 - 2015-04-07 11:56 - 00000000 ____D C:\Users\User\Downloads\Games
2017-07-05 17:27 - 2015-06-22 20:39 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client
2017-07-05 17:15 - 2016-10-01 17:26 - 00000000 ____D C:\Users\User\Downloads\EMAG
2017-07-01 17:57 - 2015-12-12 21:51 - 00000000 __RDC C:\Program Files (x86)\Skype
2017-07-01 17:57 - 2015-02-21 19:31 - 00000000 ___DC C:\Program Files (x86)\TeamSpeak 3 Client
2017-07-01 17:57 - 2014-11-19 13:20 - 00000000 ____D C:\ProgramData\Skype
2017-07-01 10:22 - 2017-03-26 09:23 - 00002171 _____ C:\Users\User\Desktop\WhatsApp.lnk
2017-07-01 10:22 - 2017-03-26 09:22 - 00000000 ____D C:\Users\User\AppData\Local\WhatsApp
2017-07-01 10:22 - 2016-08-02 23:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-07-01 03:06 - 2015-02-24 16:33 - 00000000 ____D C:\Users\Gast
2017-06-29 15:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-06-24 12:30 - 2017-01-26 14:37 - 00000000 ____D C:\Users\User\Downloads\Torrent
2017-06-15 04:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-06-15 03:22 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\migwiz
2017-06-15 03:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-14 17:45 - 2014-11-19 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-06-14 16:50 - 2016-10-05 20:14 - 00034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-06-14 16:50 - 2014-11-18 22:54 - 00185032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-06-14 16:50 - 2014-11-18 22:54 - 00149976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-09-29 21:50 - 2016-09-29 21:50 - 19447608 ____C () C:\Program Files (x86)\openoffice1.cab
2016-09-29 21:50 - 2016-09-29 21:50 - 0626688 ____C () C:\Program Files (x86)\openoffice413.msi
2016-09-29 21:50 - 2016-09-29 21:50 - 0478720 ____C () C:\Program Files (x86)\setup.exe
2016-09-29 21:50 - 2016-09-29 21:50 - 0000291 ____C () C:\Program Files (x86)\setup.ini
2015-06-22 00:28 - 2015-06-22 14:23 - 0000124 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2015-06-22 00:28 - 2015-06-22 14:23 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2015-06-22 00:28 - 2015-06-22 14:23 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2015-06-22 00:28 - 2015-06-22 14:23 - 0004537 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2015-06-22 00:29 - 2015-06-22 13:50 - 0000000 _____ () C:\Users\User\AppData\Roaming\CamStudio.Producer.Data.ini
2015-06-22 00:29 - 2015-06-22 13:50 - 0001206 _____ () C:\Users\User\AppData\Roaming\CamStudio.Producer.ini
2015-03-15 23:48 - 2015-03-15 22:06 - 0360448 _____ () C:\Users\User\AppData\Roaming\cert8.db
2015-03-15 23:48 - 2015-03-15 22:06 - 0016384 _____ () C:\Users\User\AppData\Roaming\key3.db
2015-03-15 23:48 - 2014-11-17 21:29 - 0294912 _____ () C:\Users\User\AppData\Roaming\signons.sqlite
2016-11-25 17:30 - 2017-02-23 23:46 - 0011776 ___SH () C:\Users\User\AppData\Roaming\Thumbs.db
2015-01-25 12:22 - 2015-01-25 12:22 - 0096645 _____ () C:\Users\User\AppData\Roaming\UserTile.png
2015-06-22 00:27 - 2015-06-22 14:19 - 0000096 _____ () C:\Users\User\AppData\Roaming\version2.xml
2015-03-15 23:49 - 2015-03-24 15:28 - 0000004 _____ () C:\Users\User\AppData\Local\checkings.aad
2015-06-22 00:15 - 2015-06-22 00:15 - 0001429 _____ () C:\Users\User\AppData\Local\RecConfig.xml
2017-07-11 13:00 - 2017-07-11 13:00 - 0000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2016-10-08 19:40 - 2016-10-25 22:56 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-03-15 23:48 - 2015-03-15 23:48 - 0000000 _____ () C:\Users\User\AppData\Local\WindowsLive24.cfg
2017-07-09 20:31 - 2017-07-09 20:31 - 0000004 _____ () C:\ProgramData\_lg.3sap
Einige Dateien in TEMP:
====================
2015-02-24 16:34 - 2015-02-24 16:34 - 0000000 ____D () C:\Users\Gast\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-07-02 00:23
==================== Ende von FRST.txt ============================
Addition.txt FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-07-2017
durchgeführt von User (13-07-2017 12:51:12)
Gestartet von C:\Users\User\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-04-22 02:15:04)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3928150652-2756980015-3035233101-500 - Administrator - Disabled)
Gast (S-1-5-21-3928150652-2756980015-3035233101-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3928150652-2756980015-3035233101-1002 - Limited - Enabled)
User (S-1-5-21-3928150652-2756980015-3035233101-1000 - Administrator - Enabled) => C:\Users\User
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM\...\Steam App 261430) (Version: - NCSOFT)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.28.28 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
BitTorrent (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blameless (HKLM\...\Steam App 530330) (Version: - Vaclav Hudec)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Crush Crush (HKLM\...\Steam App 459820) (Version: - Sad Panda Studios)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Inkscape 0.92.1 (HKLM-x32\...\Inkscape) (Version: 0.92.1 - Inkscape Project)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2219 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\{C56877FD-6BEB-4717-81B3-1254FA1FD7FC}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.7151.5001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
osu! (HKLM-x32\...\{6dd88fd3-293e-4a6e-938e-8c97fadd3a42}) (Version: latest - ppy Pty Ltd)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
PCKAVLang.de (HKLM\...\{B0864033-83D7-404D-A19E-D19BF584504D}) (Version: 1.0.0 - Essentware) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden
PowerLine Utility (HKLM-x32\...\{A0384ECE-2017-4EA8-86C7-513ACB936BDF}) (Version: 1.1.830 - TP-LINK)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Sakura Clicker (HKLM\...\Steam App 383080) (Version: - Winged Cloud)
SENRAN KAGURA SHINOVI VERSUS (HKLM\...\Steam App 411830) (Version: - Tamsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TP-LINK Archer T2U_T2UH Driver (HKLM-x32\...\{F2496892-5295-4208-AB93-21F1AFD07C97}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhatsApp (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\WhatsApp) (Version: 0.2.5093 - WhatsApp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers01: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2010-09-27] (Atheros Commnucations)
ContextMenuHandlers01: [PDFArchitect3_PDFManagerExt] -> {7519DD38-AA6F-4250-8E81-F1576DA1A05E} => -> Keine Datei
ContextMenuHandlers01: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-07-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-03] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Keine Datei
ContextMenuHandlers03: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2010-09-27] (Atheros Commnucations)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-10-02] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-09-13] (NVIDIA Corporation)
ContextMenuHandlers06: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-07-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-03] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08A2267C-B494-4901-9B22-97F429C6A96D} - System32\Tasks\{DA9E8166-91A1-4601-87CA-2FACC0525EE4} => pcalua.exe -a C:\Users\User\Downloads\Games\The_Train.exe -d C:\Users\User\Downloads\Games
Task: {0B7C38DC-8570-4DC5-9C5B-77591AAE5FEC} - System32\Tasks\{A4BD883D-5AAE-40CA-98C3-57CE1FF3FFA0} => pcalua.exe -a C:\Users\User\AppData\Local\Temp\jre-8u121-windows-au.exe -d "C:\Program Files\Java\jre1.8.0_31\bin" -c /installmethod=jau-m FAMILYUPGRADE=1 <==== ACHTUNG
Task: {203FBF50-1CB5-44BE-A153-E8106B61DEA1} - System32\Tasks\Opera scheduled Autoupdate 1446767196 => C:\Program Files (x86)\Opera\launcher.exe
Task: {21B1F005-8405-484C-A734-BAFA294ED322} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {2E57C7A1-3C07-47EA-AC22-08E163594D06} - System32\Tasks\Pingpes Backdooks D-Jur => Rundll32.exe "C:\Program Files\Pingpes Backdooks D-Jur\Pingpes Backdooks D-Jur.dll",TFzhjZUrCEV <==== ACHTUNG
Task: {4AA873DE-D6E9-4DFD-87BE-59DD93F52A70} - System32\Tasks\{F20316E4-BA12-4DA3-AC0B-FDA5F5567EEE} => pcalua.exe -a C:\Users\User\Downloads\Games\SWitchApril\instmsiw.exe -d C:\Users\User\Downloads\Games\SWitchApril
Task: {4F82B00E-2A19-4CF8-BA57-E158783E661D} - System32\Tasks\{275E6FCE-3CE4-40B5-9D54-E2744A0778E5} => C:\Users\User\Downloads\Hikari_Client_4.0\metin2client.exe
Task: {69166271-1DAD-4D13-848C-6D416880DF73} - System32\Tasks\{20664C7B-0B6F-4F27-806B-88D1FD59D941} => Firefox.exe hxxp://ui.skype.com/ui/0/7.1.0.105/de/abandoninstall?page=tsProgressBar
Task: {83D0C718-F7CE-4F3D-AA5E-BFA06ABB7FB3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {973F7724-1CEE-462E-8011-1069926DF72F} - System32\Tasks\3e90bb1c6f886d4faf5a00d311015ade => sc start 3e90bb1c6f886d4faf5a00d311015ade <==== ACHTUNG
Task: {9D759583-D093-4D62-8787-AA5A33B65F8F} - \ASUS\i-Setup042718 -> Keine Datei <==== ACHTUNG
Task: {A18A184B-93F4-4D76-BB82-C0F27A05AC96} - System32\Tasks\{580F1748-3FC3-4038-88A0-4EF3CAA68E93} => pcalua.exe -a "C:\Program Files (x86)\TeamSpeak 3 Client\package_inst.exe" -d C:\Users\User\Downloads -c "C:\Users\User\Downloads\ClownfishVoiceChanger-v1.50.ts3_plugin"
Task: {CD5B7193-F213-4D95-B546-DED728E1D765} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {D1D0BE92-11F7-4EC1-BE31-8E1A1168199B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {E50265E5-6FAC-4F0F-891A-CC30BC3FB643} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {EE584CFC-8A13-472D-A4B4-1F97AB6D2A1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-07-09 20:29 - 2015-06-01 15:58 - 02483200 ____C () C:\Program Files\Pingpes Backdooks D-Jur\Pingpes Backdooks D-Jur.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 00369208 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 01148984 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 03613240 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 00289848 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-07-11 08:32 - 2017-07-13 03:30 - 00569856 _____ () C:\Windows\TEMP\gBA69.tmp.exe
2016-11-13 16:30 - 2016-06-15 03:14 - 02667576 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 01990200 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 01842232 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 00208952 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2013-11-28 03:11 - 2014-09-13 23:53 - 00116880 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 00035896 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 00921656 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2015-09-15 16:17 - 2016-06-15 03:14 - 00020536 ____C () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-04-14 21:24 - 2017-07-09 21:46 - 67117168 _____ () C:\Users\User\AppData\Roaming\Spotify\libcef.dll
2017-04-14 21:24 - 2017-07-09 21:46 - 02253424 _____ () C:\Users\User\AppData\Roaming\Spotify\libglesv2.dll
2017-04-14 21:24 - 2017-07-09 21:46 - 00086640 _____ () C:\Users\User\AppData\Roaming\Spotify\libegl.dll
2017-07-09 11:26 - 2013-12-04 16:17 - 00349696 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\mss32.dll
2017-07-09 11:28 - 2011-11-10 14:25 - 01806336 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\SpeedTreeRT.dll
2017-07-09 11:26 - 2011-11-10 14:22 - 00125952 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\miles\mssmp3.asi
2017-07-09 11:26 - 2011-11-10 14:22 - 00197120 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\miles\mssvoice.asi
2017-07-09 11:26 - 2011-11-10 14:22 - 00083456 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\miles\mssa3d.m3d
2017-07-09 11:26 - 2011-11-10 14:22 - 00070656 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\miles\mssds3d.m3d
2017-07-09 11:26 - 2011-11-10 14:22 - 00080896 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\miles\mssdx7.m3d
2017-07-09 11:26 - 2011-11-10 14:22 - 00103424 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\miles\msseax.m3d
2017-07-09 11:26 - 2011-11-10 14:22 - 00354816 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\miles\mssrsx.m3d
2017-07-09 11:26 - 2011-11-10 14:22 - 00067072 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\miles\msssoft.m3d
2017-07-09 11:26 - 2011-11-10 14:22 - 00093696 _____ () C:\Users\User\Downloads\Games\Leya2 Client Offical 0.0.3.1\miles\mssdsp.flt
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\localhost -> localhost
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2017-07-11 10:54 - 00013794 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
127.0.0.1 w9448963.iavs9x.u.avast.com
Da befinden sich 341 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CPP0D1OSM0ZS034 => "C:\Program Files (x86)\epjstlknuyy\MT9UO.exe"
MSCONFIG\startupreg: J04Y3GW8HW5PAVO => "C:\Program Files\KAH3FC0OVH\KAH3FC0OV.exe"
MSCONFIG\startupreg: jkpqeiuqbhj => "C:\Users\User\AppData\Roaming\njgitzjglko\4qrjsgb0rkz.exe"
MSCONFIG\startupreg: LV5IQW1LD5AI3VR => "C:\Program Files\9BZ4ZF8LP6\9BZ4ZF8LP.exe"
MSCONFIG\startupreg: MM9G1BE274JN28O => "C:\Program Files\5NR6OJUYK5\14SM4L2KC.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PB8D8MS9KGNAR84 => "C:\Program Files\3P8FHHK995\3P8FHHK99.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{397FADC0-BC47-45EA-9B18-057B27C11CB2}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{629C7B2D-F889-4D8A-BC12-E902ACF2E4BC}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{10ADB88F-8918-4C72-AD96-A7018DD1B9C5}C:\users\user\desktop\p server\sn2 - client 2014\shadownight2.exe] => (Allow) C:\users\user\desktop\p server\sn2 - client 2014\shadownight2.exe
FirewallRules: [UDP Query User{045A8F0C-AE08-4D99-AE03-EF781E58577C}C:\users\user\desktop\p server\sn2 - client 2014\shadownight2.exe] => (Allow) C:\users\user\desktop\p server\sn2 - client 2014\shadownight2.exe
FirewallRules: [{CE158DAA-FE9F-4454-B097-F37A7E9A5F67}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D184D1C6-E8CF-419B-94B7-4F77FA590B38}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{77D1D99A-9D35-4014-8C07-7653FB7A1C7A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{67F06601-AF42-4018-B13E-3C735DF703A4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0A8A9C76-3015-42DB-9278-7735CA63CD25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5sp.exe
FirewallRules: [{9A3D3D64-6E73-4FE0-8129-03DE029B6FA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5sp.exe
FirewallRules: [{D50FE2FF-213B-4C38-95D4-82F5CB14099C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{A866579A-7AF0-46EA-B807-18C7E99A97B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{F41E4CDF-7572-45BF-A308-F3AB8EDD275E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C897B416-BFF4-48AF-A9A7-6F27EC2D09A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1830CE5D-61F4-4616-B936-6EBC2811656C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5038EC6D-D3C7-4D49-AEE0-3A5A7A69AB85}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F22569C7-85B0-49AB-8FDE-AEDCEBFF80B0}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E79C7C1A-8254-430B-9DAA-AA160A0F6F4D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A96E6A40-50C3-4C35-A0A2-08FD29A239CD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D757E0AC-9B5D-45C5-9AD0-76167C633D6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E6E0B646-959B-4951-969E-A77BEEEF5366}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F9C8190B-723A-45A0-A8C3-85FB5B8A0B82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0603476D-176B-4A5E-930B-EF60A225B2A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{93AAEA2A-C6B5-44A5-B06B-E693AE3C27B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1179BF23-9A66-4630-9BB4-84A21170144B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{88DB784D-09E1-4171-8A71-4511AB41D554}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{AC71D5BB-CB4B-414B-B853-D2662A362D33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{2DC911C6-148C-42D8-BB60-4895F47C2AD7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9A9A7468-0EAC-4219-8D90-70F7AAF6A6DC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{A5592E85-E8D6-4CBF-9671-CB04DE98231D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Senran Kagura Shinovi Versus\SKShinoviVersus.exe
FirewallRules: [{3708F35A-BE7E-4AD5-A68C-ADD760F934BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Senran Kagura Shinovi Versus\SKShinoviVersus.exe
FirewallRules: [{6A2CC2D2-214D-449C-9F13-FFAA0BF9699D}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{BF72E7D6-705C-4730-B405-C111689FBF76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{772FE698-2AEF-42A1-997E-6B350F8D2F9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A325F3D9-AD5F-4C13-9DC7-1C081FF0FF54}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{257593C5-4E47-4464-90B2-DF5F3C4595AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{26DF0951-B1C9-4ED4-BCFF-D0E6292CC6F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{D89EA19B-B48E-499E-A2FA-F919BCFADD0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{9E2418B7-39D7-4CE9-A765-5A95E62D5243}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AION\NCLauncher.exe
FirewallRules: [{BBD273E0-1D1B-4B58-9685-7D7D9746077D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AION\NCLauncher.exe
FirewallRules: [{A15C9DA0-0500-4C52-BABE-E578735AD853}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blameless\Blameless.exe
FirewallRules: [{EFB363AF-AB00-4408-A7D7-E2C00964E221}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blameless\Blameless.exe
FirewallRules: [{9822671E-07AB-443A-88B1-08919A2F3975}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{536EB3D7-E4B9-459B-A10F-0DF762F6D734}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DBE118C4-4EE6-4ECF-AA01-1B393A244C0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EE0FEAF7-796F-4DEF-B2B1-60C33683798E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{B9766C3A-6577-45F4-A5FC-7A62EBD2C714}C:\users\user\downloads\games\yugolegacyothduelist\yugioh.exe] => (Allow) C:\users\user\downloads\games\yugolegacyothduelist\yugioh.exe
FirewallRules: [UDP Query User{CB4777B7-55F7-4E22-AFE8-792050482A67}C:\users\user\downloads\games\yugolegacyothduelist\yugioh.exe] => (Allow) C:\users\user\downloads\games\yugolegacyothduelist\yugioh.exe
FirewallRules: [{D251A2CA-53FF-4E2E-B172-197238A60853}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2E8CEF29-7EB1-4597-913F-6A20DBFF181A}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B403A794-CAEF-47EE-B34C-2C6D51F7A087}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{911818B2-6C77-4B17-8618-EB6D3613D0BD}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6E148613-E2E8-49FD-8100-96F406817D39}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{592D1E87-2F37-4E8E-8AA7-C2481EA0EA32}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{DA8CC629-AF1C-441D-952F-E5041A02A449}C:\users\user\downloads\games\yugolegacyothduelist\yugioh.exe] => (Allow) C:\users\user\downloads\games\yugolegacyothduelist\yugioh.exe
FirewallRules: [UDP Query User{3D195B51-002D-4FA7-A352-82C26790B5A2}C:\users\user\downloads\games\yugolegacyothduelist\yugioh.exe] => (Allow) C:\users\user\downloads\games\yugolegacyothduelist\yugioh.exe
FirewallRules: [TCP Query User{5B00037B-8CA5-4483-A9E8-D481851A5DF8}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CC3FE499-11E8-4140-B96F-340A2E5FE505}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{80CACAE3-CFEC-49B0-9683-C7A9CAEAD13D}] => (Allow) C:\Users\User\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{26D201EC-6FCE-44A2-B116-79121D4B8BF4}] => (Allow) C:\Users\User\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{4336E22E-FB49-4511-9203-01176768A844}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{A37270E1-556F-4488-B7B3-0DC3C854DE53}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{7ED0D2A9-1797-4267-9AA8-CB6C7F9944AB}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{D126AEF8-6745-4034-9F47-43782313E1A8}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{5BC725BA-7F7E-409B-9F03-787C7E4A80B2}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{854EFA9C-A687-4515-B5BB-9F35E58BF099}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{5F198BCB-94A9-4268-85B6-74AF32679E3F}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{6E14166D-D878-4B75-B5B1-F51092A942BF}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{881AAD3D-EECF-4786-ACE8-97B1A1759E67}] => (Allow) C:\Users\User\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{5230101A-5093-4660-9A8D-33E16120F11A}] => (Allow) C:\Users\User\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{3326FBFD-102C-44DA-BBE0-6206864556EB}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{1D5C64BC-40A5-4A4A-9100-8F005B4126DC}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{1764B868-820A-4C47-8147-A095690C8AE8}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{5B822F7B-B47D-4887-B12D-05FC199987B7}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{DE3122D1-1B06-4DE8-B6C8-AA33E08AEB71}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4735A146-B5E4-49B8-9715-1F7DC9089FAA}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [TCP Query User{C31DFCFE-D85D-4D95-AE2C-09640A2AEF4C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{351D41DE-271F-4C1D-89C4-1A1C31B68A62}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4C29A878-8BA1-4B22-9C8B-203A00654E3C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{1150E990-84BB-4108-9170-AB5AF7111837}] => (Allow) C:\Windows\System32\rundll32.exe
==================== Wiederherstellungspunkte =========================
07-07-2017 03:50:04 Windows Update
09-07-2017 19:00:04 Windows-Sicherung
10-07-2017 16:14:19 Removed VMware Player
11-07-2017 09:13:20 Removed PCKeeper
11-07-2017 09:20:42 Removed PCKLang.de
11-07-2017 09:22:29 Removed AccountService
13-07-2017 03:00:23 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (07/13/2017 03:44:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files\ccleaner\CCleaner.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (07/13/2017 03:31:58 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/13/2017 03:31:47 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/13/2017 03:30:50 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/12/2017 04:08:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files\ccleaner\CCleaner.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (07/11/2017 08:45:19 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/11/2017 08:45:09 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/11/2017 08:45:08 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/11/2017 08:44:58 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/11/2017 09:31:53 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Systemfehler:
=============
Error: (07/13/2017 03:31:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (07/13/2017 03:31:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/13/2017 03:31:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/13/2017 03:30:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "chip 1-click download service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (07/11/2017 08:45:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.
Error: (07/11/2017 08:45:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (07/11/2017 08:45:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/11/2017 08:44:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/11/2017 08:44:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/11/2017 10:54:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "chip 1-click download service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
CodeIntegrity:
===================================
Date: 2014-03-23 15:30:23.649
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Sftfslh.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-23 15:30:23.555
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Sftfslh.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: AMD FX(tm)-6300 Six-Core Processor
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 8175.3 MB
Verfügbarer physikalischer RAM: 5040.32 MB
Summe virtueller Speicher: 16348.79 MB
Verfügbarer virtueller Speicher: 12508.39 MB
==================== Laufwerke ================================
Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:322.92 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0DA7C2E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
13.07.2017, 12:14
| #4 |
| | Mozilla macht sich selbständig Text war länger als erlaubt deswegen hier die ergebnisse von TDSSKiller Code:
ATTFilter 12:58:14.0285 0x17e4 TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
12:58:17.0827 0x17e4 ============================================================
12:58:17.0827 0x17e4 Current date / time: 2017/07/13 12:58:17.0827
12:58:17.0827 0x17e4 SystemInfo:
12:58:17.0827 0x17e4
12:58:17.0827 0x17e4 OS Version: 6.1.7601 ServicePack: 1.0
12:58:17.0827 0x17e4 Product type: Workstation
12:58:17.0828 0x17e4 ComputerName: USER-PC
12:58:17.0828 0x17e4 UserName: User
12:58:17.0828 0x17e4 Windows directory: C:\Windows
12:58:17.0828 0x17e4 System windows directory: C:\Windows
12:58:17.0828 0x17e4 Running under WOW64
12:58:17.0828 0x17e4 Processor architecture: Intel x64
12:58:17.0828 0x17e4 Number of processors: 6
12:58:17.0828 0x17e4 Page size: 0x1000
12:58:17.0828 0x17e4 Boot type: Normal boot
12:58:17.0828 0x17e4 CodeIntegrityOptions = 0x00000001
12:58:17.0828 0x17e4 ============================================================
12:58:20.0170 0x17e4 KLMD registered as C:\Windows\system32\drivers\76152678.sys
12:58:20.0171 0x17e4 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23807, osProperties = 0x1
12:58:20.0573 0x17e4 System UUID: {FE57EF47-BA9A-8745-7445-3F5720120C2F}
12:58:21.0560 0x17e4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:58:21.0579 0x17e4 ============================================================
12:58:21.0579 0x17e4 \Device\Harddisk0\DR0:
12:58:21.0579 0x17e4 MBR partitions:
12:58:21.0579 0x17e4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:58:21.0580 0x17e4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x746D35B0
12:58:21.0580 0x17e4 ============================================================
12:58:21.0597 0x17e4 C: <-> \Device\Harddisk0\DR0\Partition2
12:58:21.0598 0x17e4 ============================================================
12:58:21.0598 0x17e4 Initialize success
12:58:21.0598 0x17e4 ============================================================
12:59:04.0163 0x15c8 ============================================================
12:59:04.0163 0x15c8 Scan started
12:59:04.0163 0x15c8 Mode: Manual; SigCheck; TDLFS;
12:59:04.0163 0x15c8 ============================================================
12:59:04.0163 0x15c8 KSN ping started
12:59:04.0443 0x15c8 KSN ping finished: true
12:59:06.0485 0x15c8 ================ Scan system memory ========================
12:59:06.0485 0x15c8 System memory - ok
12:59:06.0486 0x15c8 ================ Scan services =============================
12:59:06.0642 0x15c8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:59:06.0768 0x15c8 1394ohci - ok
12:59:06.0826 0x15c8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:59:06.0865 0x15c8 ACPI - ok
12:59:06.0907 0x15c8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:59:06.0939 0x15c8 AcpiPmi - ok
12:59:07.0073 0x15c8 [ 0DC99843E91A0313F0C6591656D650A5, 583DCD5D3BA3F470FF9F39221358EF2DF01FE62B98562FCFD1AD99FA1C01892E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:59:07.0125 0x15c8 AdobeFlashPlayerUpdateSvc - ok
12:59:07.0199 0x15c8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:59:07.0250 0x15c8 adp94xx - ok
12:59:07.0286 0x15c8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:59:07.0330 0x15c8 adpahci - ok
12:59:07.0358 0x15c8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:59:07.0391 0x15c8 adpu320 - ok
12:59:07.0440 0x15c8 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:59:07.0473 0x15c8 AeLookupSvc - ok
12:59:07.0558 0x15c8 [ 0DC2A9882540DEA4A55B08785E09D8FC, 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3 ] AFD C:\Windows\system32\drivers\afd.sys
12:59:07.0618 0x15c8 AFD - ok
12:59:07.0636 0x15c8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
12:59:07.0665 0x15c8 agp440 - ok
12:59:07.0690 0x15c8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
12:59:07.0727 0x15c8 ALG - ok
12:59:07.0765 0x15c8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
12:59:07.0789 0x15c8 aliide - ok
12:59:07.0848 0x15c8 [ 05120427227F6F088ECA75942ED7ACA9, BD25436EB43C6718F5E6A4C3C24831189D3A893DC87AA0ADED993B7C3126F2E9 ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
12:59:07.0878 0x15c8 amdhub30 - ok
12:59:07.0894 0x15c8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
12:59:07.0920 0x15c8 amdide - ok
12:59:07.0934 0x15c8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:59:07.0966 0x15c8 AmdK8 - ok
12:59:08.0503 0x15c8 [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:59:09.0065 0x15c8 amdkmdag - ok
12:59:09.0140 0x15c8 [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:59:09.0191 0x15c8 amdkmdap - ok
12:59:09.0294 0x15c8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:59:09.0325 0x15c8 AmdPPM - ok
12:59:09.0393 0x15c8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:59:09.0424 0x15c8 amdsata - ok
12:59:09.0533 0x15c8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:59:09.0570 0x15c8 amdsbs - ok
12:59:09.0601 0x15c8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:59:09.0627 0x15c8 amdxata - ok
12:59:09.0692 0x15c8 [ 7DCA2C59491D420947A0B529DB37C7CF, 4673DD141F02801A61FF057BE9DA7FD214C1F9ED31BCB035A8C4E44C579799E4 ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
12:59:09.0725 0x15c8 amdxhc - ok
12:59:09.0892 0x15c8 [ A587017D8CAF0B67FCD4B589C1ABF22B, 5B8024C0BAB30C9F850D189A1D3B5B385177BD7EA54C5FE6FD8506686B2A886E ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
12:59:09.0994 0x15c8 AntiVirMailService - ok
12:59:10.0095 0x15c8 [ 69681426797E0E78F4D9398BD789F1F8, 8B336406B009AF66D558998AE62466AAE24E84DC5D0E98EB2BE7AA38FABD1042 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:59:10.0148 0x15c8 AntiVirSchedulerService - ok
12:59:10.0216 0x15c8 [ 69681426797E0E78F4D9398BD789F1F8, 8B336406B009AF66D558998AE62466AAE24E84DC5D0E98EB2BE7AA38FABD1042 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:59:10.0267 0x15c8 AntiVirService - ok
12:59:10.0390 0x15c8 [ B2868F2E2057D4EA9E7EA061102D8921, 1FCB309421FC58E68E162282816ACB88A1E20C148A0B5C423FEC49123D033EA0 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
12:59:10.0509 0x15c8 AntiVirWebService - ok
12:59:10.0569 0x15c8 [ FD481DB6ACCAEE727E64043FB2E456F4, 2724A3D0B7F979AF5F485000F555495FA21A443159F29BC1B042C4800D7A368A ] AppID C:\Windows\system32\drivers\appid.sys
12:59:10.0602 0x15c8 AppID - ok
12:59:10.0619 0x15c8 [ 89263F9C4A1BC46D350BAD1DD24EE878, B9B0FCBCF53D6739329C93350DB0DB4A0FE8C347F7922ABFEA452CF6EF33DE91 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:59:10.0650 0x15c8 AppIDSvc - ok
12:59:10.0690 0x15c8 [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo C:\Windows\System32\appinfo.dll
12:59:10.0722 0x15c8 Appinfo - ok
12:59:10.0784 0x15c8 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
12:59:10.0825 0x15c8 AppMgmt - ok
12:59:10.0855 0x15c8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:59:10.0884 0x15c8 arc - ok
12:59:10.0906 0x15c8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:59:10.0936 0x15c8 arcsas - ok
12:59:10.0979 0x15c8 [ 954950D11ADA98AC1B7EE3C770E4622C, D6D4700D7359AB84FB362305FBF2389B4EF51B4190EC2E0D4C7FEF80A06A0D0B ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
12:59:11.0023 0x15c8 asmthub3 - ok
12:59:11.0080 0x15c8 [ 01DBB05DB1DB95803E3C9F2B49AFE79C, 286310787F7EB7B237CB0082567BDA2F57D8F88C37015F6637FF6A6775CAA5AE ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
12:59:11.0129 0x15c8 asmtxhci - ok
12:59:11.0253 0x15c8 [ 92C120176C43C62AFE107B5D945CE6EC, E3BA1200BD04167589D7AF29F6550F3242DB321DDCD6890D645A2053CC78C7E6 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:59:11.0298 0x15c8 aspnet_state - ok
12:59:11.0326 0x15c8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:59:11.0405 0x15c8 AsyncMac - ok
12:59:11.0443 0x15c8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
12:59:11.0468 0x15c8 atapi - ok
12:59:11.0509 0x15c8 [ AAAE03F8EDA817EC28C5445193EA8BF3, 5A2ECB66936B87651202CAA7786D58DE6BFD8217B059C88775EB4B07BA2ADB89 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
12:59:11.0533 0x15c8 AthBTPort - ok
12:59:11.0587 0x15c8 [ 4ECC791539F23982411864037D1AC8FC, 063CBA00E453B5FF3CDFDFB5FA2E6A190A0DC3D399EC36F646262BE76F98A60C ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
12:59:11.0612 0x15c8 ATHDFU - ok
12:59:11.0642 0x15c8 [ FB3FF3DB34CB86F2B936B24D96F21F6F, 987686E9B9193F6A12FD0DEF4565B62AAB89C7E0771CAAED0CC6037BEAF827D6 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
12:59:11.0660 0x15c8 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
12:59:12.0035 0x15c8 Detect skipped due to KSN trusted
12:59:12.0035 0x15c8 AtherosSvc - ok
12:59:12.0167 0x15c8 [ DACE94C8AB40EFCD819C023F51C60C2E, 6471A423ACA45F8FE35D7D00C20A53340B6905900613652B426E465655B595CB ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:59:12.0319 0x15c8 athr - ok
12:59:12.0470 0x15c8 [ 36322190763845975E0D001E90687BF2, EA3DB2D112015CA5C744C5A84CDEFF6D02CE7D0E7E6E141AE3E527C2FAB5600E ] athur C:\Windows\system32\DRIVERS\athurx.sys
12:59:12.0598 0x15c8 athur - ok
12:59:12.0651 0x15c8 [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:59:12.0685 0x15c8 AtiHDAudioService - ok
12:59:13.0203 0x15c8 [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:59:13.0763 0x15c8 atikmdag - ok
12:59:13.0876 0x15c8 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:59:13.0945 0x15c8 AudioEndpointBuilder - ok
12:59:13.0987 0x15c8 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:59:14.0055 0x15c8 AudioSrv - ok
12:59:14.0119 0x15c8 [ 6C94D74033458BC2BDF11EED4E78F027, E52134268B2CED17801EE1D7ABA713CECE4CD960AF24749B74CD84B707CB344B ] avdevprot C:\Windows\system32\DRIVERS\avdevprot.sys
12:59:14.0149 0x15c8 avdevprot - ok
12:59:14.0244 0x15c8 [ 801250C350F2905E67AB007F8BE9066B, 03A43B88A166711C8C160EBE7F53E8FA7D9D16E258622CF09B0C51B9DF14E5D1 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:59:14.0280 0x15c8 avgntflt - ok
12:59:14.0365 0x15c8 [ 19F7A17EEA887F11D18055645F8D3F74, 4FF6118D02D6149B38778E86351EFDB88E52E0A66152C7ECC8D523C1EE445DA4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:59:14.0398 0x15c8 avipbb - ok
12:59:14.0661 0x15c8 [ 899C706D9C5A829BEA290CD02A95B07C, 40121149932C76E2377386D4C286E1C0CE5AE382515C8DE391B68A0E77478B28 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
12:59:14.0721 0x15c8 Avira.ServiceHost - ok
12:59:14.0748 0x15c8 [ 3E0AB8C453FA433B15A30BAA8BD4B275, 30453E68013DF1A3CD9197F28E8591A67BFA6CA784129666A6F7DF9D2E12440B ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:59:14.0776 0x15c8 avkmgr - ok
12:59:14.0839 0x15c8 [ 19B6F9073BD606B7ABEC03A0328FDC1B, 639E6A05BB0E52CDBDF887A3FA209B32F84253D274F2A9A89E1D96F1BE4C8143 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
12:59:14.0868 0x15c8 avnetflt - ok
12:59:14.0923 0x15c8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:59:14.0968 0x15c8 AxInstSV - ok
12:59:15.0028 0x15c8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:59:15.0081 0x15c8 b06bdrv - ok
12:59:15.0140 0x15c8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:59:15.0182 0x15c8 b57nd60a - ok
12:59:15.0230 0x15c8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
12:59:15.0264 0x15c8 BDESVC - ok
12:59:15.0274 0x15c8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
12:59:15.0352 0x15c8 Beep - ok
12:59:15.0443 0x15c8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
12:59:15.0511 0x15c8 BFE - ok
12:59:15.0571 0x15c8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
12:59:15.0692 0x15c8 BITS - ok
12:59:15.0714 0x15c8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:59:15.0745 0x15c8 blbdrive - ok
12:59:15.0787 0x15c8 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:59:15.0825 0x15c8 bowser - ok
12:59:15.0845 0x15c8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:59:15.0880 0x15c8 BrFiltLo - ok
12:59:15.0894 0x15c8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:59:15.0927 0x15c8 BrFiltUp - ok
12:59:15.0973 0x15c8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
12:59:16.0010 0x15c8 Browser - ok
12:59:16.0032 0x15c8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:59:16.0073 0x15c8 Brserid - ok
12:59:16.0094 0x15c8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:59:16.0128 0x15c8 BrSerWdm - ok
12:59:16.0147 0x15c8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:59:16.0182 0x15c8 BrUsbMdm - ok
12:59:16.0201 0x15c8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:59:16.0229 0x15c8 BrUsbSer - ok
12:59:16.0284 0x15c8 [ 3B1B573371B206D1D5F25E0EF5FCD6D6, 9CE8E687F7554FF4AD989015806D3A03A801647C88ECADF08F7404E49517680C ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
12:59:16.0322 0x15c8 BTATH_A2DP - ok
12:59:16.0349 0x15c8 [ 2D0446336D9DB55A742B999EC16ADF15, FBF57CBDCFE4146176ABBD7ACF04240048403143DD380E10AE63B10BA5D4F311 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
12:59:16.0368 0x15c8 BTATH_BUS - ok
12:59:16.0385 0x15c8 [ 9A9694BBEB2849EAF95DFFCAE5DF02AD, 6534E599DDDF04A42E25581BB1CF4507B5F2E332FC74961C7F2CB8F672683C39 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
12:59:16.0415 0x15c8 BTATH_HCRP - ok
12:59:16.0438 0x15c8 [ FC0A8075DDF2E9C66267AEC91E0676F9, BAEBBA87DE72E996C9466FF15D9FD01DBD5D1A1097FC0FFB4819550830DEBCBC ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
12:59:16.0462 0x15c8 BTATH_LWFLT - ok
12:59:16.0478 0x15c8 [ 5EB4815CBDDBA4541F2380DAE6E269AB, DBBB0B1E5946BE5CA0C28F4175DE10613A3E5A89DCE0D6B9EDDF756B08CD274B ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
12:59:16.0503 0x15c8 BTATH_RCP - ok
12:59:16.0571 0x15c8 [ E24FBEFF8FD3BD997AA5E9BD68BD7C74, FF74067340B2CC9CFFA01B9E3BE410FD8D81D49A59544A93EF52D87220E37202 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
12:59:16.0605 0x15c8 BtFilter - ok
12:59:16.0649 0x15c8 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:59:16.0682 0x15c8 BthEnum - ok
12:59:16.0700 0x15c8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:59:16.0738 0x15c8 BTHMODEM - ok
12:59:16.0783 0x15c8 [ 5A8951D195AFEF979C4AB02A129EBC37, 48FD4A921E51B6DD306A1248EB9A1A6AEC5F59E49528423BF2F40600B3AF1D08 ] BthPan C:\Windows\system32\drivers\bthpan.sys
12:59:16.0819 0x15c8 BthPan - ok
12:59:16.0870 0x15c8 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:59:16.0928 0x15c8 BTHPORT - ok
12:59:16.0976 0x15c8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
12:59:17.0052 0x15c8 bthserv - ok
12:59:17.0070 0x15c8 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:59:17.0102 0x15c8 BTHUSB - ok
12:59:17.0122 0x15c8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:59:17.0198 0x15c8 cdfs - ok
12:59:17.0245 0x15c8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:59:17.0282 0x15c8 cdrom - ok
12:59:17.0333 0x15c8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
12:59:17.0412 0x15c8 CertPropSvc - ok
12:59:17.0445 0x15c8 chip1click - ok
12:59:17.0487 0x15c8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:59:17.0522 0x15c8 circlass - ok
12:59:17.0579 0x15c8 [ E465632DC8D34C3FA7CAB4F4B4A407C1, 3180089514024C5640568117F139BDACC7CABE1C6D11B8A427FBE21F77AE6C7B ] CLFS C:\Windows\system32\CLFS.sys
12:59:17.0626 0x15c8 CLFS - ok
12:59:17.0684 0x15c8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:59:17.0716 0x15c8 clr_optimization_v2.0.50727_32 - ok
12:59:17.0742 0x15c8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:59:17.0772 0x15c8 clr_optimization_v2.0.50727_64 - ok
12:59:17.0867 0x15c8 [ 1A3D6CABDC37B34D85059185272DBB2F, C7FAB62EC4D9947ADAD0E065D4CDAF8D6EA2AF9FD0C3A1F1A676276825808FD8 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:59:17.0902 0x15c8 clr_optimization_v4.0.30319_32 - ok
12:59:17.0953 0x15c8 [ 59B44C95D56A9BB269B1D4A3F25468C2, 462799657FA493866A14F0D36D5D92C95E8886E6AC5F199D069E6938425A9218 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:59:17.0999 0x15c8 clr_optimization_v4.0.30319_64 - ok
12:59:18.0025 0x15c8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:59:18.0054 0x15c8 CmBatt - ok
12:59:18.0091 0x15c8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:59:18.0114 0x15c8 cmdide - ok
12:59:18.0181 0x15c8 [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG C:\Windows\system32\Drivers\cng.sys
12:59:18.0245 0x15c8 CNG - ok
12:59:18.0267 0x15c8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:59:18.0293 0x15c8 Compbatt - ok
12:59:18.0343 0x15c8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:59:18.0378 0x15c8 CompositeBus - ok
12:59:18.0399 0x15c8 COMSysApp - ok
12:59:18.0427 0x15c8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:59:18.0453 0x15c8 crcdisk - ok
12:59:18.0506 0x15c8 [ 48FEDBE324F1EA9417BA1D62AE863011, 2C3D84F0842237A3BF2838DDB4126807977EB36588FA669B1E6671077584EF18 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:59:18.0544 0x15c8 CryptSvc - ok
12:59:18.0604 0x15c8 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
12:59:18.0659 0x15c8 CSC - ok
12:59:18.0704 0x15c8 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
12:59:18.0766 0x15c8 CscService - ok
12:59:18.0941 0x15c8 [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:59:19.0011 0x15c8 cvhsvc - ok
12:59:19.0080 0x15c8 [ 5E9F8D029D9B03110D835CBFC058068B, 038FDF99C643C8102026BA26A75899A56E91AD0C239DF71AA5443FD35C718C78 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:59:19.0142 0x15c8 DcomLaunch - ok
12:59:19.0215 0x15c8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
12:59:19.0300 0x15c8 defragsvc - ok
12:59:19.0390 0x15c8 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:59:19.0427 0x15c8 DfsC - ok
12:59:19.0566 0x15c8 [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
12:59:19.0619 0x15c8 dg_ssudbus - ok
12:59:19.0735 0x15c8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:59:19.0783 0x15c8 Dhcp - ok
12:59:19.0971 0x15c8 [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack C:\Windows\system32\diagtrack.dll
12:59:20.0081 0x15c8 DiagTrack - ok
12:59:20.0122 0x15c8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
12:59:20.0197 0x15c8 discache - ok
12:59:20.0247 0x15c8 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
12:59:20.0276 0x15c8 Disk - ok
12:59:20.0328 0x15c8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:59:20.0366 0x15c8 Dnscache - ok
12:59:20.0423 0x15c8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
12:59:20.0512 0x15c8 dot3svc - ok
12:59:20.0558 0x15c8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
12:59:20.0638 0x15c8 DPS - ok
12:59:20.0684 0x15c8 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:59:20.0712 0x15c8 drmkaud - ok
12:59:20.0802 0x15c8 [ 5CEF80AE869336376F550ECAE91E424A, 49152AC35556A5629AE7A4A762FDB2112FAD1C9CDB91E6196172809F74A3149A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:59:20.0883 0x15c8 DXGKrnl - ok
12:59:20.0904 0x15c8 EagleX64 - ok
12:59:20.0937 0x15c8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
12:59:21.0019 0x15c8 EapHost - ok
12:59:21.0211 0x15c8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:59:21.0427 0x15c8 ebdrv - ok
12:59:21.0454 0x15c8 [ 79B5DEC7098CF4A66CAB4DBE8E6485F0, B9156B9D5C827D5DD0A9D516E8F73F45F270B1106401803C9DCC5F56A684F3D5 ] EFS C:\Windows\System32\lsass.exe
12:59:21.0482 0x15c8 EFS - ok
12:59:21.0548 0x15c8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:59:21.0618 0x15c8 ehRecvr - ok
12:59:21.0647 0x15c8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
12:59:21.0681 0x15c8 ehSched - ok
12:59:21.0731 0x15c8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:59:21.0781 0x15c8 elxstor - ok
12:59:21.0816 0x15c8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:59:21.0843 0x15c8 ErrDev - ok
12:59:21.0887 0x15c8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
12:59:21.0982 0x15c8 EventSystem - ok
12:59:22.0028 0x15c8 [ 7E45F8B117419ABA3BB26579F6E70324, 03FE86519860153E1BE571F10ACC9BA58FFB5A661C5C3EBDF3B77973BCD96C84 ] exfat C:\Windows\system32\drivers\exfat.sys
12:59:22.0068 0x15c8 exfat - ok
12:59:22.0095 0x15c8 [ 6EDFA237D25433C03F42FBFDB16BDD24, A30F89A40F7AFC475D3C2D3591FB9AFC06AE3FEBC915FDCB24ED77946FBA4E2C ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:59:22.0138 0x15c8 fastfat - ok
12:59:22.0221 0x15c8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
12:59:22.0283 0x15c8 Fax - ok
12:59:22.0303 0x15c8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:59:22.0334 0x15c8 fdc - ok
12:59:22.0356 0x15c8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
12:59:22.0434 0x15c8 fdPHost - ok
12:59:22.0455 0x15c8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
12:59:22.0536 0x15c8 FDResPub - ok
12:59:22.0573 0x15c8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:59:22.0600 0x15c8 FileInfo - ok
12:59:22.0617 0x15c8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:59:22.0689 0x15c8 Filetrace - ok
12:59:22.0706 0x15c8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:59:22.0737 0x15c8 flpydisk - ok
12:59:22.0772 0x15c8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:59:22.0812 0x15c8 FltMgr - ok
12:59:22.0929 0x15c8 [ 785F474FB5E67E448E1931C98E8D0ABC, 911697D580CBF508A6F4A52D4F95A6976CF9A0EC3549076A8D0B5C8BD947C989 ] FontCache C:\Windows\system32\FntCache.dll
12:59:23.0025 0x15c8 FontCache - ok
12:59:23.0079 0x15c8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:59:23.0104 0x15c8 FontCache3.0.0.0 - ok
12:59:23.0126 0x15c8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:59:23.0155 0x15c8 FsDepends - ok
12:59:23.0181 0x15c8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:59:23.0208 0x15c8 Fs_Rec - ok
12:59:23.0252 0x15c8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:59:23.0297 0x15c8 fvevol - ok
12:59:23.0319 0x15c8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:59:23.0348 0x15c8 gagp30kx - ok
12:59:23.0521 0x15c8 [ C6E1E9A45C8BCFD073148B6A6B038C69, EB421C687BC3A3CF97685AA598EF0C671AA74DC801185D4E3C197C1B5B24EE02 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
12:59:23.0614 0x15c8 GfExperienceService - ok
12:59:23.0702 0x15c8 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
12:59:23.0778 0x15c8 gpsvc - ok
12:59:23.0891 0x15c8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:59:23.0917 0x15c8 gupdate - ok
12:59:23.0949 0x15c8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:59:23.0978 0x15c8 gupdatem - ok
12:59:24.0006 0x15c8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:59:24.0035 0x15c8 hcw85cir - ok
12:59:24.0106 0x15c8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:59:24.0155 0x15c8 HdAudAddService - ok
12:59:24.0230 0x15c8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:59:24.0270 0x15c8 HDAudBus - ok
12:59:24.0318 0x15c8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:59:24.0348 0x15c8 HidBatt - ok
12:59:24.0385 0x15c8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:59:24.0423 0x15c8 HidBth - ok
12:59:24.0525 0x15c8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:59:24.0561 0x15c8 HidIr - ok
12:59:24.0596 0x15c8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
12:59:24.0674 0x15c8 hidserv - ok
12:59:24.0725 0x15c8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:59:24.0754 0x15c8 HidUsb - ok
12:59:24.0801 0x15c8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:59:24.0875 0x15c8 hkmsvc - ok
12:59:24.0918 0x15c8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:59:24.0962 0x15c8 HomeGroupListener - ok
12:59:25.0009 0x15c8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:59:25.0051 0x15c8 HomeGroupProvider - ok
12:59:25.0068 0x15c8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:59:25.0097 0x15c8 HpSAMD - ok
12:59:25.0179 0x15c8 [ CF5C9BD985120781200D35FD445D0BD5, 91B37F595A196542458CBBCDAD80779721D228A7030A34E55995DDBB06649248 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:59:25.0254 0x15c8 HTTP - ok
12:59:25.0287 0x15c8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:59:25.0313 0x15c8 hwpolicy - ok
12:59:25.0343 0x15c8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:59:25.0378 0x15c8 i8042prt - ok
12:59:25.0443 0x15c8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:59:25.0490 0x15c8 iaStorV - ok
12:59:25.0584 0x15c8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:59:25.0653 0x15c8 idsvc - ok
12:59:25.0682 0x15c8 IEEtwCollectorService - ok
12:59:26.0346 0x15c8 [ BC610ABB825504272364EFE4C831E672, 86C101D6D62E0D37DB58C159776C6F527450DFD6452570DAAFAC4F81EC04FD1F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:59:26.0641 0x15c8 igfx - ok
12:59:26.0677 0x15c8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:59:26.0688 0x15c8 iirsp - ok
12:59:26.0744 0x15c8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
12:59:26.0776 0x15c8 IKEEXT - ok
12:59:26.0816 0x15c8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
12:59:26.0827 0x15c8 intelide - ok
12:59:26.0867 0x15c8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:59:26.0880 0x15c8 intelppm - ok
12:59:26.0902 0x15c8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:59:26.0932 0x15c8 IPBusEnum - ok
12:59:26.0947 0x15c8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:59:26.0977 0x15c8 IpFilterDriver - ok
12:59:27.0026 0x15c8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:59:27.0052 0x15c8 iphlpsvc - ok
12:59:27.0065 0x15c8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:59:27.0079 0x15c8 IPMIDRV - ok
12:59:27.0089 0x15c8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:59:27.0123 0x15c8 IPNAT - ok
12:59:27.0157 0x15c8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:59:27.0173 0x15c8 IRENUM - ok
12:59:27.0188 0x15c8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:59:27.0198 0x15c8 isapnp - ok
12:59:27.0238 0x15c8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:59:27.0253 0x15c8 iScsiPrt - ok
12:59:27.0301 0x15c8 [ 8D990A44B4F2B68E2C56A3724EC3EB84, 5768FC5B156FC9CEEA735C933B50ADD8AE018F5609B83634F001E847E3101ACA ] itecir C:\Windows\system32\DRIVERS\itecir.sys
12:59:27.0311 0x15c8 itecir - ok
12:59:27.0326 0x15c8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:59:27.0337 0x15c8 kbdclass - ok
12:59:27.0346 0x15c8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:59:27.0359 0x15c8 kbdhid - ok
12:59:27.0371 0x15c8 [ 79B5DEC7098CF4A66CAB4DBE8E6485F0, B9156B9D5C827D5DD0A9D516E8F73F45F270B1106401803C9DCC5F56A684F3D5 ] KeyIso C:\Windows\system32\lsass.exe
12:59:27.0384 0x15c8 KeyIso - ok
12:59:27.0417 0x15c8 [ 5111D419808BF6B3BC5BC67C052F0286, 159348B645D6B5CBAD4410DA5B9CD0E9D551CAAD310E03D96C6902439604F97C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:59:27.0430 0x15c8 KSecDD - ok
12:59:27.0446 0x15c8 [ 46D16E5879A3F874EEDCE243AE17EF45, EB72E1DBA5611D16A8D80BBC4F9A7921A268E5D38F20915849EB2311121757FA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:59:27.0459 0x15c8 KSecPkg - ok
12:59:27.0469 0x15c8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:59:27.0498 0x15c8 ksthunk - ok
12:59:27.0524 0x15c8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
12:59:27.0561 0x15c8 KtmRm - ok
12:59:27.0607 0x15c8 [ 07BBCEC9EEE4BADDEE51E1635A60A09B, 82E3B92CF0887D99DB9FCF3EC084709CA7165B6C6FD94522C02AE1ED29EFE495 ] L1c C:\Windows\system32\DRIVERS\l1c51x64.sys
12:59:27.0618 0x15c8 L1c - ok
12:59:27.0660 0x15c8 [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
12:59:27.0673 0x15c8 L1E - ok
12:59:27.0725 0x15c8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:59:27.0762 0x15c8 LanmanServer - ok
12:59:27.0777 0x15c8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:59:27.0812 0x15c8 LanmanWorkstation - ok
12:59:27.0845 0x15c8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:59:27.0878 0x15c8 lltdio - ok
12:59:27.0898 0x15c8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:59:27.0934 0x15c8 lltdsvc - ok
12:59:27.0950 0x15c8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:59:27.0982 0x15c8 lmhosts - ok
12:59:28.0015 0x15c8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:59:28.0028 0x15c8 LSI_FC - ok
12:59:28.0046 0x15c8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:59:28.0057 0x15c8 LSI_SAS - ok
12:59:28.0072 0x15c8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:59:28.0083 0x15c8 LSI_SAS2 - ok
12:59:28.0095 0x15c8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:59:28.0107 0x15c8 LSI_SCSI - ok
12:59:28.0134 0x15c8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
12:59:28.0168 0x15c8 luafv - ok
12:59:28.0223 0x15c8 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:59:28.0233 0x15c8 MBAMProtector - ok
12:59:28.0351 0x15c8 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
12:59:28.0385 0x15c8 MBAMService - ok
12:59:28.0445 0x15c8 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:59:28.0456 0x15c8 MBAMWebAccessControl - ok
12:59:28.0490 0x15c8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:59:28.0506 0x15c8 Mcx2Svc - ok
12:59:28.0522 0x15c8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:59:28.0533 0x15c8 megasas - ok
12:59:28.0551 0x15c8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:59:28.0567 0x15c8 MegaSR - ok
12:59:28.0609 0x15c8 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:59:28.0619 0x15c8 MEIx64 - ok
12:59:28.0632 0x15c8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
12:59:28.0666 0x15c8 MMCSS - ok
12:59:28.0677 0x15c8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
12:59:28.0708 0x15c8 Modem - ok
12:59:28.0733 0x15c8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:59:28.0748 0x15c8 monitor - ok
12:59:28.0791 0x15c8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:59:28.0803 0x15c8 mouclass - ok
12:59:28.0836 0x15c8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:59:28.0848 0x15c8 mouhid - ok
12:59:28.0881 0x15c8 [ 072D8646E23ECF8A3F5F0157017B4DB6, EBFB1459ECC5AF94C94FB49CEBC724542612680F0777E24B5AA6E062C0EE5D94 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:59:28.0894 0x15c8 mountmgr - ok
12:59:28.0979 0x15c8 [ 86C9215967686BB8A6AEE8008D914BF8, 907A156AADC880F06EB7BBBC0C57EC14A205CEE43A2AD509F6BD4040CA4F327D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:59:28.0993 0x15c8 MozillaMaintenance - ok
12:59:29.0015 0x15c8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
12:59:29.0029 0x15c8 mpio - ok
12:59:29.0050 0x15c8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:59:29.0083 0x15c8 mpsdrv - ok
12:59:29.0139 0x15c8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:59:29.0186 0x15c8 MpsSvc - ok
12:59:29.0220 0x15c8 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:59:29.0235 0x15c8 MRxDAV - ok
12:59:29.0337 0x15c8 [ EE88FE7F43A53B376142FAE2DAA50EF1, 9048C87484A87481B4F227AF628E573024FB252620C4BD1C9193225ACB9A6BE2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:59:29.0353 0x15c8 mrxsmb - ok
12:59:29.0397 0x15c8 [ 119CE8CFC2073AE576D92A9A0E164012, 9A9FFF962E851DADAE6E0BE852F251557FF242B385659BAD99A84D4DB929FAE8 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:59:29.0416 0x15c8 mrxsmb10 - ok
12:59:29.0452 0x15c8 [ 84EE9DC885665DB9A78CC22F365E77D0, 7ADD647A8E5AF3EDA873CA1467A961CDB5CAEF12F689CF0E47C83E8BB382FF73 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:59:29.0469 0x15c8 mrxsmb20 - ok
12:59:29.0542 0x15c8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
12:59:29.0551 0x15c8 msahci - ok
12:59:29.0605 0x15c8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:59:29.0618 0x15c8 msdsm - ok
12:59:29.0632 0x15c8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
12:59:29.0649 0x15c8 MSDTC - ok
12:59:29.0681 0x15c8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:59:29.0733 0x15c8 Msfs - ok
12:59:29.0757 0x15c8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:59:29.0786 0x15c8 mshidkmdf - ok
12:59:29.0806 0x15c8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:59:29.0817 0x15c8 msisadrv - ok
12:59:29.0864 0x15c8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:59:29.0898 0x15c8 MSiSCSI - ok
12:59:29.0902 0x15c8 msiserver - ok
12:59:29.0939 0x15c8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:59:29.0971 0x15c8 MSKSSRV - ok
12:59:29.0982 0x15c8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:59:30.0013 0x15c8 MSPCLOCK - ok
12:59:30.0023 0x15c8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:59:30.0053 0x15c8 MSPQM - ok
12:59:30.0097 0x15c8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:59:30.0114 0x15c8 MsRPC - ok
12:59:30.0129 0x15c8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:59:30.0138 0x15c8 mssmbios - ok
12:59:30.0173 0x15c8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:59:30.0205 0x15c8 MSTEE - ok
12:59:30.0227 0x15c8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:59:30.0238 0x15c8 MTConfig - ok
12:59:30.0276 0x15c8 [ 2219A3D695405E7BA2186BA6B9EDE14A, 8B99BD22DACB56FF544ED922962FE4EC1172BF90987A46E3A5F62A3B4E720B0C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
12:59:30.0285 0x15c8 MTsensor - ok
12:59:30.0300 0x15c8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
12:59:30.0311 0x15c8 Mup - ok
12:59:30.0360 0x15c8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
12:59:30.0401 0x15c8 napagent - ok
12:59:30.0454 0x15c8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:59:30.0477 0x15c8 NativeWifiP - ok
12:59:30.0541 0x15c8 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:59:30.0574 0x15c8 NDIS - ok
12:59:30.0587 0x15c8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:59:30.0618 0x15c8 NdisCap - ok
12:59:30.0649 0x15c8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:59:30.0680 0x15c8 NdisTapi - ok
12:59:30.0721 0x15c8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:59:30.0752 0x15c8 Ndisuio - ok
12:59:30.0790 0x15c8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:59:30.0822 0x15c8 NdisWan - ok
12:59:30.0849 0x15c8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:59:30.0880 0x15c8 NDProxy - ok
12:59:30.0888 0x15c8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:59:30.0917 0x15c8 NetBIOS - ok
12:59:30.0961 0x15c8 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:59:30.0979 0x15c8 NetBT - ok
12:59:30.0992 0x15c8 [ 79B5DEC7098CF4A66CAB4DBE8E6485F0, B9156B9D5C827D5DD0A9D516E8F73F45F270B1106401803C9DCC5F56A684F3D5 ] Netlogon C:\Windows\system32\lsass.exe
12:59:31.0006 0x15c8 Netlogon - ok
12:59:31.0031 0x15c8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
12:59:31.0072 0x15c8 Netman - ok
12:59:31.0131 0x15c8 [ 0A84CDBA132359052C017888C2DFC8E6, C1B0524171E8E2BF2209747D4129018A38F8AC7737670B362CE9F691D57E8C07 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:31.0145 0x15c8 NetMsmqActivator - ok
12:59:31.0168 0x15c8 [ 0A84CDBA132359052C017888C2DFC8E6, C1B0524171E8E2BF2209747D4129018A38F8AC7737670B362CE9F691D57E8C07 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:31.0181 0x15c8 NetPipeActivator - ok
12:59:31.0214 0x15c8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
12:59:31.0254 0x15c8 netprofm - ok
12:59:31.0354 0x15c8 [ B7053DF2D07413727B9A3AC195172364, 97B7B02B3B578F054EEA1CCC6A318F91288F9E2B0644DE45D5CDCF1326EC014A ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
12:59:31.0414 0x15c8 netr28ux - ok
12:59:31.0455 0x15c8 [ 0A84CDBA132359052C017888C2DFC8E6, C1B0524171E8E2BF2209747D4129018A38F8AC7737670B362CE9F691D57E8C07 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:31.0470 0x15c8 NetTcpActivator - ok
12:59:31.0477 0x15c8 [ 0A84CDBA132359052C017888C2DFC8E6, C1B0524171E8E2BF2209747D4129018A38F8AC7737670B362CE9F691D57E8C07 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:31.0490 0x15c8 NetTcpPortSharing - ok
12:59:31.0503 0x15c8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:59:31.0514 0x15c8 nfrd960 - ok
12:59:31.0554 0x15c8 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:59:31.0574 0x15c8 NlaSvc - ok
12:59:31.0641 0x15c8 [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF C:\Windows\system32\drivers\npf.sys
12:59:31.0651 0x15c8 NPF - ok
12:59:31.0655 0x15c8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:59:31.0685 0x15c8 Npfs - ok
12:59:31.0707 0x15c8 npggsvc - ok
12:59:31.0733 0x15c8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
12:59:31.0764 0x15c8 nsi - ok
12:59:31.0776 0x15c8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:59:31.0807 0x15c8 nsiproxy - ok
12:59:31.0889 0x15c8 [ 7FD5A7FB8F55254E9AF5666C653AF3CA, 5EE9805BB4A952AE455D08953FF12E55879776A521B3333F2730AC552DC17C48 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:59:31.0956 0x15c8 Ntfs - ok
12:59:31.0963 0x15c8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
12:59:31.0995 0x15c8 Null - ok
12:59:32.0039 0x15c8 [ 0EBC9D13CD96C15B1B18D8678A609E4B, B10896DE16B0C102DFB3E73A6C11A1982C5B428015DAE1F8776BCEF94A0F75C6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
12:59:32.0051 0x15c8 nusb3hub - ok
12:59:32.0085 0x15c8 [ 7BDEC000D56D485021D9C1E63C2F81CA, 7F1303FD0371AF8715BFC38433B730C797170AEF10C7DB845B7B547DA8DBB5D5 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:59:32.0099 0x15c8 nusb3xhc - ok
12:59:32.0152 0x15c8 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
12:59:32.0171 0x15c8 NVENETFD - ok
12:59:32.0213 0x15c8 [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
12:59:32.0227 0x15c8 NVHDA - ok
12:59:32.0611 0x15c8 [ A6975E0E4BE34667933846DE2F28AEFC, DFCF194C457A80C8222821001626D089FB1D97A37CA4D50D92144CE324911A78 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:59:32.0926 0x15c8 nvlddmkm - ok
12:59:33.0062 0x15c8 [ A6102293847A7A2DF01E7BF7AC1C1F12, 14E4E75711C00DA826136FB531E9AD53787502F441103386C5CD37EEFCE27AFC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
12:59:33.0114 0x15c8 NvNetworkService - ok
12:59:33.0138 0x15c8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:59:33.0152 0x15c8 nvraid - ok
12:59:33.0183 0x15c8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:59:33.0197 0x15c8 nvstor - ok
12:59:33.0281 0x15c8 [ 99D42078C9596A20A7B3419159265A25, E9F5380E6597C79B26B2CBAAC534F31C5027F32AAA0FD5876CF7E9BB6658F30C ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
12:59:33.0292 0x15c8 NvStreamKms - ok
12:59:33.0443 0x15c8 [ E6A64322EB213AEACBB61584AA6FB032, FA91C89B81DD7F3EC22DF71FFC3A506AD40AE76EC91F1115CCAB6ED39431369D ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
12:59:33.0530 0x15c8 NvStreamNetworkSvc - ok
12:59:33.0623 0x15c8 [ A8213BF32D2E75ADD362E118AD164749, 6F35210ED11088FE64F13DD63053FFDA4628A5F6397DA33A345970962AB83499 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
12:59:33.0686 0x15c8 NvStreamSvc - ok
12:59:33.0762 0x15c8 [ 9AEDEFFFE581D775E70C1C228CCD495E, F31C6DED1292A9392B83F9F557070543984AAB73718785B1C189752B34D4805B ] nvsvc C:\Windows\system32\nvvsvc.exe
12:59:33.0794 0x15c8 nvsvc - ok
12:59:33.0842 0x15c8 [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
12:59:33.0855 0x15c8 nvvad_WaveExtensible - ok
12:59:33.0901 0x15c8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:59:33.0912 0x15c8 nv_agp - ok
12:59:33.0924 0x15c8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:59:33.0936 0x15c8 ohci1394 - ok
12:59:33.0998 0x15c8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:59:34.0010 0x15c8 ose - ok
12:59:34.0174 0x15c8 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:59:34.0292 0x15c8 osppsvc - ok
12:59:34.0390 0x15c8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:59:34.0408 0x15c8 p2pimsvc - ok
12:59:34.0445 0x15c8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
12:59:34.0467 0x15c8 p2psvc - ok
12:59:34.0579 0x15c8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:59:34.0593 0x15c8 Parport - ok
12:59:34.0634 0x15c8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:59:34.0646 0x15c8 partmgr - ok
12:59:34.0682 0x15c8 [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc C:\Windows\System32\pcasvc.dll
12:59:34.0699 0x15c8 PcaSvc - ok
12:59:34.0715 0x15c8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
12:59:34.0729 0x15c8 pci - ok
12:59:34.0762 0x15c8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
12:59:34.0772 0x15c8 pciide - ok
12:59:34.0789 0x15c8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:59:34.0804 0x15c8 pcmcia - ok
12:59:34.0818 0x15c8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
12:59:34.0830 0x15c8 pcw - ok
12:59:34.0879 0x15c8 [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:59:34.0906 0x15c8 PEAUTH - ok
12:59:34.0965 0x15c8 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:59:35.0009 0x15c8 PeerDistSvc - ok
12:59:35.0053 0x15c8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:59:35.0065 0x15c8 PerfHost - ok
12:59:35.0143 0x15c8 [ BC5F8C5C7ACCD0B884FCB8B67616F537, 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27 ] pla C:\Windows\system32\pla.dll
12:59:35.0189 0x15c8 pla - ok
12:59:35.0259 0x15c8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:59:35.0280 0x15c8 PlugPlay - ok
12:59:35.0309 0x15c8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:59:35.0322 0x15c8 PNRPAutoReg - ok
12:59:35.0338 0x15c8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:59:35.0357 0x15c8 PNRPsvc - ok
12:59:35.0404 0x15c8 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:59:35.0426 0x15c8 PolicyAgent - ok
12:59:35.0455 0x15c8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
12:59:35.0492 0x15c8 Power - ok
12:59:35.0540 0x15c8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:59:35.0573 0x15c8 PptpMiniport - ok
12:59:35.0598 0x15c8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:59:35.0610 0x15c8 Processor - ok
12:59:35.0644 0x15c8 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
12:59:35.0661 0x15c8 ProfSvc - ok
12:59:35.0671 0x15c8 [ 79B5DEC7098CF4A66CAB4DBE8E6485F0, B9156B9D5C827D5DD0A9D516E8F73F45F270B1106401803C9DCC5F56A684F3D5 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:59:35.0682 0x15c8 ProtectedStorage - ok
12:59:35.0726 0x15c8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:59:35.0757 0x15c8 Psched - ok
12:59:35.0809 0x15c8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:59:35.0855 0x15c8 ql2300 - ok
12:59:35.0876 0x15c8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:59:35.0889 0x15c8 ql40xx - ok
12:59:35.0911 0x15c8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
12:59:35.0934 0x15c8 QWAVE - ok
12:59:35.0940 0x15c8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:59:35.0957 0x15c8 QWAVEdrv - ok
12:59:35.0967 0x15c8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:59:35.0997 0x15c8 RasAcd - ok
12:59:36.0044 0x15c8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:59:36.0075 0x15c8 RasAgileVpn - ok
12:59:36.0092 0x15c8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
12:59:36.0127 0x15c8 RasAuto - ok
12:59:36.0162 0x15c8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:59:36.0194 0x15c8 Rasl2tp - ok
12:59:36.0242 0x15c8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:59:36.0282 0x15c8 RasMan - ok
12:59:36.0298 0x15c8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:59:36.0332 0x15c8 RasPppoe - ok
12:59:36.0372 0x15c8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:59:36.0403 0x15c8 RasSstp - ok
12:59:36.0441 0x15c8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:59:36.0478 0x15c8 rdbss - ok
12:59:36.0491 0x15c8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:59:36.0505 0x15c8 rdpbus - ok
12:59:36.0544 0x15c8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:59:36.0576 0x15c8 RDPCDD - ok
12:59:36.0616 0x15c8 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:59:36.0630 0x15c8 RDPDR - ok
12:59:36.0634 0x15c8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:59:36.0662 0x15c8 RDPENCDD - ok
12:59:36.0667 0x15c8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:59:36.0699 0x15c8 RDPREFMP - ok
12:59:36.0742 0x15c8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:59:36.0758 0x15c8 RDPWD - ok
12:59:36.0800 0x15c8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:59:36.0816 0x15c8 rdyboost - ok
12:59:36.0839 0x15c8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:59:36.0874 0x15c8 RemoteAccess - ok
12:59:36.0881 0x15c8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:59:36.0917 0x15c8 RemoteRegistry - ok
12:59:36.0955 0x15c8 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:59:36.0973 0x15c8 RFCOMM - ok
12:59:37.0003 0x15c8 [ B60F58F175DE20A6739194E85B035178, 6E66D6041AF0B69896E4556F9FF3A3AA70CF4B09FFBE68E14E60313C5E3FFDDB ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
12:59:37.0013 0x15c8 rpcapd - ok
12:59:37.0030 0x15c8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:59:37.0063 0x15c8 RpcEptMapper - ok
12:59:37.0076 0x15c8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:59:37.0089 0x15c8 RpcLocator - ok
12:59:37.0139 0x15c8 [ 5E9F8D029D9B03110D835CBFC058068B, 038FDF99C643C8102026BA26A75899A56E91AD0C239DF71AA5443FD35C718C78 ] RpcSs C:\Windows\system32\rpcss.dll
12:59:37.0165 0x15c8 RpcSs - ok
12:59:37.0176 0x15c8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:59:37.0209 0x15c8 rspndr - ok
12:59:37.0272 0x15c8 [ B358C047E081AC70035017BD1D7ED818, D52455156F2913C5A88B18EC76C4C10B3589FE95F9735DD687A0307FA00FF500 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:59:37.0299 0x15c8 RTL8167 - ok
12:59:37.0358 0x15c8 [ 0FE1DB20DA9863CD5B397717FF07738B, 3BCA3269A6ECA501508F2BAC56DB9C0B2DAD3DDA853C5FB168E4C628A94E1C83 ] rusb3xhc C:\Windows\system32\DRIVERS\rusb3xhc.sys
12:59:37.0372 0x15c8 rusb3xhc - ok
12:59:37.0400 0x15c8 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:59:37.0412 0x15c8 s3cap - ok
12:59:37.0428 0x15c8 [ 79B5DEC7098CF4A66CAB4DBE8E6485F0, B9156B9D5C827D5DD0A9D516E8F73F45F270B1106401803C9DCC5F56A684F3D5 ] SamSs C:\Windows\system32\lsass.exe
12:59:37.0440 0x15c8 SamSs - ok
12:59:37.0458 0x15c8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:59:37.0470 0x15c8 sbp2port - ok
12:59:37.0487 0x15c8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:59:37.0524 0x15c8 SCardSvr - ok
12:59:37.0559 0x15c8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:59:37.0590 0x15c8 scfilter - ok
12:59:37.0646 0x15c8 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
12:59:37.0681 0x15c8 Schedule - ok
12:59:37.0719 0x15c8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:59:37.0751 0x15c8 SCPolicySvc - ok
12:59:37.0792 0x15c8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:59:37.0808 0x15c8 SDRSVC - ok
12:59:37.0840 0x15c8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:59:37.0852 0x15c8 secdrv - ok
12:59:37.0887 0x15c8 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
12:59:37.0901 0x15c8 seclogon - ok
12:59:37.0914 0x15c8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
12:59:37.0948 0x15c8 SENS - ok
12:59:37.0957 0x15c8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:59:37.0971 0x15c8 SensrSvc - ok
12:59:37.0981 0x15c8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:59:37.0994 0x15c8 Serenum - ok
12:59:38.0007 0x15c8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:59:38.0021 0x15c8 Serial - ok
12:59:38.0055 0x15c8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:59:38.0068 0x15c8 sermouse - ok
12:59:38.0108 0x15c8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:59:38.0143 0x15c8 SessionEnv - ok
12:59:38.0157 0x15c8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:59:38.0171 0x15c8 sffdisk - ok
12:59:38.0184 0x15c8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:59:38.0198 0x15c8 sffp_mmc - ok
12:59:38.0207 0x15c8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:59:38.0221 0x15c8 sffp_sd - ok
12:59:38.0230 0x15c8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:59:38.0243 0x15c8 sfloppy - ok
12:59:38.0317 0x15c8 [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
12:59:38.0343 0x15c8 Sftfs - ok
12:59:38.0438 0x15c8 [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:59:38.0459 0x15c8 sftlist - ok
12:59:38.0496 0x15c8 [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:59:38.0511 0x15c8 Sftplay - ok
12:59:38.0567 0x15c8 [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:59:38.0577 0x15c8 Sftredir - ok
12:59:38.0587 0x15c8 [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
12:59:38.0597 0x15c8 Sftvol - ok
12:59:38.0609 0x15c8 [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:59:38.0622 0x15c8 sftvsa - ok
12:59:38.0651 0x15c8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:59:38.0686 0x15c8 SharedAccess - ok
12:59:38.0729 0x15c8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:59:38.0780 0x15c8 ShellHWDetection - ok
12:59:38.0793 0x15c8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:59:38.0804 0x15c8 SiSRaid2 - ok
12:59:38.0817 0x15c8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:59:38.0829 0x15c8 SiSRaid4 - ok
12:59:38.0930 0x15c8 [ E6DA1192D36D2D29FF8387917C2D70A6, 6F6AB7A2E45D7E05F5ED0B08B1ED9FFA03BDBFAF5E80F8B9E2C4D6CF6F74B851 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:59:38.0958 0x15c8 SkypeUpdate - ok
12:59:38.0985 0x15c8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:59:39.0017 0x15c8 Smb - ok
12:59:39.0072 0x15c8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:59:39.0086 0x15c8 SNMPTRAP - ok
12:59:39.0095 0x15c8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:59:39.0106 0x15c8 spldr - ok
12:59:39.0153 0x15c8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:59:39.0179 0x15c8 Spooler - ok
12:59:39.0472 0x15c8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:59:39.0585 0x15c8 sppsvc - ok
12:59:39.0609 0x15c8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:59:39.0643 0x15c8 sppuinotify - ok
12:59:39.0690 0x15c8 [ 546C81F238F084A393EC54114741A0A8, AA223A2A8E8503CBDB0CE6A70620B372E0591070F9FF7D8532A93B54EF7B7E51 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:59:39.0713 0x15c8 srv - ok
12:59:39.0762 0x15c8 [ 431D2B06E8F93EAEC53E8FA37FCFF2F1, 4CB94D250E9D2646FCE7284D4D3CED1BB02E4D79AD33A414D16EF794195868CA ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:59:39.0785 0x15c8 srv2 - ok
12:59:39.0815 0x15c8 [ 42EDAB3E3E8E25C7093674936C2DB4BD, B2D5E006B748F24F0FF2CEFFC3D056F3D50E8A818BDFF4231C87C022A25F44ED ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:59:39.0831 0x15c8 srvnet - ok
12:59:39.0842 0x15c8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:59:39.0875 0x15c8 SSDPSRV - ok
12:59:39.0888 0x15c8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:59:39.0922 0x15c8 SstpSvc - ok
12:59:39.0970 0x15c8 [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
12:59:39.0986 0x15c8 ssudmdm - ok
12:59:40.0136 0x15c8 [ AC5DE2689B571942E08128D0EC771495, 46A0932F0AC4911B6778D7C09DFB640A9225092CDC028BF74E8FD6374A1E8035 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:59:40.0183 0x15c8 Steam Client Service - ok
12:59:40.0237 0x15c8 [ AD5CE4DBBBAFB82B728BA0548876C5B6, 09022AE357FFBD9F3DF7807BF57704AA8E71767E043E92DA06DB5FE828B3F26F ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:59:40.0256 0x15c8 Stereo Service - ok
12:59:40.0275 0x15c8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:59:40.0285 0x15c8 stexstor - ok
12:59:40.0342 0x15c8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:59:40.0373 0x15c8 stisvc - ok
12:59:40.0406 0x15c8 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:59:40.0416 0x15c8 storflt - ok
12:59:40.0434 0x15c8 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
12:59:40.0447 0x15c8 StorSvc - ok
12:59:40.0460 0x15c8 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:59:40.0471 0x15c8 storvsc - ok
12:59:40.0486 0x15c8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
12:59:40.0496 0x15c8 swenum - ok
12:59:40.0526 0x15c8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:59:40.0565 0x15c8 swprv - ok
12:59:40.0644 0x15c8 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
12:59:40.0698 0x15c8 SysMain - ok
12:59:40.0712 0x15c8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:59:40.0729 0x15c8 TabletInputService - ok
12:59:40.0744 0x15c8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:59:40.0780 0x15c8 TapiSrv - ok
12:59:40.0865 0x15c8 [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:59:40.0917 0x15c8 Tcpip - ok
12:59:40.0998 0x15c8 [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:59:41.0121 0x15c8 TCPIP6 - ok
12:59:41.0176 0x15c8 [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:59:41.0204 0x15c8 tcpipreg - ok
12:59:41.0226 0x15c8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:59:41.0254 0x15c8 TDPIPE - ok
12:59:41.0288 0x15c8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:59:41.0316 0x15c8 TDTCP - ok
12:59:41.0362 0x15c8 [ 028D61D9803FBEFB7426696A7840BB48, 344448F41EB93AF01FF624665C0D582C0ABB19AFDA1DA18EE5141E26407F58BE ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:59:41.0402 0x15c8 tdx - ok
12:59:42.0154 0x15c8 [ 44449A0EB8EBD8DCBC3ED4BB62BA3A5F, 168197015D1E5ED71775250084C224A1100E0F989A6D1CC4102004E5AAD74F3A ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
12:59:42.0768 0x15c8 TeamViewer - ok
12:59:42.0858 0x15c8 [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
12:59:42.0881 0x15c8 teamviewervpn - ok
12:59:42.0933 0x15c8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
12:59:42.0961 0x15c8 TermDD - ok
12:59:43.0038 0x15c8 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
12:59:43.0102 0x15c8 TermService - ok
12:59:43.0130 0x15c8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
12:59:43.0175 0x15c8 Themes - ok
12:59:43.0203 0x15c8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:59:43.0279 0x15c8 THREADORDER - ok
12:59:43.0310 0x15c8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:59:43.0387 0x15c8 TrkWks - ok
12:59:43.0460 0x15c8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:59:43.0537 0x15c8 TrustedInstaller - ok
12:59:43.0564 0x15c8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:59:43.0593 0x15c8 tssecsrv - ok
12:59:43.0657 0x15c8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:59:43.0686 0x15c8 TsUsbFlt - ok
12:59:43.0732 0x15c8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:59:43.0812 0x15c8 tunnel - ok
12:59:43.0844 0x15c8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:59:43.0872 0x15c8 uagp35 - ok
12:59:43.0924 0x15c8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:59:44.0008 0x15c8 udfs - ok
12:59:44.0037 0x15c8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:59:44.0074 0x15c8 UI0Detect - ok
12:59:44.0116 0x15c8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:59:44.0142 0x15c8 uliagpkx - ok
12:59:44.0179 0x15c8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
12:59:44.0211 0x15c8 umbus - ok
12:59:44.0225 0x15c8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:59:44.0256 0x15c8 UmPass - ok
12:59:44.0322 0x15c8 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
12:59:44.0360 0x15c8 UmRdpService - ok
12:59:44.0467 0x15c8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:59:44.0574 0x15c8 upnphost - ok
12:59:44.0619 0x15c8 [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:59:44.0651 0x15c8 usbccgp - ok
12:59:44.0696 0x15c8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:59:44.0730 0x15c8 usbcir - ok
12:59:44.0753 0x15c8 [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:59:44.0784 0x15c8 usbehci - ok
12:59:44.0858 0x15c8 [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
12:59:44.0883 0x15c8 usbfilter - ok
12:59:44.0919 0x15c8 [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:59:44.0961 0x15c8 usbhub - ok
12:59:44.0975 0x15c8 [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:59:45.0005 0x15c8 usbohci - ok
12:59:45.0026 0x15c8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:59:45.0062 0x15c8 usbprint - ok
12:59:45.0117 0x15c8 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:59:45.0145 0x15c8 USBSTOR - ok
12:59:45.0165 0x15c8 [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:59:45.0192 0x15c8 usbuhci - ok
12:59:45.0206 0x15c8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:59:45.0280 0x15c8 UxSms - ok
12:59:45.0296 0x15c8 [ 79B5DEC7098CF4A66CAB4DBE8E6485F0, B9156B9D5C827D5DD0A9D516E8F73F45F270B1106401803C9DCC5F56A684F3D5 ] VaultSvc C:\Windows\system32\lsass.exe
12:59:45.0323 0x15c8 VaultSvc - ok
12:59:45.0333 0x15c8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:59:45.0356 0x15c8 vdrvroot - ok
12:59:45.0430 0x15c8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:59:45.0532 0x15c8 vds - ok
12:59:45.0555 0x15c8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:59:45.0591 0x15c8 vga - ok
12:59:45.0604 0x15c8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:59:45.0684 0x15c8 VgaSave - ok
12:59:45.0730 0x15c8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:59:45.0763 0x15c8 vhdmp - ok
12:59:45.0804 0x15c8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:59:45.0829 0x15c8 viaide - ok
12:59:45.0856 0x15c8 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:59:45.0892 0x15c8 vmbus - ok
12:59:45.0906 0x15c8 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:59:45.0935 0x15c8 VMBusHID - ok
12:59:45.0975 0x15c8 VMnetAdapter - ok
12:59:46.0002 0x15c8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:59:46.0031 0x15c8 volmgr - ok
12:59:46.0088 0x15c8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:59:46.0129 0x15c8 volmgrx - ok
12:59:46.0162 0x15c8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:59:46.0198 0x15c8 volsnap - ok
12:59:46.0222 0x15c8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:59:46.0252 0x15c8 vsmraid - ok
12:59:46.0376 0x15c8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:59:46.0544 0x15c8 VSS - ok
12:59:46.0608 0x15c8 [ C19651818F777BB3868EA8A8990B46FA, E68E4AFD25ED34E5A74E2B3F3FDEB4EA22699069314C0E8AD088BE778E5EE0C9 ] VUSB3HUB C:\Windows\system32\DRIVERS\ViaHub3.sys
12:59:46.0647 0x15c8 VUSB3HUB - ok
12:59:46.0666 0x15c8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:59:46.0699 0x15c8 vwifibus - ok
12:59:46.0737 0x15c8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:59:46.0775 0x15c8 vwififlt - ok
12:59:46.0811 0x15c8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:59:46.0912 0x15c8 W32Time - ok
12:59:46.0932 0x15c8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:59:46.0962 0x15c8 WacomPen - ok
12:59:46.0997 0x15c8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:59:47.0071 0x15c8 WANARP - ok
12:59:47.0097 0x15c8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:59:47.0168 0x15c8 Wanarpv6 - ok
12:59:47.0281 0x15c8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:59:47.0390 0x15c8 wbengine - ok
12:59:47.0455 0x15c8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:59:47.0508 0x15c8 WbioSrvc - ok
12:59:47.0542 0x15c8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:59:47.0600 0x15c8 wcncsvc - ok
12:59:47.0645 0x15c8 [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:59:47.0678 0x15c8 WcsPlugInService - ok
12:59:47.0693 0x15c8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:59:47.0719 0x15c8 Wd - ok
12:59:47.0800 0x15c8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:59:47.0873 0x15c8 Wdf01000 - ok
12:59:47.0922 0x15c8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:59:47.0957 0x15c8 WdiServiceHost - ok
12:59:47.0968 0x15c8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:59:48.0004 0x15c8 WdiSystemHost - ok
12:59:48.0058 0x15c8 [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient C:\Windows\System32\webclnt.dll
12:59:48.0106 0x15c8 WebClient - ok
12:59:48.0136 0x15c8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:59:48.0231 0x15c8 Wecsvc - ok
12:59:48.0248 0x15c8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:59:48.0332 0x15c8 wercplsupport - ok
12:59:48.0373 0x15c8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:59:48.0453 0x15c8 WerSvc - ok
12:59:48.0467 0x15c8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:59:48.0541 0x15c8 WfpLwf - ok
12:59:48.0559 0x15c8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:59:48.0586 0x15c8 WIMMount - ok
12:59:48.0606 0x15c8 WinDefend - ok
12:59:48.0631 0x15c8 WinHttpAutoProxySvc - ok
12:59:48.0695 0x15c8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:59:48.0785 0x15c8 Winmgmt - ok
12:59:48.0920 0x15c8 [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM C:\Windows\system32\WsmSvc.dll
12:59:49.0068 0x15c8 WinRM - ok
12:59:49.0136 0x15c8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:59:49.0169 0x15c8 WinUsb - ok
12:59:49.0237 0x15c8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:59:49.0332 0x15c8 Wlansvc - ok
12:59:49.0369 0x15c8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:59:49.0399 0x15c8 WmiAcpi - ok
12:59:49.0437 0x15c8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:59:49.0478 0x15c8 wmiApSrv - ok
12:59:49.0538 0x15c8 WMPNetworkSvc - ok
12:59:49.0548 0x15c8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:59:49.0581 0x15c8 WPCSvc - ok
12:59:49.0625 0x15c8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:59:49.0666 0x15c8 WPDBusEnum - ok
12:59:49.0676 0x15c8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:59:49.0748 0x15c8 ws2ifsl - ok
12:59:49.0781 0x15c8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
12:59:49.0827 0x15c8 wscsvc - ok
12:59:49.0835 0x15c8 WSearch - ok
12:59:50.0014 0x15c8 [ 88009DB9E1166B6B6713A858C176FECD, CBF4C63D3C5D14AF3C3F0D9C48E5AC9E7A4323BFB0363E9948FD801963BE1467 ] wuauserv C:\Windows\system32\wuaueng.dll
12:59:50.0192 0x15c8 wuauserv - ok
12:59:50.0241 0x15c8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:59:50.0275 0x15c8 WudfPf - ok
12:59:50.0305 0x15c8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:59:50.0344 0x15c8 WUDFRd - ok
12:59:50.0372 0x15c8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:59:50.0409 0x15c8 wudfsvc - ok
12:59:50.0446 0x15c8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:59:50.0491 0x15c8 WwanSvc - ok
12:59:50.0556 0x15c8 [ 8F6E425F319128F8A24E6558728C6116, 3BA0BFCA81A2136903CC07385A6F048AB0DC15F71546BB1026F8E7C705599679 ] xhcdrv C:\Windows\system32\DRIVERS\xhcdrv.sys
12:59:50.0596 0x15c8 xhcdrv - ok
12:59:50.0733 0x15c8 ================ Scan global ===============================
12:59:50.0773 0x15c8 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
12:59:50.0803 0x15c8 [ 825C29BE302D5A4697EF19A2FFC53486, DEE04A0BCCFEC5F126C5FBF91D23790628AE79FAF4B61D7960F1592D0B432613 ] C:\Windows\system32\winsrv.dll
12:59:50.0836 0x15c8 [ 825C29BE302D5A4697EF19A2FFC53486, DEE04A0BCCFEC5F126C5FBF91D23790628AE79FAF4B61D7960F1592D0B432613 ] C:\Windows\system32\winsrv.dll
12:59:50.0874 0x15c8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:59:50.0931 0x15c8 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
12:59:50.0951 0x15c8 [ Global ] - ok
12:59:50.0952 0x15c8 ================ Scan MBR ==================================
12:59:50.0959 0x15c8 [ 1F998BE06DC960CE70B919FFF503E98C ] \Device\Harddisk0\DR0
12:59:51.0556 0x15c8 \Device\Harddisk0\DR0 - ok
12:59:51.0556 0x15c8 ================ Scan VBR ==================================
12:59:51.0583 0x15c8 [ D42C0A96811FA03D021247750155425E ] \Device\Harddisk0\DR0\Partition1
12:59:51.0586 0x15c8 \Device\Harddisk0\DR0\Partition1 - ok
12:59:51.0591 0x15c8 [ 87D13E4CBB3C663E09CE51C1A5C812ED ] \Device\Harddisk0\DR0\Partition2
12:59:51.0594 0x15c8 \Device\Harddisk0\DR0\Partition2 - ok
12:59:51.0595 0x15c8 ================ Scan generic autorun ======================
12:59:51.0633 0x15c8 [ 1BD833293DC78C3C66F55CB31AC27353, D10AB0F9F0073EDCAF8E4C4E82830A2A7F86EEE7F7C408B320F504A76C5ACD11 ] C:\Windows\system32\igfxtray.exe
12:59:51.0665 0x15c8 IgfxTray - ok
12:59:51.0702 0x15c8 [ 63AC9EF9DA04681A456497F4C305E49E, 880D42EA08F3F04B8948E91370851E2DB8CFCC23E61C07087CCFBEF7E6EC6C52 ] C:\Windows\system32\igfxpers.exe
12:59:51.0747 0x15c8 Persistence - ok
12:59:51.0787 0x15c8 VIAxHCUtl - ok
12:59:51.0894 0x15c8 [ 26765B5C617F2BC199C29FA5643F6177, A871D14CB830D7B13D9C3A451E1448D66D28CEECB08DDD6E7075B58A1AB1779C ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
12:59:51.0975 0x15c8 avgnt - ok
12:59:52.0024 0x15c8 [ 36828A828CEAA19A0FEA14C8723DC60C, 005627B96A08AC88BE3813DCB73228D8668A8270021D824FFC5EEA26C29027FA ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
12:59:52.0058 0x15c8 Avira SystrayStartTrigger - ok
12:59:52.0172 0x15c8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:59:52.0281 0x15c8 Sidebar - ok
12:59:52.0309 0x15c8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:59:52.0354 0x15c8 mctadmin - ok
12:59:52.0433 0x15c8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:59:52.0528 0x15c8 Sidebar - ok
12:59:52.0543 0x15c8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:59:52.0585 0x15c8 mctadmin - ok
12:59:52.0586 0x15c8 Waiting for KSN requests completion. In queue: 129
12:59:53.0614 0x15c8 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\WindowsSecurityCenter.exe ( 15.0.28.21 ), 0x41000 ( enabled : updated )
12:59:53.0622 0x15c8 Win FW state via NFP2: enabled ( trusted )
12:59:53.0861 0x15c8 ============================================================
12:59:53.0861 0x15c8 Scan finished
12:59:53.0861 0x15c8 ============================================================
12:59:53.0878 0x1160 Detected object count: 0
12:59:53.0878 0x1160 Actual detected object count: 0
|
|
13.07.2017, 15:14
| #5 |
| /// TB-Ausbilder | Mozilla macht sich selbständig Servus, Schritt 0 Damit Avira die Bereinigung nicht stört, müssen wir zuerst eine Änderung vornehmen: Bitte öffne dazu die Avira Konfiguration/Einstellungen. Klicke nun auf "Allgemeines" -> "Sicherheit". Entferne dort den Haken vor "Windows Hosts Datei vor Änderungen schützen". Übernehme nun die Änderungen und schließe das Fenster. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware 3 (Bebilderte Anleitung)
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
14.07.2017, 14:08
| #6 |
| | Mozilla macht sich selbständig Ich habe leider ein kleines Problem, ich kann den "adwcleaner" nicht starten. Sobald ich das Programm ausführen möchte, bekomme ich eine Fehlermeldung. Das Programm wird aus Sicherheitsgründen blockiert, anscheinend von einem Admin. Ich benutze meinen PC alleine und meine Familie beschäftigt sich nicht mit sowas. Ich würde euch darum bitten mir zu helfen, das Programm zu entblocken, damit ich es ausführen kann. |
|
14.07.2017, 19:34
| #7 |
| /// TB-Ausbilder | Mozilla macht sich selbständig Dann poste mir bitte einen Screenshot von der Fehlermeldung. Hast du auch den Echtzeitschutz von Avira vorher deaktiviert gehabt? |
|
14.07.2017, 20:44
| #8 |
| | Mozilla macht sich selbständig Entschuldige die schlechte Qualität, konnte keinen Screenshot machen. Die Fehlermeldung, kam erst heute. Ich habe den Verdacht, dass ich beim erneuten Hochfahren vom Rechner der Echtzeit-Scanner ausversehen wieder aktiviert wurde oder dass jemand in aktiviert hat, da ja eine Benachrichtigung von Windows angezeigt wird, dass der Computer nicht geschützt ist / nicht sicher ist, solange dieser deaktiviert ist. |
|
14.07.2017, 22:43
| #9 | |
| /// TB-Ausbilder | Mozilla macht sich selbständig Servus, Klicke auf Start und gib in die Suchleiste CMD ein. Rechtsklicke auf cmd.exe und wähle Als Administrator ausführen aus. Es öffnet sich die Kommandozeile (schwarzes Eingabefenster). Gib dort den folgenden Befehl ein: Zitat:
Damit sollte sich AdwCleaner starten/ausführen lassen. |
|
15.07.2017, 10:41
| #10 | ||
| | Mozilla macht sich selbständig Also den adwcleaner über CMD auszuführen hat wunderbar geklappt. Der Computer hat sich wie beschrieben dann neu gestartet und ich habe einen Bericht der Säuberung. Allerdings hat sich die Firewall und der Echtzeit-Schutz von Avira automatisch wieder aktiviert, natürlich habe ich beides wieder deaktiviert. Ich dachte vielleicht ist es wichtig für dich, das zu wissen. Im 2. Schritt sollte ich mir die Software Malwarebytes Anti-Malware 3 installieren. Ich habe den Installationsassisstenten gedownloadet, kann diesen aber nicht ausführen. Ich bekomme die gleiche Fehlermeldung wie beim adwcleaner, nur dementsprechend wird ein anderer Pfad angezeigt, da es ja im Download Ordner abgespeichert ist. Zitat:
 Ich hatte mir überlegt, das Installationsprogramm ebenfalls mit CMD auszuführen und habe folgenden Befehl eingegeben. Zitat:
 Dies hat leider nicht geholfen, ich bekomme beim Bestätigen eine ähnliche Sicherheitsmeldung. Lediglich der Pfad ist leicht abgeändert.  |
|
15.07.2017, 11:15
| #11 |
| /// TB-Ausbilder | Mozilla macht sich selbständig Servus, poste mir bitte die Logdatei von AdwCleaner wie beschrieben. Das mit MBAM kannst du wieder über CMD machen. Achte nur darauf, dass du die cmd.exe mit Rechtsklick > Als Administrator ausführen startest. Zudem musst du in die Kommandozeile den ganzen Pfad angeben. Das hast du bei MBAM nämlich nicht gemacht.  Bitte nach MBAM zudem noch folgendes mit FRST ausführen:
Und nicht vergessen: Alle Logdateien posten! Geändert von M-K-D-B (15.07.2017 um 12:45 Uhr) |
|
16.07.2017, 13:53
| #12 |
| | Mozilla macht sich selbständig Der Reihenfolge nach die Textdatei von AdwCleaner, MBAM, FRST, Addition. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.047 - Bericht erstellt am 15/07/2017 um 03:06:17
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-07-13.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Desktop\adwcleaner_6.047.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\tschmna
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\tschmna
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Firewall Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
:: Hosts-Datei wiederhergestellt
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [10488 Bytes] - [11/07/2017 10:52:51]
C:\AdwCleaner\AdwCleaner[C2].txt - [1312 Bytes] - [15/07/2017 03:06:17]
C:\AdwCleaner\AdwCleaner[R0].txt - [3222 Bytes] - [15/01/2015 01:34:28]
C:\AdwCleaner\AdwCleaner[R1].txt - [3282 Bytes] - [15/01/2015 01:39:29]
C:\AdwCleaner\AdwCleaner[R2].txt - [1023 Bytes] - [15/01/2015 01:42:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [3328 Bytes] - [15/01/2015 01:40:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [9471 Bytes] - [11/07/2017 10:48:21]
C:\AdwCleaner\AdwCleaner[S2].txt - [9543 Bytes] - [11/07/2017 10:51:38]
C:\AdwCleaner\AdwCleaner[S3].txt - [1909 Bytes] - [15/07/2017 02:59:57]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1896 Bytes] ##########
[/CODE] Code:
ATTFilter
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 16.07.17
Scan-Zeit: 11:36
Protokolldatei: mbam.txt
Administrator: Ja
-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.160
Version des Aktualisierungspakets: 1.0.2374
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User-PC\User
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 361772
Erkannte Bedrohungen: 26
In die Quarantäne verschobene Bedrohungen: 26
Abgelaufene Zeit: 6 Min., 55 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 2
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32, In Quarantäne, [886], [241577],1.0.2374
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS, In Quarantäne, [886], [241577],1.0.2374
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 5
PUP.Optional.DesktopTool, C:\USERS\PUBLIC\DOCUMENTS\BAIDU\COMMON\I18N\IPCSUPDATECACHE\DesktopToolMini_global__4_, In Quarantäne, [13106], [182058],1.0.2374
PUP.Optional.BrowserModule, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon, In Quarantäne, [2360], [389742],1.0.2374
PUP.Optional.BrowserModule, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\js, In Quarantäne, [2360], [389742],1.0.2374
PUP.Optional.BrowserModule, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0, In Quarantäne, [2360], [389742],1.0.2374
PUP.Optional.BrowserModule, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG, In Quarantäne, [2360], [389742],1.0.2374
Datei: 19
PUP.Optional.DesktopTool, C:\Users\Public\Documents\Baidu\Common\I18N\IPCSUpdateCache\DesktopToolMini_global__4_\1129610496563be9b9, In Quarantäne, [13106], [182058],1.0.2374
Trojan.Wdfload.Generic, C:\PROGRAM FILES\PINGPES BACKDOOKS D-JUR\PINGPES BACKDOOKS D-JUR.VIR, In Quarantäne, [5492], [408840],1.0.2374
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\BESTCLEANERW\UNINSTALLER.EXE, In Quarantäne, [761], [414786],1.0.2374
PUP.Optional.DownloadSponsor, C:\USERS\USER\DOWNLOADS\VERACRYPT - CHIP-INSTALLER.EXE, In Quarantäne, [543], [413936],1.0.2374
PUP.Optional.DownloadSponsor, C:\USERS\USER\DOWNLOADS\ODIN3 - CHIP-INSTALLER.EXE, In Quarantäne, [543], [413936],1.0.2374
PUP.Optional.PCKeeper, C:\USERS\USER\DOWNLOADS\PCKEEPER INSTALLER.EXE, In Quarantäne, [886], [352238],1.0.2374
PUP.Optional.DownloadSponsor, C:\USERS\USER\DOWNLOADS\WHATSAPP1455SETUP - CHIP-INSTALLER.EXE, In Quarantäne, [543], [413936],1.0.2374
PUP.Optional.MindSpark, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_translationbuddy.dl.tb.ask.com_0.localstorage, In Quarantäne, [284], [240306],1.0.2374
PUP.Optional.MindSpark, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_translationbuddy.dl.tb.ask.com_0.localstorage-journal, In Quarantäne, [284], [240306],1.0.2374
PUP.Optional.BrowserModule, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BN3A1S9L.DEFAULT-1491028146869\CHROME\USERCONTENT.CSS, In Quarantäne, [2360], [389741],1.0.2374
PUP.Optional.MindSpark, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_translationbuddy.dl.myway.com_0.localstorage, In Quarantäne, [284], [240305],1.0.2374
PUP.Optional.MindSpark, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_translationbuddy.dl.myway.com_0.localstorage-journal, In Quarantäne, [284], [240305],1.0.2374
PUP.Optional.BrowserModule, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG\78.0_0\MANIFEST.JSON, In Quarantäne, [2360], [389742],1.0.2374
PUP.Optional.BrowserModule, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon128.png, In Quarantäne, [2360], [389742],1.0.2374
PUP.Optional.BrowserModule, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon16.png, In Quarantäne, [2360], [389742],1.0.2374
PUP.Optional.BrowserModule, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon24.png, In Quarantäne, [2360], [389742],1.0.2374
PUP.Optional.BrowserModule, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon32.png, In Quarantäne, [2360], [389742],1.0.2374
PUP.Optional.BrowserModule, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\js\background.js, In Quarantäne, [2360], [389742],1.0.2374
PUP.Optional.BrowserModule, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\index.html, In Quarantäne, [2360], [389742],1.0.2374
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
durchgeführt von User (Administrator) auf USER-PC (16-07-2017 14:48:34)
Gestartet von C:\Users\User\Downloads
Geladene Profile: User (Verfügbare Profile: User & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\DAODx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [918008 2017-07-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Policies\Explorer: [NoDrives] 65536
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-15] (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{6C4BD96B-A427-4D85-884C-39D2AB9856B3}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{D3BE78AE-491A-4EB0-9B35-2AA566EFA4D5}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{DC4E859E-275F-455F-B61D-4ECFB9081F0F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131445544423173748&GUID=AF74E006-E462-9E9B-F1B1-6ED446CD6A78
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-16] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-16] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869 [2017-07-16]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\user.js [2017-06-29]
FF Homepage: Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869 -> hxxps://www.google.de/
FF Session Restore: Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869 -> ist aktiviert.
FF Extension: (MEGA) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\Extensions\firefox@mega.co.nz.xpi [2017-07-12]
FF Extension: (PAYBACK Internet Assistent) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\Extensions\toolbar-ff@payback.de-sh.xpi [2017-07-07]
FF Extension: (Save Button for Pinterest) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2017-06-19]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bn3a1s9l.default-1491028146869\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-15]
CHR Extension: (Google Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-07]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-07]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-07]
CHR Extension: (Chrome IG Story) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2017-05-07]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]
CHR Extension: (Google Tabellen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-07]
CHR Extension: (Avira Browserschutz) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-07-10]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07]
CHR Extension: (Tools for Instagram™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\khnadcdfjbjgojiilfdebbpiepokangj [2017-05-07]
CHR Extension: (Fair AdBlocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-07-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-07]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Fast search) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-07-09]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-07-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1524216 2017-07-12] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 chip1click; "C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [185032 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [149976 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [104600 2012-11-19] (Atheros Communications, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-16] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-16] (Malwarebytes)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-16] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-16] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [84256 2017-07-16] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-07-16] (Malwarebytes)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-07-16 14:48 - 2017-07-16 14:49 - 00017847 _____ C:\Users\User\Downloads\FRST.txt
2017-07-16 14:47 - 2017-07-16 14:47 - 02435584 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-07-16 14:44 - 2017-07-16 14:44 - 00005608 _____ C:\Users\User\Desktop\mbam.txt
2017-07-16 11:36 - 2017-07-16 14:42 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-16 11:35 - 2017-07-16 12:13 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-16 11:35 - 2017-07-16 11:35 - 00000000 ___DC C:\Program Files\Malwarebytes
2017-07-16 11:35 - 2017-07-16 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-16 11:35 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-16 03:20 - 2017-07-16 03:20 - 00001540 _____ C:\Windows\Tasks\Pingpes Backdooks D-Jur.job
2017-07-15 11:43 - 2017-07-15 11:43 - 00000000 ____D C:\Users\User\Desktop\PC
2017-07-15 11:18 - 2017-07-15 11:20 - 65033984 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-15 11:15 - 2017-07-15 11:15 - 00001962 _____ C:\Users\User\Desktop\adwcleaner.txt
2017-07-14 15:00 - 2017-07-14 15:00 - 00002946 _____ C:\Windows\System32\Tasks\{B2923350-7A34-4DE4-A0B6-B894437E289C}
2017-07-14 14:55 - 2017-07-14 14:55 - 00002946 _____ C:\Windows\System32\Tasks\{A7B6C4CF-F174-46E9-9446-8F5C7993C6B3}
2017-07-14 14:09 - 2017-07-16 03:04 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-14 14:09 - 2017-07-16 03:04 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-14 14:09 - 2017-07-16 03:04 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-14 14:09 - 2017-07-16 03:04 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-14 14:09 - 2017-07-16 03:04 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-14 14:09 - 2017-07-16 03:04 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-14 14:09 - 2017-07-16 03:04 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-14 14:09 - 2017-07-16 03:04 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-14 14:09 - 2017-07-16 03:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-14 14:09 - 2017-07-16 03:04 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-14 14:08 - 2017-07-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-14 14:08 - 2017-07-16 03:03 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-14 14:08 - 2017-07-16 03:03 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-14 14:08 - 2017-07-16 03:03 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-14 14:08 - 2017-07-16 03:03 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-14 14:08 - 2017-07-16 03:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-14 14:08 - 2017-07-16 03:03 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-14 14:08 - 2017-07-16 03:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-14 14:08 - 2017-07-16 03:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-14 14:08 - 2017-07-16 03:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-14 14:08 - 2017-07-16 03:03 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-14 14:08 - 2017-07-16 03:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-14 14:08 - 2017-07-16 03:03 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-14 14:08 - 2017-07-16 03:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-14 14:08 - 2017-07-06 06:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-14 13:57 - 2017-07-14 13:57 - 04110280 _____ C:\Users\User\Desktop\adwcleaner_6.047.exe
2017-07-13 12:58 - 2017-07-13 13:20 - 00216972 _____ C:\TDSSKiller.3.1.0.15_13.07.2017_12.58.14_log.txt
2017-07-13 12:49 - 2017-07-16 14:48 - 00000000 ____D C:\FRST
2017-07-11 13:00 - 2017-07-11 13:00 - 00000218 _____ C:\Users\User\AppData\Local\recently-used.xbel
2017-07-11 10:49 - 2017-07-11 10:50 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.exe
2017-07-11 09:23 - 2017-07-11 09:23 - 00000000 ____D C:\Windows\pss
2017-07-11 08:50 - 2017-07-11 09:25 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-07-11 08:33 - 2017-07-11 08:33 - 00058016 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-10 22:11 - 2017-07-16 03:23 - 00268536 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-10 20:27 - 2017-07-16 14:44 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-07-10 16:29 - 2017-07-10 16:29 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-10 16:29 - 2017-07-10 16:29 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-10 16:19 - 2017-07-10 16:21 - 44887856 _____ C:\Users\User\Downloads\Firefox Setup 54.0.exe
2017-07-09 21:22 - 2017-07-15 23:40 - 00000000 ____D C:\Windows.old
2017-07-09 20:31 - 2017-07-09 20:31 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-09 20:29 - 2017-07-16 03:20 - 00016754 _____ C:\Windows\System32\Tasks\Pingpes Backdooks D-Jur
2017-07-09 20:27 - 2017-07-09 20:46 - 00000000 ___DC C:\Program Files (x86)\BestCleanerW
2017-07-09 20:26 - 2017-07-10 20:27 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-09 20:26 - 2017-07-09 20:46 - 00003156 _____ C:\Windows\System32\Tasks\3e90bb1c6f886d4faf5a00d311015ade
2017-07-07 09:14 - 2017-07-07 09:14 - 00051621 _____ C:\Windows\uninstaller.dat
2017-07-01 17:57 - 2017-07-01 17:57 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-07-01 17:57 - 2017-07-01 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-25 16:53 - 2017-06-25 16:53 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\User\Downloads\DiscordSetup.exe
2017-06-24 12:35 - 2017-06-24 12:37 - 34831833 _____ C:\Users\User\Downloads\Tote.Maedchen.luegen.nicht.S01E11.Kassette.6.Seite.A.German.DD51.720p.NetflixUHD.x264-TVS.mkv.mp4.part
2017-06-24 12:34 - 2017-06-24 12:47 - 22560217 _____ C:\Users\User\Downloads\Tote.Maedchen.luegen.nicht.S01E05.Kassette.3.Seite.A.German.DD51.720p.NetflixUHD.x264-TVS.mkv.mp4.part
2017-06-24 12:34 - 2017-06-24 12:37 - 71286233 _____ C:\Users\User\Downloads\Tote.Maedchen.luegen.nicht.S01E10.Kassette.5.Seite.B.German.DD51.720p.NetflixUHD.x264-TVS.mkv.mp4.part
2017-06-24 12:32 - 2017-06-24 12:43 - 69074386 _____ C:\Users\User\Downloads\Tote.Maedchen.luegen.nicht.S01E08.Kassette.4.Seite.B.REPACK.German.DD51.720p.NetflixUHD.x264-TVS.mkv.mp4.part
2017-06-18 00:54 - 2017-06-19 19:40 - 00000000 ____D C:\Users\User\AppData\LocalLow\BitTorrent
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-07-16 14:42 - 2016-02-06 20:28 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-16 14:42 - 2016-02-06 20:26 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-16 14:42 - 2016-02-06 20:26 - 00045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-16 14:41 - 2013-11-28 03:14 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-16 14:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-16 14:39 - 2017-04-14 21:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2017-07-16 14:39 - 2009-07-14 05:20 - 00000000 ___DC C:\Program Files\Pingpes Backdooks D-Jur
2017-07-16 11:36 - 2016-02-06 20:26 - 00188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-16 11:35 - 2016-02-06 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-16 10:39 - 2014-11-17 20:28 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{750A8533-2060-42A5-8FEC-823ADDDF5A6A}
2017-07-16 07:25 - 2009-07-14 06:45 - 00033776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-16 07:25 - 2009-07-14 06:45 - 00033776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-16 04:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-07-16 03:19 - 2014-12-10 18:48 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-15 11:28 - 2016-08-02 23:30 - 00000000 ____D C:\Users\User\AppData\Roaming\WhatsApp
2017-07-15 11:15 - 2013-07-15 13:29 - 00000000 ____D C:\Windows\system32\MRT
2017-07-15 03:57 - 2015-02-24 16:33 - 00001050 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-15 03:57 - 2012-04-22 04:16 - 00001050 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-15 03:06 - 2015-01-15 01:34 - 00000000 ____D C:\AdwCleaner
2017-07-15 03:05 - 2013-07-14 17:33 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-14 14:41 - 2015-02-24 16:33 - 00000000 ____D C:\Users\Gast
2017-07-14 14:41 - 2014-11-19 13:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-07-14 14:41 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\servicing
2017-07-14 14:41 - 2009-07-14 05:20 - 00000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2017-07-14 14:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-07-14 14:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-12 22:44 - 2014-11-18 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-12 09:30 - 2014-11-17 21:50 - 00803328 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 09:30 - 2014-11-17 21:50 - 00144896 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 09:30 - 2014-11-17 21:50 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-12 09:30 - 2014-11-17 21:50 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-07-12 09:30 - 2014-11-17 21:50 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-11 23:58 - 2015-01-06 14:47 - 00000000 ___DC C:\Program Files (x86)\Steam
2017-07-11 23:49 - 2017-04-14 21:24 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2017-07-11 20:45 - 2013-11-26 13:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-11 12:34 - 2017-04-11 08:58 - 00000000 ____D C:\Users\User\AppData\Roaming\inkscape
2017-07-11 09:25 - 2014-11-17 21:52 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-11 08:33 - 2013-11-28 03:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-11 08:31 - 2011-06-26 22:08 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2017-07-10 20:45 - 2017-01-07 21:24 - 00000000 ____D C:\Users\User\Desktop\Vicky
2017-07-10 16:19 - 2017-04-23 03:33 - 00000000 ____D C:\ProgramData\VMware
2017-07-10 15:21 - 2014-12-02 15:08 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2017-07-10 15:19 - 2017-01-26 14:37 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
2017-07-09 23:17 - 2009-07-14 19:58 - 17276452 _____ C:\Windows\system32\perfh007.dat
2017-07-09 23:17 - 2009-07-14 19:58 - 05387018 _____ C:\Windows\system32\perfc007.dat
2017-07-09 23:17 - 2009-07-14 07:13 - 00006810 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-09 20:36 - 2017-05-07 19:14 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-09 20:36 - 2017-05-07 19:14 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-09 20:05 - 2015-04-07 11:56 - 00000000 ____D C:\Users\User\Downloads\Games
2017-07-05 17:27 - 2015-06-22 20:39 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client
2017-07-05 17:15 - 2016-10-01 17:26 - 00000000 ____D C:\Users\User\Downloads\EMAG
2017-07-01 17:57 - 2015-12-12 21:51 - 00000000 __RDC C:\Program Files (x86)\Skype
2017-07-01 17:57 - 2015-02-21 19:31 - 00000000 ___DC C:\Program Files (x86)\TeamSpeak 3 Client
2017-07-01 17:57 - 2014-11-19 13:20 - 00000000 ____D C:\ProgramData\Skype
2017-07-01 10:22 - 2017-03-26 09:23 - 00002171 _____ C:\Users\User\Desktop\WhatsApp.lnk
2017-07-01 10:22 - 2017-03-26 09:22 - 00000000 ____D C:\Users\User\AppData\Local\WhatsApp
2017-07-01 10:22 - 2016-08-02 23:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-06-24 12:30 - 2017-01-26 14:37 - 00000000 ____D C:\Users\User\Downloads\Torrent
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-09-29 21:50 - 2016-09-29 21:50 - 19447608 ____C () C:\Program Files (x86)\openoffice1.cab
2016-09-29 21:50 - 2016-09-29 21:50 - 0626688 ____C () C:\Program Files (x86)\openoffice413.msi
2016-09-29 21:50 - 2016-09-29 21:50 - 0478720 ____C () C:\Program Files (x86)\setup.exe
2016-09-29 21:50 - 2016-09-29 21:50 - 0000291 ____C () C:\Program Files (x86)\setup.ini
2015-06-22 00:28 - 2015-06-22 14:23 - 0000124 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2015-06-22 00:28 - 2015-06-22 14:23 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2015-06-22 00:28 - 2015-06-22 14:23 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2015-06-22 00:28 - 2015-06-22 14:23 - 0004537 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2015-06-22 00:29 - 2015-06-22 13:50 - 0000000 _____ () C:\Users\User\AppData\Roaming\CamStudio.Producer.Data.ini
2015-06-22 00:29 - 2015-06-22 13:50 - 0001206 _____ () C:\Users\User\AppData\Roaming\CamStudio.Producer.ini
2015-03-15 23:48 - 2015-03-15 22:06 - 0360448 _____ () C:\Users\User\AppData\Roaming\cert8.db
2015-03-15 23:48 - 2015-03-15 22:06 - 0016384 _____ () C:\Users\User\AppData\Roaming\key3.db
2015-03-15 23:48 - 2014-11-17 21:29 - 0294912 _____ () C:\Users\User\AppData\Roaming\signons.sqlite
2016-11-25 17:30 - 2017-02-23 23:46 - 0011776 ___SH () C:\Users\User\AppData\Roaming\Thumbs.db
2015-01-25 12:22 - 2015-01-25 12:22 - 0096645 _____ () C:\Users\User\AppData\Roaming\UserTile.png
2015-06-22 00:27 - 2015-06-22 14:19 - 0000096 _____ () C:\Users\User\AppData\Roaming\version2.xml
2015-03-15 23:49 - 2015-03-24 15:28 - 0000004 _____ () C:\Users\User\AppData\Local\checkings.aad
2015-06-22 00:15 - 2015-06-22 00:15 - 0001429 _____ () C:\Users\User\AppData\Local\RecConfig.xml
2017-07-11 13:00 - 2017-07-11 13:00 - 0000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2016-10-08 19:40 - 2016-10-25 22:56 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-03-15 23:48 - 2015-03-15 23:48 - 0000000 _____ () C:\Users\User\AppData\Local\WindowsLive24.cfg
2017-07-09 20:31 - 2017-07-09 20:31 - 0000004 _____ () C:\ProgramData\_lg.3sap
Einige Dateien in TEMP:
====================
2015-02-24 16:34 - 2015-02-24 16:34 - 0000000 ____D () C:\Users\Gast\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-07-13 13:52
==================== Ende von FRST.txt ============================
[/CODE] Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-07-2017
durchgeführt von User (16-07-2017 14:49:53)
Gestartet von C:\Users\User\Downloads
Windows 7 Professional Service Pack 1 (X64) (2012-04-22 02:15:04)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3928150652-2756980015-3035233101-500 - Administrator - Disabled)
Gast (S-1-5-21-3928150652-2756980015-3035233101-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3928150652-2756980015-3035233101-1002 - Limited - Enabled)
User (S-1-5-21-3928150652-2756980015-3035233101-1000 - Administrator - Enabled) => C:\Users\User
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM\...\Steam App 261430) (Version: - NCSOFT)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.28.28 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
BitTorrent (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blameless (HKLM\...\Steam App 530330) (Version: - Vaclav Hudec)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Crush Crush (HKLM\...\Steam App 459820) (Version: - Sad Panda Studios)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Inkscape 0.92.1 (HKLM-x32\...\Inkscape) (Version: 0.92.1 - Inkscape Project)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2219 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\{C56877FD-6BEB-4717-81B3-1254FA1FD7FC}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.7151.5001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
osu! (HKLM-x32\...\{6dd88fd3-293e-4a6e-938e-8c97fadd3a42}) (Version: latest - ppy Pty Ltd)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
PCKAVLang.de (HKLM\...\{B0864033-83D7-404D-A19E-D19BF584504D}) (Version: 1.0.0 - Essentware) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden
PowerLine Utility (HKLM-x32\...\{A0384ECE-2017-4EA8-86C7-513ACB936BDF}) (Version: 1.1.830 - TP-LINK)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Sakura Clicker (HKLM\...\Steam App 383080) (Version: - Winged Cloud)
SENRAN KAGURA SHINOVI VERSUS (HKLM\...\Steam App 411830) (Version: - Tamsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TP-LINK Archer T2U_T2UH Driver (HKLM-x32\...\{F2496892-5295-4208-AB93-21F1AFD07C97}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhatsApp (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\WhatsApp) (Version: 0.2.5093 - WhatsApp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers01: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2010-09-27] (Atheros Commnucations)
ContextMenuHandlers01: [PDFArchitect3_PDFManagerExt] -> {7519DD38-AA6F-4250-8E81-F1576DA1A05E} => -> Keine Datei
ContextMenuHandlers01: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-07-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-03] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Keine Datei
ContextMenuHandlers03: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2010-09-27] (Atheros Commnucations)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-10-02] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-09-13] (NVIDIA Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-07-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-03] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08A2267C-B494-4901-9B22-97F429C6A96D} - System32\Tasks\{DA9E8166-91A1-4601-87CA-2FACC0525EE4} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\Games\The_Train.exe -d C:\Users\User\Downloads\Games
Task: {0B7C38DC-8570-4DC5-9C5B-77591AAE5FEC} - System32\Tasks\{A4BD883D-5AAE-40CA-98C3-57CE1FF3FFA0} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Local\Temp\jre-8u121-windows-au.exe -d "C:\Program Files\Java\jre1.8.0_31\bin" -c /installmethod=jau-m FAMILYUPGRADE=1 <==== ACHTUNG
Task: {0CAF157A-8E4A-4CC6-B28D-AD3D07D5941B} - System32\Tasks\{A7B6C4CF-F174-46E9-9446-8F5C7993C6B3} => C:\Users\User\Desktop\adwcleaner_6.047.exe [2017-07-14] ()
Task: {203FBF50-1CB5-44BE-A153-E8106B61DEA1} - System32\Tasks\Opera scheduled Autoupdate 1446767196 => C:\Program Files (x86)\Opera\launcher.exe
Task: {21B1F005-8405-484C-A734-BAFA294ED322} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {2D26ACB9-52FD-4B42-98E1-29BF44A7E3A0} - System32\Tasks\{B2923350-7A34-4DE4-A0B6-B894437E289C} => C:\Users\User\Desktop\adwcleaner_6.047.exe [2017-07-14] ()
Task: {2E57C7A1-3C07-47EA-AC22-08E163594D06} - System32\Tasks\Pingpes Backdooks D-Jur => C:\Windows\system32\rundll32.exe "C:\Program Files\Pingpes Backdooks D-Jur\Pingpes Backdooks D-Jur.dll",TFzhjZUrCEV <==== ACHTUNG
Task: {4AA873DE-D6E9-4DFD-87BE-59DD93F52A70} - System32\Tasks\{F20316E4-BA12-4DA3-AC0B-FDA5F5567EEE} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\Games\SWitchApril\instmsiw.exe -d C:\Users\User\Downloads\Games\SWitchApril
Task: {4F82B00E-2A19-4CF8-BA57-E158783E661D} - System32\Tasks\{275E6FCE-3CE4-40B5-9D54-E2744A0778E5} => C:\Users\User\Downloads\Hikari_Client_4.0\metin2client.exe
Task: {69166271-1DAD-4D13-848C-6D416880DF73} - System32\Tasks\{20664C7B-0B6F-4F27-806B-88D1FD59D941} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.1.0.105/de/abandoninstall?page=tsProgressBar
Task: {83D0C718-F7CE-4F3D-AA5E-BFA06ABB7FB3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {973F7724-1CEE-462E-8011-1069926DF72F} - System32\Tasks\3e90bb1c6f886d4faf5a00d311015ade => sc start 3e90bb1c6f886d4faf5a00d311015ade <==== ACHTUNG
Task: {9D759583-D093-4D62-8787-AA5A33B65F8F} - \ASUS\i-Setup042718 -> Keine Datei <==== ACHTUNG
Task: {A18A184B-93F4-4D76-BB82-C0F27A05AC96} - System32\Tasks\{580F1748-3FC3-4038-88A0-4EF3CAA68E93} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\TeamSpeak 3 Client\package_inst.exe" -d C:\Users\User\Downloads -c "C:\Users\User\Downloads\ClownfishVoiceChanger-v1.50.ts3_plugin"
Task: {CD5B7193-F213-4D95-B546-DED728E1D765} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {D1D0BE92-11F7-4EC1-BE31-8E1A1168199B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {E50265E5-6FAC-4F0F-891A-CC30BC3FB643} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {EE584CFC-8A13-472D-A4B4-1F97AB6D2A1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Pingpes Backdooks D-Jur.job => rundll32.exe C:\Program Files\Pingpes Backdooks D-Jur\Pingpes Backdooks D-Jur.dll
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-11-28 03:11 - 2014-09-13 23:53 - 00116880 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2016-11-13 16:30 - 2016-06-15 03:14 - 00369208 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 01148984 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 03613240 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 00289848 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-07-16 11:35 - 2017-06-27 12:06 - 02260432 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 01990200 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 02667576 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 01842232 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 00208952 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 00035896 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-11-13 16:30 - 2016-06-15 03:14 - 00921656 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-09-15 16:17 - 2016-06-15 03:14 - 00020536 ____C () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\localhost -> localhost
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2017-07-15 04:02 - 00013480 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
127.0.0.1 w9448963.iavs9x.u.avast.com
127.0.0.1 w9448963.ivps9x.u.avast.com
127.0.0.1 w9448963.ivps9tiny.u.avast.com
127.0.0.1 w9448963.vpsnitro.u.avast.com
127.0.0.1 w9448963.vpsnitrotiny.u.avast.com
127.0.0.1 w9448963.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
Da befinden sich 330 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CPP0D1OSM0ZS034 => "C:\Program Files (x86)\epjstlknuyy\MT9UO.exe"
MSCONFIG\startupreg: J04Y3GW8HW5PAVO => "C:\Program Files\KAH3FC0OVH\KAH3FC0OV.exe"
MSCONFIG\startupreg: jkpqeiuqbhj => "C:\Users\User\AppData\Roaming\njgitzjglko\4qrjsgb0rkz.exe"
MSCONFIG\startupreg: LV5IQW1LD5AI3VR => "C:\Program Files\9BZ4ZF8LP6\9BZ4ZF8LP.exe"
MSCONFIG\startupreg: MM9G1BE274JN28O => "C:\Program Files\5NR6OJUYK5\14SM4L2KC.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PB8D8MS9KGNAR84 => "C:\Program Files\3P8FHHK995\3P8FHHK99.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{38CEEED0-D85E-41CF-B253-CED0F36A65B4}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{F7754A58-954C-432F-BD91-E730D211E301}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{B24E4427-21AC-469C-8A62-B0EC0194F40F}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{2052FD6C-5D23-4E4E-B645-AE1FFDB84CE9}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5454E5DA-F9DC-40A3-B6BD-849242752AAC}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
==================== Wiederherstellungspunkte =========================
11-07-2017 09:20:42 Removed PCKLang.de
11-07-2017 09:22:29 Removed AccountService
13-07-2017 03:00:23 Windows Update
14-07-2017 14:09:48 Windows Update
15-07-2017 03:57:46 Windows Defender Checkpoint
16-07-2017 03:00:14 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (07/16/2017 03:24:09 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/16/2017 03:23:59 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/16/2017 03:23:38 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/16/2017 03:10:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files\ccleaner\CCleaner.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (07/15/2017 11:38:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files\CCleaner\CCleaner64.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/15/2017 11:38:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files\CCleaner\CCleaner64.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/15/2017 11:12:38 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/15/2017 11:12:25 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/15/2017 11:11:36 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.
Error: (07/15/2017 04:55:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files\ccleaner\CCleaner.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Systemfehler:
=============
Error: (07/16/2017 02:41:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "chip 1-click download service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (07/16/2017 02:40:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{752073A1-23F2-4396-85F0-8FDB879ED0ED}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (07/16/2017 02:40:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
Zugriff verweigert
Error: (07/16/2017 11:36:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtection" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (07/16/2017 03:24:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (07/16/2017 03:23:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/16/2017 03:23:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/16/2017 03:23:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "chip 1-click download service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (07/15/2017 11:12:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (07/15/2017 11:12:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2014-03-23 15:30:23.649
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Sftfslh.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-23 15:30:23.555
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Sftfslh.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: AMD FX(tm)-6300 Six-Core Processor
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 8175.3 MB
Verfügbarer physikalischer RAM: 5359.97 MB
Summe virtueller Speicher: 16348.79 MB
Verfügbarer virtueller Speicher: 13321 MB
==================== Laufwerke ================================
Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:146.07 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0DA7C2E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
16.07.2017, 16:36
| #13 |
| /// TB-Ausbilder | Mozilla macht sich selbständig Servus, ich vermute, dass AdwCleaner und MBAM blockiert werden. Daher bitte Folgendes mit FRST ausführen:
|
|
17.07.2017, 16:48
| #14 |
| | Mozilla macht sich selbständig Entschuldige, hatte vergessen diesen Schritt das letzte Mal auszuführen. Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-07-2017
durchgeführt von User (17-07-2017 17:45:45) Run:1
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User & Gast)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Unlock: HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKCU\Software\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKCU\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKEY_USERS\S-1-5-19\Software\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed\Certificates
Unlock: HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKCU\Software\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKCU\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKEY_USERS\S-1-5-19\Software\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed\Certificates
ExportKey: HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
*****************
"HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKCU\Software\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKCU\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKEY_USERS\S-1-5-19\Software\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
"HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates" => Schlüssel wurde entsperrt
================== ExportKey: ===================
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates]
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616]
"Blob"="190000000100000010000000ebe90ad101d3802b8a4c913cacee6a570400000001000000100000000173a958f0bcc9be942b1a4c9824e3b8140000000100000014000000182aa2c8d47a3f7bad048bbd6f9e10461378719d030000000100000014000000 (Der Dateneintrag hat 3280 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70]
"Blob"="040000000100000010000000fa2d7a91cfe73d980a54d006494a22a60f0000000100000010000000a1ecf42df0a819057b2b361c55ed2b131400000001000000140000006a97e0c89ff449b48924b3e3d1a82286aad49443190000000100000010000000 (Der Dateneintrag hat 2686 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216]
"Blob"="0400000001000000100000009643e4310a1ab9af384ce5641ec31d9c0f0000000100000014000000ee7d5a2e7abf7e6a1ae14b61a406eabc764bc96a140000000100000014000000abf968dfcf4a37d77b458c5f72de4044c365bbc21900000001000000 (Der Dateneintrag hat 2928 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000dd80d2543df74c70caa3b0dd347a32e4e83b5a3b0f00000001000000140000005a54456f374ab41d2d3c628765fcf13a9fda7323030000000100 (Der Dateneintrag hat 3320 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB]
"Blob"="040000000100000010000000ea6f2decfeab780300d9635d9039ed8f0f000000010000001400000039d2458923b3ae83e468e48df3a20dfb963935d81400000001000000140000008868bfe08e35c43b386b62f7283b8481c80cd74d1900000001000000 (Der Dateneintrag hat 3120 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08]
"Blob"="0b000000010000001400000055006e00740072007500730074006500640000000300000001000000140000003a850044d8a195cd401a680c012cb0a3b5f8dc081800000001000000100000003fc8cb0bc05241e58d65e9448b2d07c21900000001000000 (Der Dateneintrag hat 2778 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4]
"Blob"="0400000001000000100000000fa36fb50968ee0ebeb85c96691b03510f00000001000000140000000986bc5808606ae2a35a2148e47612b110ba14261400000001000000140000004c08c98d76f198c73edf3cd72f750db1767997cc1900000001000000 (Der Dateneintrag hat 2520 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3]
"Blob"="040000000100000010000000c296e0e4972caa61c49b9b7718385c9e0f0000000100000020000000e58ae6c22c9769ac2367edc89f41d7bad84b6012735b00e39d00170f14d06dbd140000000100000014000000290ddb3f0752e50bd421682e244ade5b (Der Dateneintrag hat 3072 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000d58e5a5113b4290d31b61c8d3e5151310a33aa810f00000001000000140000001e63d6ce9852777f2d98c4b586e086a15153f254030000000100 (Der Dateneintrag hat 3302 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74]
"Blob"="0400000001000000100000005f1c0add38ce021936a29cbc00fbd9550f0000000100000014000000339e874e3c6a295d0e36f8d2450dbfef848dea30140000000100000014000000c616934e1617ec16ae8c9476f3866dc5746e84771900000001000000 (Der Dateneintrag hat 2198 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179]
"Blob"="040000000100000010000000036897a5ac7ab1d8b114bd82281cb7bc0f00000001000000200000005f57706048f3280793338a91160d789b790a2728885d466db5999c2982a7f5d8140000000100000014000000bc5d943bd9ab7b03257361c2db2deefc (Der Dateneintrag hat 3608 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000b7c3de1a43ed4197a98f29789c03b9ac404200ac0f0000000100000014000000405a6f3a0b8d42a3750abc05a9893aba922272b2030000000100 (Der Dateneintrag hat 3778 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6]
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000864945fc331933d404ed2761eee801c90c7f2f7e0f0000000100000014000000b122c14dfa7578fb053d3d5d8c49aee6aee23935030000000100 (Der Dateneintrag hat 3302 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000182aa2c8d47a3f7bad048bbd6f9e10461378719d0f0000000100000014000000d8e83e8f23427871c197fa11eaab5b54795e0aa4030000000100 (Der Dateneintrag hat 3300 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931]
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000864945fc331933d404ed2761eee801c90c7f2f7e0400000001000000100000004adc3c67ed21cd5bce5dc811e49ecf3d03000000010000001400 (Der Dateneintrag hat 3258 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844]
"Blob"="040000000100000010000000a2997396a0fa4dce63f2dd2bc513d8cc0f00000001000000140000005177c28a48f038196234b2abf4e061dea7e277f41400000001000000140000008868bfe08e35c43b386b62f7283b8481c80cd74d1900000001000000 (Der Dateneintrag hat 3120 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB]
"Blob"="040000000100000010000000aea5ce285267d29320c5541fecc249a80f000000010000001400000096941dc6658ffc098859877602900c21375c198b1400000001000000080000004c4ecc25280329811900000001000000100000003c36e168abcc8596 (Der Dateneintrag hat 2852 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15]
"Blob"="040000000100000010000000cb1c7e3148a1873a658ab2f79886d8a00f0000000100000014000000df34751bb2263fe86886134b7105ce1ede665e96140000000100000014000000abf968dfcf4a37d77b458c5f72de4044c365bbc21900000001000000 (Der Dateneintrag hat 2996 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156]
"Blob"="04000000010000001000000045ec2bd235ee53e41a7d325e558bf6dd0f00000001000000140000004036ab110d29f3c83c47e9b0a4c871be180aceae140000000100000014000000bd1698421dbe91d13dc29725e028d758e0b57fe21900000001000000 (Der Dateneintrag hat 2494 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2]
"Blob"="040000000100000010000000507515463b000f79b034ab98bd7de54b0f000000010000001400000017853be152228a93470d6c875acd8472fcd13976140000000100000014000000abf968dfcf4a37d77b458c5f72de4044c365bbc21900000001000000 (Der Dateneintrag hat 2928 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C]
"Blob"="0400000001000000100000007a79544d07923b5bff41f00ec739a2980f000000010000001400000000bbba38b51af4d816e03a4eb3091406268795111400000001000000140000008868bfe08e35c43b386b62f7283b8481c80cd74d1900000001000000 (Der Dateneintrag hat 3036 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000d464f6a9e8a57ed7bf6352038353dbc5418dea800f00000001000000140000004d8cca09656fc43b0e3785c4a234041502e0a390030000000100 (Der Dateneintrag hat 3296 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000864945fc331933d404ed2761eee801c90c7f2f7e0f00000001000000140000005350604d64b6a1f15f4295f495601b2b1e67bd3d030000000100 (Der Dateneintrag hat 3258 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83]
"Blob"="04000000010000001000000095b498d6f05e9ae3a011cd0c186689960f0000000100000014000000aa94d8cd76aabb2199f44c22ffa2a7496e451f3e140000000100000014000000fedc94490c6fef5c7fc6f112994f1649adfb82651900000001000000 (Der Dateneintrag hat 2362 mehr Zeichen)."
[HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97]
"Blob"="040000000100000010000000639a594c8d01d2ee7ff49b29564684750f00000001000000140000000c873ebe4d199091c694ad3b1390f9c9b442c3e11400000001000000140000009b162d3182c8f3e34e529b69fa0be8363eda97491900000001000000 (Der Dateneintrag hat 3186 mehr Zeichen)."
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616]
"Blob"="190000000100000010000000ebe90ad101d3802b8a4c913cacee6a570400000001000000100000000173a958f0bcc9be942b1a4c9824e3b8140000000100000014000000182aa2c8d47a3f7bad048bbd6f9e10461378719d030000000100000014000000 (Der Dateneintrag hat 3280 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70]
"Blob"="040000000100000010000000fa2d7a91cfe73d980a54d006494a22a60f0000000100000010000000a1ecf42df0a819057b2b361c55ed2b131400000001000000140000006a97e0c89ff449b48924b3e3d1a82286aad49443190000000100000010000000 (Der Dateneintrag hat 2686 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216]
"Blob"="0400000001000000100000009643e4310a1ab9af384ce5641ec31d9c0f0000000100000014000000ee7d5a2e7abf7e6a1ae14b61a406eabc764bc96a140000000100000014000000abf968dfcf4a37d77b458c5f72de4044c365bbc21900000001000000 (Der Dateneintrag hat 2928 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000dd80d2543df74c70caa3b0dd347a32e4e83b5a3b0f00000001000000140000005a54456f374ab41d2d3c628765fcf13a9fda7323030000000100 (Der Dateneintrag hat 3320 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB]
"Blob"="040000000100000010000000ea6f2decfeab780300d9635d9039ed8f0f000000010000001400000039d2458923b3ae83e468e48df3a20dfb963935d81400000001000000140000008868bfe08e35c43b386b62f7283b8481c80cd74d1900000001000000 (Der Dateneintrag hat 3120 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08]
"Blob"="0b000000010000001400000055006e00740072007500730074006500640000000300000001000000140000003a850044d8a195cd401a680c012cb0a3b5f8dc081800000001000000100000003fc8cb0bc05241e58d65e9448b2d07c21900000001000000 (Der Dateneintrag hat 2778 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4]
"Blob"="0400000001000000100000000fa36fb50968ee0ebeb85c96691b03510f00000001000000140000000986bc5808606ae2a35a2148e47612b110ba14261400000001000000140000004c08c98d76f198c73edf3cd72f750db1767997cc1900000001000000 (Der Dateneintrag hat 2520 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3]
"Blob"="040000000100000010000000c296e0e4972caa61c49b9b7718385c9e0f0000000100000020000000e58ae6c22c9769ac2367edc89f41d7bad84b6012735b00e39d00170f14d06dbd140000000100000014000000290ddb3f0752e50bd421682e244ade5b (Der Dateneintrag hat 3072 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000d58e5a5113b4290d31b61c8d3e5151310a33aa810f00000001000000140000001e63d6ce9852777f2d98c4b586e086a15153f254030000000100 (Der Dateneintrag hat 3302 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74]
"Blob"="0400000001000000100000005f1c0add38ce021936a29cbc00fbd9550f0000000100000014000000339e874e3c6a295d0e36f8d2450dbfef848dea30140000000100000014000000c616934e1617ec16ae8c9476f3866dc5746e84771900000001000000 (Der Dateneintrag hat 2198 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179]
"Blob"="040000000100000010000000036897a5ac7ab1d8b114bd82281cb7bc0f00000001000000200000005f57706048f3280793338a91160d789b790a2728885d466db5999c2982a7f5d8140000000100000014000000bc5d943bd9ab7b03257361c2db2deefc (Der Dateneintrag hat 3608 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000b7c3de1a43ed4197a98f29789c03b9ac404200ac0f0000000100000014000000405a6f3a0b8d42a3750abc05a9893aba922272b2030000000100 (Der Dateneintrag hat 3778 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000864945fc331933d404ed2761eee801c90c7f2f7e0f0000000100000014000000b122c14dfa7578fb053d3d5d8c49aee6aee23935030000000100 (Der Dateneintrag hat 3302 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000182aa2c8d47a3f7bad048bbd6f9e10461378719d0f0000000100000014000000d8e83e8f23427871c197fa11eaab5b54795e0aa4030000000100 (Der Dateneintrag hat 3300 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000864945fc331933d404ed2761eee801c90c7f2f7e0400000001000000100000004adc3c67ed21cd5bce5dc811e49ecf3d03000000010000001400 (Der Dateneintrag hat 3258 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844]
"Blob"="040000000100000010000000a2997396a0fa4dce63f2dd2bc513d8cc0f00000001000000140000005177c28a48f038196234b2abf4e061dea7e277f41400000001000000140000008868bfe08e35c43b386b62f7283b8481c80cd74d1900000001000000 (Der Dateneintrag hat 3120 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB]
"Blob"="040000000100000010000000aea5ce285267d29320c5541fecc249a80f000000010000001400000096941dc6658ffc098859877602900c21375c198b1400000001000000080000004c4ecc25280329811900000001000000100000003c36e168abcc8596 (Der Dateneintrag hat 2852 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15]
"Blob"="040000000100000010000000cb1c7e3148a1873a658ab2f79886d8a00f0000000100000014000000df34751bb2263fe86886134b7105ce1ede665e96140000000100000014000000abf968dfcf4a37d77b458c5f72de4044c365bbc21900000001000000 (Der Dateneintrag hat 2996 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156]
"Blob"="04000000010000001000000045ec2bd235ee53e41a7d325e558bf6dd0f00000001000000140000004036ab110d29f3c83c47e9b0a4c871be180aceae140000000100000014000000bd1698421dbe91d13dc29725e028d758e0b57fe21900000001000000 (Der Dateneintrag hat 2494 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2]
"Blob"="040000000100000010000000507515463b000f79b034ab98bd7de54b0f000000010000001400000017853be152228a93470d6c875acd8472fcd13976140000000100000014000000abf968dfcf4a37d77b458c5f72de4044c365bbc21900000001000000 (Der Dateneintrag hat 2928 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C]
"Blob"="0400000001000000100000007a79544d07923b5bff41f00ec739a2980f000000010000001400000000bbba38b51af4d816e03a4eb3091406268795111400000001000000140000008868bfe08e35c43b386b62f7283b8481c80cd74d1900000001000000 (Der Dateneintrag hat 3036 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000d464f6a9e8a57ed7bf6352038353dbc5418dea800f00000001000000140000004d8cca09656fc43b0e3785c4a234041502e0a390030000000100 (Der Dateneintrag hat 3296 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD]
"Blob"="5900000001000000120000005200530041002f0053004800410031000000140000000100000014000000864945fc331933d404ed2761eee801c90c7f2f7e0f00000001000000140000005350604d64b6a1f15f4295f495601b2b1e67bd3d030000000100 (Der Dateneintrag hat 3258 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83]
"Blob"="04000000010000001000000095b498d6f05e9ae3a011cd0c186689960f0000000100000014000000aa94d8cd76aabb2199f44c22ffa2a7496e451f3e140000000100000014000000fedc94490c6fef5c7fc6f112994f1649adfb82651900000001000000 (Der Dateneintrag hat 2362 mehr Zeichen)."
[HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97]
"Blob"="040000000100000010000000639a594c8d01d2ee7ff49b29564684750f00000001000000140000000c873ebe4d199091c694ad3b1390f9c9b442c3e11400000001000000140000009b162d3182c8f3e34e529b69fa0be8363eda97491900000001000000 (Der Dateneintrag hat 3186 mehr Zeichen)."
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKUS-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKUS-1-5-21-3928150652-2756980015-3035233101-1000\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKEY_USERS\S-1-5-19\Software\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
================== ExportKey: ===================
[HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
=== Ende von ExportKey ===
==== Ende von Fixlog 17:45:46 ====
|
|
17.07.2017, 19:25
| #15 |
| /// TB-Ausbilder | Mozilla macht sich selbständig Servus, downloade dir bitte AVCertClean auf deinen Desktop.
|
|
| Themen zu Mozilla macht sich selbständig |
| antivirus, avdevprot, avdevprot.sys, avira, browser, converter, cpu, desktop, device driver, error, firefox, flash player, helper, hijack, internet, internet explorer, mozilla, mp3, nodrives, problem, proxy, realtek, rundll, software, svchost.exe, updates, usb, werbung, windows |
Linear-Darstellung
