Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Combofix-Log-Auswertung für Neuling

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.09.2017, 22:02   #1
welcome77
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



Hallo! Ich bin ganz neu hier, also versteht es bitte, falls ich irgendwas falsch mache/gemacht habe.
Ich war heute auf meinem Amazon-Konto, weil ich etwas bestellen wollte. Als ich mich einloggen wollte, stand dort auf einmal im login eine andere als meine eigene Mail-Adresse. Es war eine Wegwerf-Adresse. Ich konnte mich allerdings mit meinem Passwort einloggen. Ich habe sofort alles geändert (Passwort und Mailadresse) und auch bei meinen beiden Mailadressen das Passwort geändert.
Ich muss dazu sagen, dass mir schon häufiger gesagt wurde, dass von einer meiner beiden Mailadressen komische Spam-Mails verschickt werden. Bisher dachte ich, das Problem wäre dadurch gelöst, dass ich ab und an mein Mail-Passwort ändere. Aber als das dann heute mit Amazon passiert ist, dachte ich, ich sollte mal meinen PC checken.
Durch googlen, was man da tun kann, bin ich auf das Programm Combofix gekommen. Als ich das Programm durchlaufen lassen habe, habe ich die angehängte log-Datei bekommen. Erst dann ist es mir mal in den Sinn bekommen, dass das kein Programm für Anfänger ist und ich absolut keine Ahnung habe, was ich nun machen soll. Ich hoffe, ihr könnt mir helfen. Ich habe leider wirklich keine Ahnung von solchen Sachen. Also erklärt es mir bitte idiotensicher...
Ich hoffe, jemand kann mir helfen!
Angehängte Dateien
Dateityp: txt ComboFix.txt (28,7 KB, 275x aufgerufen)

Alt 15.09.2017, 21:55   #2
M-K-D-B
/// TB-Ausbilder
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling









Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.



Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
  1. Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.

  2. Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.

  3. Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!

  4. Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
    Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
    Außerdem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.


  5. Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!

  6. Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!

  7. Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

  8. Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
    Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.


  9. Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.

  10. In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
    Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.





Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!







Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)







Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 18.09.2017, 21:15   #3
M-K-D-B
/// TB-Ausbilder
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM inklusive Link zum Thema an mich falls du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
__________________

Alt 26.09.2017, 21:10   #4
welcome77
 
Combofix-Log-Auswertung für Neuling - Standard

verspätete Antwort



Entschuldigung nochmal, dass ich erst so spät antworte. Die Symptome sind leider nicht verschwunden. Von einem meiner Mailkontos werden offenbar weiterhin Spam-Mails verschickt, zumindest bekomme ich Bescheinigungen, dass eine meiner Mails nicht zugestellt werden konnte, die ich natürlich nicht geschickt habe... Ich verwende für die Mails übrigens Outlook, falls das wichtig ist.

Hier die Log-Dateien:
FRST.TXT:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2017 01
durchgeführt von Johannes (Administrator) auf JOHANNES-PC (26-09-2017 20:50:59)
Gestartet von C:\Users\Johannes\Downloads
Geladene Profile: Johannes (Verfügbare Profile: Johannes & Uni & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-12-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-08] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8069024 2013-11-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6201248 2013-11-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-09-20] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53649;https=127.0.0.1:53649
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{62DD59A3-AECC-42F1-B257-BDC13679AEF5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{79D2D9C7-490F-4EFB-8BCE-C515442DF0E0}: [NameServer] 141.30.1.1,141.76.14.1
Tcpip\..\Interfaces\{84567B36-88A2-4704-894E-0EF333596947}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-24] (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-06-24] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-24] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-06-24] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-31] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-24] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-31] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9ira0lt3.default
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Zotero\Zotero\Profiles\9ira0lt3.default [2017-09-26]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2017-09-22] [ist nicht signiert]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2017-09-22] [ist nicht signiert]
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default [2017-09-24]
FF Extension: (spottster.com) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\com.spottster.addon.firefox@jetpack.xpi [2016-04-27]
FF Extension: (Security Protection) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\detgdp@gmail.com [2015-01-01] [ist nicht signiert]
FF Extension: (Der Camelizer) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\izer@camelcamelcamel.com.xpi [2017-09-08]
FF Extension: (Zotero) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-09-16]
FF Extension: (Gutscheinaffe) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2017-09-08]
FF Extension: (Adblock Plus) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-12]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-11-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-24] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1420131101&from=wpm12311&uid=HGSTXHTS545032A7E380_TMA45C480EH8YM0EH8YMX
CHR Profile: C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default [2017-09-26]
CHR Extension: (Google Präsentationen) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-02]
CHR Extension: (Google Docs) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-15]
CHR Extension: (YouTube) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Google-Suche) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-02]
CHR Extension: (Скачать музыку Вконтакте) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hanjiajgnonaobdlklncdjdmpbomlhoa [2017-09-11]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-31]
CHR Extension: (Citavi Picker) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2017-03-29]
CHR Extension: (Google Mail) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [441880 2016-07-04] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [421400 2016-07-04] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [458264 2016-07-04] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-09-20] (Dropbox, Inc.)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [137024 2014-01-28] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [204096 2014-01-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310960 2016-10-30] (Overwolf LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ACHTUNG (kein ServiceDLL)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-04] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-04] (Bluestack System Inc. )
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl72c8e1eb; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C632B318-AEC6-418D-A8E7-88E405E6B684}\MpKsl72c8e1eb.sys [44928 2017-09-26] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-07] (Vimicro Corporation)
R3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
S2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [X]
S2 vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-26 20:50 - 2017-09-26 20:52 - 000022403 _____ C:\Users\Johannes\Downloads\FRST.txt
2017-09-26 20:50 - 2017-09-26 20:50 - 000000000 ____D C:\FRST
2017-09-26 20:35 - 2017-09-26 20:50 - 002399744 _____ (Farbar) C:\Users\Johannes\Downloads\FRST64.exe
2017-09-25 11:57 - 2017-09-25 11:57 - 000322469 _____ C:\Users\Johannes\Downloads\006.VG-chapter.pdf
2017-09-24 19:57 - 2017-09-25 10:41 - 000009008 _____ C:\Users\Johannes\Desktop\Kopfschmerztagebuch.xlsx
2017-09-23 10:39 - 2017-09-23 10:39 - 000408444 _____ C:\Users\Johannes\Downloads\9783658139315-c2.pdf
2017-09-23 08:54 - 2017-09-23 08:54 - 000001536 _____ C:\Users\Johannes\Desktop\Bachelorarbeit - Verknüpfung.lnk
2017-09-21 21:58 - 2017-09-21 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-21 15:12 - 2017-09-21 15:12 - 000060438 _____ C:\Users\Johannes\Downloads\STUDIIBescheinigungImmaoU (1).pdf
2017-09-20 18:48 - 2017-09-20 18:48 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-09-20 18:48 - 2017-09-20 18:48 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-09-20 18:48 - 2017-09-20 18:48 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-09-20 18:48 - 2017-09-20 18:48 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-09-18 19:11 - 2017-09-18 19:11 - 001201048 _____ C:\Windows\Minidump\091817-44491-01.dmp
2017-09-18 19:10 - 2017-09-18 19:10 - 537626535 _____ C:\Windows\MEMORY.DMP
2017-09-18 15:32 - 2017-09-18 15:32 - 002378571 _____ C:\Users\Johannes\Downloads\8518.pdf
2017-09-15 21:30 - 2017-09-15 21:30 - 000002613 _____ C:\Users\Johannes\Downloads\ComboFix-quarantined-files.txt
2017-09-15 20:33 - 2017-09-15 20:39 - 008182736 _____ (Malwarebytes) C:\Users\Johannes\Desktop\adwcleaner_7.0.2.1.exe
2017-09-15 20:25 - 2017-09-15 20:25 - 000003250 _____ C:\Windows\System32\Tasks\{18D5BFA1-9370-419A-94F5-CB77D4444E16}
2017-09-15 15:12 - 2017-09-15 15:12 - 000006438 _____ C:\Users\Johannes\Downloads\{397648F0-6BA8-4BC9-B8EC-02A1F0C4C208}.xls
2017-09-14 22:04 - 2017-09-14 22:04 - 000029401 _____ C:\Users\Johannes\Downloads\ComboFix.txt
2017-09-14 21:40 - 2017-09-14 21:40 - 000029401 _____ C:\ComboFix.txt
2017-09-14 21:05 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe
2017-09-14 21:05 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe
2017-09-14 21:05 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe
2017-09-14 20:56 - 2017-09-14 21:05 - 000306107 _____ (Swearware) C:\Users\Johannes\Downloads\Nicht bestätigt 166292.crdownload
2017-09-14 20:54 - 2017-09-14 21:40 - 000000000 ____D C:\Qoobox
2017-09-14 20:53 - 2017-09-14 21:37 - 000000000 ____D C:\Windows\erdnt
2017-09-14 20:47 - 2017-09-14 20:48 - 005660248 ____R (Swearware) C:\Users\Johannes\Downloads\ComboFix.exe
2017-09-13 08:14 - 2017-08-19 17:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 08:14 - 2017-08-16 17:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-13 08:14 - 2017-08-16 17:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-13 08:14 - 2017-08-16 16:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 08:14 - 2017-08-16 03:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-13 08:14 - 2017-08-16 02:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-13 08:14 - 2017-08-15 17:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 08:14 - 2017-08-15 17:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 08:14 - 2017-08-15 16:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-13 08:14 - 2017-08-15 16:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-13 08:14 - 2017-08-15 16:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-13 08:14 - 2017-08-15 15:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-13 08:14 - 2017-08-14 19:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-13 08:14 - 2017-08-13 23:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-13 08:14 - 2017-08-13 23:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-13 08:14 - 2017-08-13 20:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-13 08:14 - 2017-08-13 19:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-13 08:14 - 2017-08-13 18:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-13 08:14 - 2017-08-13 18:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-13 08:14 - 2017-08-13 18:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-13 08:14 - 2017-08-13 18:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-13 08:14 - 2017-08-13 18:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-13 08:14 - 2017-08-13 18:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-13 08:14 - 2017-08-13 18:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-13 08:14 - 2017-08-13 18:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-13 08:14 - 2017-08-13 18:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-13 08:14 - 2017-08-13 18:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-13 08:14 - 2017-08-13 17:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-13 08:14 - 2017-08-13 17:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-13 08:14 - 2017-08-13 17:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-13 08:14 - 2017-08-13 17:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-13 08:14 - 2017-08-13 17:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-13 08:14 - 2017-08-13 17:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-13 08:14 - 2017-08-13 17:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-13 08:14 - 2017-08-11 08:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-13 08:14 - 2017-08-11 08:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 08:14 - 2017-08-11 08:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-13 08:14 - 2017-08-11 08:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-13 08:14 - 2017-08-11 08:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-13 08:14 - 2017-08-11 08:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 08:14 - 2017-08-11 08:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 08:14 - 2017-08-11 08:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 08:14 - 2017-08-11 08:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-13 08:14 - 2017-08-11 08:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-13 08:14 - 2017-08-11 08:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 08:14 - 2017-08-11 08:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-13 08:14 - 2017-08-11 08:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-13 08:14 - 2017-08-11 08:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 08:14 - 2017-08-11 08:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-13 08:14 - 2017-08-11 08:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 08:14 - 2017-08-11 08:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-13 08:14 - 2017-08-11 08:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 08:14 - 2017-08-11 07:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 08:14 - 2017-08-11 07:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 08:14 - 2017-07-07 17:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-13 08:14 - 2017-07-07 17:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-09-13 08:13 - 2017-08-19 17:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 08:13 - 2017-08-15 17:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-13 08:13 - 2017-08-15 17:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-13 08:13 - 2017-08-15 16:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-13 08:13 - 2017-08-13 19:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-13 08:13 - 2017-08-13 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-13 08:13 - 2017-08-13 19:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-13 08:13 - 2017-08-13 19:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-13 08:13 - 2017-08-13 19:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-13 08:13 - 2017-08-13 19:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-13 08:13 - 2017-08-13 19:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-13 08:13 - 2017-08-13 18:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-13 08:13 - 2017-08-13 18:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-13 08:13 - 2017-08-13 18:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-13 08:13 - 2017-08-13 18:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-13 08:13 - 2017-08-13 18:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-13 08:13 - 2017-08-13 18:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-13 08:13 - 2017-08-13 18:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-13 08:13 - 2017-08-13 18:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-13 08:13 - 2017-08-13 18:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-13 08:13 - 2017-08-13 18:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-13 08:13 - 2017-08-13 18:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-13 08:13 - 2017-08-13 18:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-13 08:13 - 2017-08-13 18:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-13 08:13 - 2017-08-13 18:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-13 08:13 - 2017-08-13 18:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-13 08:13 - 2017-08-13 18:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-13 08:13 - 2017-08-13 18:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-13 08:13 - 2017-08-13 18:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-13 08:13 - 2017-08-13 18:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-13 08:13 - 2017-08-13 18:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-13 08:13 - 2017-08-13 18:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-13 08:13 - 2017-08-13 18:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-13 08:13 - 2017-08-13 18:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-13 08:13 - 2017-08-13 18:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-13 08:13 - 2017-08-13 18:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-13 08:13 - 2017-08-13 18:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-13 08:13 - 2017-08-13 18:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-13 08:13 - 2017-08-13 18:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-13 08:13 - 2017-08-13 18:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-13 08:13 - 2017-08-13 17:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-13 08:13 - 2017-08-13 17:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-13 08:13 - 2017-08-13 17:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-13 08:13 - 2017-08-13 17:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-13 08:13 - 2017-08-13 17:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-13 08:13 - 2017-08-13 17:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-13 08:13 - 2017-08-11 08:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-13 08:13 - 2017-08-11 08:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-13 08:13 - 2017-08-11 08:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-13 08:13 - 2017-08-11 08:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 08:13 - 2017-08-11 08:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-13 08:13 - 2017-08-11 08:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 08:13 - 2017-08-11 08:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-13 08:13 - 2017-08-11 08:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-13 08:13 - 2017-08-11 08:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-13 08:13 - 2017-08-11 08:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-13 08:13 - 2017-08-11 08:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-13 08:13 - 2017-08-11 08:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-13 08:13 - 2017-08-11 08:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-13 08:13 - 2017-08-11 07:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-13 08:13 - 2017-08-11 07:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-13 08:13 - 2017-08-11 07:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-13 08:13 - 2017-08-11 07:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-13 08:13 - 2017-08-11 07:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-13 08:13 - 2017-08-11 07:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-13 08:13 - 2017-08-11 07:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-13 08:13 - 2017-08-11 07:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-13 08:13 - 2017-08-11 07:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-13 08:13 - 2017-08-11 07:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-13 08:13 - 2017-08-11 07:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-13 08:13 - 2017-08-11 07:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 07:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 07:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 07:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-12 09:22 - 2017-09-12 09:23 - 000263171 _____ C:\Users\Johannes\Downloads\Bewertung_Motivation.pdf
2017-09-10 14:05 - 2017-09-10 14:06 - 001437807 _____ C:\Users\Johannes\Downloads\8435.pdf
2017-09-08 10:57 - 2017-09-08 10:58 - 006111629 _____ C:\Users\Johannes\Downloads\fileadmin-user_upload-PDF-berichtsbaende-VuMA_2017_Berichtsband.pdf
2017-09-08 09:30 - 2017-09-08 09:31 - 000742603 _____ C:\Users\Johannes\Downloads\PIP_Teens_Games_and_Civics_Report_FINAL.pdf.pdf
2017-09-08 08:50 - 2017-09-08 08:50 - 001024060 _____ C:\Users\Johannes\Downloads\PI_2015-12-15_gaming-and-gamers_FINAL.pdf
2017-09-08 08:26 - 2017-09-08 08:26 - 000003034 _____ C:\Windows\System32\Tasks\{6B76AC51-6F5C-478A-9258-5552981164C2}
2017-09-08 08:26 - 2017-09-08 08:26 - 000003034 _____ C:\Windows\System32\Tasks\{57CC44A5-EFB1-4DA5-B38E-123E221D3461}
2017-09-07 19:18 - 2017-09-18 19:11 - 000000000 ____D C:\Windows\Minidump
2017-09-07 19:18 - 2017-09-07 19:19 - 001256824 _____ C:\Windows\Minidump\090717-44382-01.dmp
2017-09-07 09:58 - 2017-09-23 08:54 - 000000000 ____D C:\Users\Uni\Desktop\6.-7. Semester
2017-09-03 21:35 - 2017-09-04 12:59 - 000000000 ____D C:\Users\Johannes\Documents\Schweden-Krankenhaus
2017-09-01 10:47 - 2017-07-21 16:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-09-01 10:47 - 2017-07-21 16:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-09-01 10:47 - 2017-07-14 17:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-09-01 10:47 - 2017-07-14 17:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-09-01 10:47 - 2017-07-14 17:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-01 10:47 - 2017-07-14 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-09-01 10:46 - 2017-07-29 16:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-09-01 10:46 - 2017-07-21 16:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-09-01 10:46 - 2017-07-21 16:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-09-01 10:46 - 2017-07-14 17:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-09-01 10:46 - 2017-07-14 17:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-09-01 10:46 - 2017-07-14 17:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-09-01 10:46 - 2017-07-14 17:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-09-01 10:46 - 2017-07-14 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-09-01 10:46 - 2017-07-14 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-09-01 10:46 - 2017-07-14 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-09-01 10:46 - 2017-07-14 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-09-01 10:46 - 2017-07-14 16:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-01 10:46 - 2017-07-14 16:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-01 10:46 - 2017-07-14 16:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-09-01 10:46 - 2017-07-08 17:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-09-01 10:46 - 2017-07-07 17:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-09-01 10:46 - 2017-07-07 17:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-09-01 10:46 - 2017-07-07 17:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-26 20:41 - 2015-06-22 19:15 - 000001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-09-26 20:41 - 2015-06-22 19:15 - 000001214 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-09-26 20:37 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-26 20:37 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-26 20:17 - 2013-11-29 22:55 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-09-25 09:53 - 2014-06-22 20:41 - 000000000 ____D C:\Users\Johannes\AppData\Local\Battle.net
2017-09-24 20:51 - 2014-06-22 20:41 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-24 20:17 - 2014-06-22 20:53 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-09-22 15:04 - 2016-05-26 14:33 - 000000000 ____D C:\Program Files (x86)\Zotero Standalone
2017-09-22 09:52 - 2014-06-18 18:24 - 000002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-21 21:58 - 2015-06-22 19:15 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-19 08:28 - 2013-11-29 22:55 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-09-18 19:11 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-18 19:10 - 2016-11-16 11:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-18 19:10 - 2013-11-30 15:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-15 23:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-15 21:26 - 2015-01-01 19:03 - 000000000 ____D C:\AdwCleaner
2017-09-15 21:24 - 2013-12-15 16:51 - 000056320 ___SH C:\Users\Johannes\Thumbs.db
2017-09-15 21:18 - 2014-11-01 19:55 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-15 21:10 - 2015-05-26 19:56 - 000000000 ____D C:\ProgramData\Trymedia
2017-09-15 11:52 - 2016-06-25 11:35 - 000000000 ____D C:\Windows\pss
2017-09-15 08:50 - 2014-03-02 20:00 - 000000000 ____D C:\Users\Johannes\Desktop\sortieren
2017-09-14 21:35 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini
2017-09-14 11:34 - 2010-11-21 08:50 - 000702064 _____ C:\Windows\system32\perfh007.dat
2017-09-14 11:34 - 2010-11-21 08:50 - 000150698 _____ C:\Windows\system32\perfc007.dat
2017-09-14 11:34 - 2009-07-14 07:13 - 001627626 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-14 11:34 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-09-14 11:23 - 2009-07-14 06:45 - 000463016 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-14 11:14 - 2013-11-29 17:03 - 000000000 ____D C:\Windows\system32\MRT
2017-09-14 11:06 - 2013-11-29 17:03 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-14 10:47 - 2013-11-29 19:08 - 001601906 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-12 20:21 - 2013-11-30 14:14 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-12 20:21 - 2013-11-30 14:14 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-12 20:21 - 2013-11-30 14:14 - 000004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-12 20:20 - 2013-11-30 14:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-12 20:20 - 2013-11-30 14:14 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-08 08:30 - 2016-11-16 12:36 - 000000000 ____D C:\Users\Johannes\AppData\LocalLow\Mozilla
2017-09-07 19:46 - 2015-06-22 19:20 - 000000000 ___RD C:\Users\Johannes\Dropbox
2017-09-07 09:56 - 2014-11-05 23:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2017-09-07 09:56 - 2013-11-29 23:15 - 000000000 ____D C:\Program Files (x86)\Cisco
2017-09-07 09:55 - 2014-11-05 23:00 - 000000000 ____D C:\ProgramData\Cisco
2017-09-04 21:47 - 2015-05-28 15:46 - 000000000 ____D C:\Users\Johannes\AppData\Roaming\Audacity
2017-08-31 22:27 - 2015-07-03 21:57 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-31 22:25 - 2016-07-30 20:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-31 20:46 - 2015-04-01 12:32 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-03-13 20:56 - 2017-03-13 20:56 - 000001217 _____ () C:\Users\Johannes\AppData\Local\psppirerc
2017-03-13 20:56 - 2017-03-13 20:56 - 000010850 _____ () C:\Users\Johannes\AppData\Local\recently-used.xbel
2013-11-29 23:36 - 2013-11-29 23:37 - 000002205 _____ () C:\Users\Johannes\AppData\Local\WiDiSetupLog.20131129.223618.txt
2014-11-09 14:25 - 2014-11-09 14:25 - 000000057 _____ () C:\ProgramData\Ament.ini
2015-11-14 18:52 - 2015-11-14 18:52 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Einige Dateien in TEMP:
====================
2017-09-15 20:23 - 2017-09-15 20:24 - 000740416 _____ (Oracle Corporation) C:\Users\Johannes\AppData\Local\Temp\jre-8u144-windows-au.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2015-02-13 15:16

==================== Ende von FRST.txt ============================
         

Alt 26.09.2017, 21:12   #5
welcome77
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



hier die nächste Datei: (Ist es eigentlich möglich das im Nachhinein zu anonymisieren?)

ADDITION.TXT

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-09-2017 01
durchgeführt von Johannes (26-09-2017 20:54:24)
Gestartet von C:\Users\Johannes\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-29 20:39:35)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3713904842-3737894215-1530784781-500 - Administrator - Disabled)
Gast (S-1-5-21-3713904842-3737894215-1530784781-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3713904842-3737894215-1530784781-1002 - Limited - Enabled)
Johannes (S-1-5-21-3713904842-3737894215-1530784781-1000 - Administrator - Enabled) => C:\Users\Johannes
Uni (S-1-5-21-3713904842-3737894215-1530784781-1003 - Administrator - Enabled) => C:\Users\Uni

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{169BAE78-A355-48F1-9A62-39F44804CE29}) (Version: 3.3.42.70280 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.42.70280 - Alcor Micro Corp.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.9.9 - Atheros Communications Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.37.6239 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.5.01044 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{D0D55FBB-BF2B-4B0D-9D0E-A4A0E1DB5DDF}) (Version: 4.5.01044 - Cisco Systems, Inc.) Hidden
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.2.0.8 - Swiss Academic Software)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
Double Pack Burger Shop Deluxe (HKLM-x32\...\e868d14d921fe32308758a4cb836a5e2) (Version:  - Zylom)
Double Pack Burger Shop Deluxe (HKLM-x32\...\fb6b3d6a15f43a4190e1dbbde9562faf) (Version:  - Zylom)
Double Pack Delicious Deluxe (HKLM-x32\...\1cc19516e92a6f56c7aded5e04cdc19c) (Version:  - Zylom)
Dropbox (HKLM-x32\...\Dropbox) (Version: 35.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DX-Ball 1.09 (HKLM-x32\...\DX-Ball 1.09) (Version:  - )
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.2.5 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.2.5 - Lenovo)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
GoGear SA5MXX_V2 Device Manager (HKLM-x32\...\{4BFC5335-CE8C-4F4E-A2E6-8B07CF599D10}) (Version: 1.00 - Ihr Firmenname)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.26.00.06 - Huawei Technologies Co.,Ltd)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Hilfe (HKLM-x32\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Inquisit 4 Web Player (HKLM\...\{E8620E4B-8567-4E07-8CDB-8432054BD5B2}) (Version: 4.0.8.0 - Millisecond Software)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.1206.1 - Vimicro)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Microsoft .NET Framework 4.7 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.99.11.0 - Overwolf Ltd.)
PDF24 Creator 7.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PokeMMO (HKLM-x32\...\PokeMMO_is1) (Version:  - PokeMMO)
PSPP (HKLM-x32\...\PSPP) (Version: 0.10.4 - Free Software Foundation, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 3520 series Produkten (HKLM\...\{A5BB6A58-BC1A-48A7-BB19-1768A80CF9C9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Supermarket Mania(R) 2 (HKLM-x32\...\be45c0c959302115103bb04dd55d7f0e) (Version:  - Zylom)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VMware Player (HKLM\...\{537B7F85-2B95-44ED-8D90-765F6F36D666}) (Version: 12.1.1 - VMware, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.3.00000 - VMware, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-07] (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {19D2B353-6DBC-4BF1-9CD1-CCE09B2AA089} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-10-30] (Overwolf LTD)
Task: {1F233AE9-CB44-42FA-B08C-92DE4EE4130B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {2326A950-472A-4873-BA62-B7126E35C731} - System32\Tasks\{57CC44A5-EFB1-4DA5-B38E-123E221D3461} => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2017-07-22] (Cisco Systems, Inc.)
Task: {32A9273B-7018-419C-BEA4-6F00442F2364} - System32\Tasks\{D98EF6B9-006A-4E46-AE6D-841589A58BBD} => C:\Users\Johannes\Downloads\Hearthstone Deck Tracker.exe [2015-11-12] (Epix)
Task: {3E17BFD9-E7AB-4F29-9951-694035CF64B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-24] (Microsoft Corporation)
Task: {49E38F27-DA06-4241-BFCE-4B874079CC2C} - System32\Tasks\{C72AD2AA-8132-4720-AED8-A13A3710BE2C} => C:\Users\Johannes\Downloads\Hearthstone Deck Tracker.exe [2015-11-12] (Epix)
Task: {5C0E729D-17DB-4BB6-9819-219E7CA3B097} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5CF595C5-EC47-4EFB-A448-DBDA0CB6F349} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {71CCF520-0BC5-46CF-896D-2A2D75A0E701} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {78100506-D6F0-47D6-B9A0-E30F7576D5CC} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {7DC8FC9A-121E-4047-A5CE-233B2F337EF8} - System32\Tasks\{18D5BFA1-9370-419A-94F5-CB77D4444E16} => C:\Windows\system32\pcalua.exe -a C:\Users\Johannes\AppData\Local\Temp\jre-8u144-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {7E21310E-E574-4DBF-8786-A9DD25170256} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-24] (Microsoft Corporation)
Task: {9FB0CB49-71DF-4DE8-B8D2-2DDF5E168A3D} - System32\Tasks\HP AR Program Upload - 4811cd8c08034312991abe64220277c5d82e076025cd4736a335bd16fbaf2628 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A4FD7AE3-9CF3-4FD5-ABC1-24003A89FB6F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {ACAC9E37-F929-49A4-986D-9ADCB19D208D} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B35B98DD-C1AA-4ECF-924D-2F6676860B47} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {B89594A6-E027-40E5-99F8-EB797F9CACCD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {BDD8A54F-25B3-45EA-8C43-D042CC917581} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {C78AD151-7E42-44E5-9BE5-447C7980A9C5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {C95DB26F-297B-4528-AE97-D9A63BF9ED6C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {D7531752-9CBA-4560-A655-A04B4A62CB85} - System32\Tasks\HP AR Program Upload - 54ff7944da244accb89631a69a7866c840937d2dbc8e4020bd676cfb7120f1bd => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {DCB63D9B-A754-437D-8452-69B35390A753} - System32\Tasks\{6B76AC51-6F5C-478A-9258-5552981164C2} => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2017-07-22] (Cisco Systems, Inc.)
Task: {EC17B2BB-016F-408F-B694-C8A778861080} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-24] (Microsoft Corporation)
Task: {F9D72BFD-5D5E-4FE9-93D8-9374F121C642} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-08-21 16:52 - 2014-01-28 09:44 - 000137024 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2016-08-21 16:52 - 2014-01-28 09:44 - 000204096 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2013-11-29 22:55 - 2011-12-16 06:37 - 000128280 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2008-12-20 04:20 - 2013-11-29 23:23 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-01-04 19:46 - 2013-11-29 23:23 - 001496480 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 04:20 - 2013-11-29 23:23 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-11-29 22:59 - 2012-02-17 02:21 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-14 17:18 - 2011-12-14 17:18 - 000119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2017-09-22 09:52 - 2017-09-21 09:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-22 09:52 - 2017-09-21 09:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-09-14 12:41 - 2017-09-14 12:41 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f203ecbdc8e8f4f836e1627efb89f9ae\IsdiInterop.ni.dll
2013-11-29 22:50 - 2011-11-29 21:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-29 22:54 - 2011-12-16 04:39 - 001198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-06-24 06:51 - 2016-06-24 07:05 - 003540680 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\gfx.dll
2011-08-15 21:12 - 2011-08-15 21:12 - 002603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-15 21:15 - 2011-08-15 21:15 - 000382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 17:41 - 2011-08-17 17:41 - 000400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 17:48 - 2011-08-17 17:48 - 000322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-11-25 14:29 - 2011-11-25 14:29 - 000015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 21:12 - 2011-08-15 21:12 - 001006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 17:48 - 2011-08-17 17:48 - 000195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 20:23 - 2011-08-15 20:23 - 000062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 14:28 - 2011-11-25 14:28 - 000484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 14:42 - 2011-11-25 14:42 - 000499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 14:26 - 2011-11-25 14:26 - 000013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 17:05 - 2011-07-19 17:05 - 014978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-19 17:04 - 2011-07-19 17:04 - 000317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2011-08-15 21:17 - 2011-08-15 21:17 - 009224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2017-09-21 21:57 - 2017-09-20 18:48 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-21 21:57 - 2017-09-20 18:48 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-21 21:57 - 2017-09-20 18:49 - 000023872 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_bootstrap.dll
2017-09-21 21:58 - 2017-09-20 18:48 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-21 21:58 - 2017-09-20 18:48 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-21 21:58 - 2017-09-20 18:50 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-21 21:57 - 2017-09-20 18:49 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-21 21:58 - 2017-09-20 18:50 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-09-21 21:57 - 2017-09-20 18:49 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-21 21:58 - 2017-09-20 18:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Johannes\Documents\Fragenbogen_Armoneit_Burk_LeHuyen_Reber_Stein.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Johannes\Documents\Hausaufgabe Gruppe 3.docx:com.dropbox.attributes [256]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear SA5MXX_V2 Device Manager.lnk => C:\Windows\pss\Philips GoGear SA5MXX_V2 Device Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Johannes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Johannes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk.Startup
MSCONFIG\startupreg: 331BigDog => C:\Program Files (x86)\USB Camera\VM331_STI.EXE
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: Mobile Partner => C:\Program Files (x86)\HiSuite\HiSuite.exe -s
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\\OverwolfLauncher.exe -overwolfsilent
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Johannes\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{F4BCAB59-9496-45DF-87CA-536F004FECDE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{5DAE6D06-12F3-4E20-837C-A5B794B760EC}C:\users\johannes\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\johannes\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5926719F-7D54-42FA-A7A3-03506482A08A}C:\users\johannes\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\johannes\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{1DBFD9BF-7C33-4823-8602-C0C036612745}C:\users\johannes\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\johannes\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B90A053E-E619-4BA8-8C4B-0E6EDD72057C}C:\users\johannes\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\johannes\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0806763C-0379-4A04-8C7E-FE3D5E2E8518}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{07703543-4CD4-4F91-970D-C2E4910E1E41}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E7538A87-65AD-44E9-9029-39784758BE3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{ACB7D56A-5B0A-4498-9625-2B1A18BD8843}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{4D696304-C354-413C-B06B-0489BD7C76E2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9F688552-8B69-4E26-9F15-3E7AFE36C3F9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1091BB4F-61CF-49A8-8E07-04CB8DCE146D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{02895CE8-2166-46C3-8B82-2FB12579A2EE}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{E9F16B5C-9512-4908-A6EC-9766647DA247}C:\programdata\battle.net\agent\agent.3023\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [UDP Query User{F5E2582A-6F0B-4CB0-99FA-6D5D9A4BB80C}C:\programdata\battle.net\agent\agent.3023\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [TCP Query User{FA086242-4290-4040-BC09-2C6FC53096E7}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [UDP Query User{387A700C-E5B8-4DEF-AC37-FCC6C3DD680B}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [TCP Query User{955BB63B-02AE-43E2-AB56-0832FE645756}C:\programdata\battle.net\agent\agent.3147\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3147\agent.exe
FirewallRules: [UDP Query User{23428EF6-95A4-474A-8F0A-2A7618D92299}C:\programdata\battle.net\agent\agent.3147\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3147\agent.exe
FirewallRules: [TCP Query User{5807CCFA-1669-4010-8054-D11D30AD4528}C:\programdata\battle.net\agent\agent.3182\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3182\agent.exe
FirewallRules: [UDP Query User{8A2C3E7C-4D0F-4C37-9BF4-9C36D204497D}C:\programdata\battle.net\agent\agent.3182\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3182\agent.exe
FirewallRules: [TCP Query User{59CD5E53-D892-4229-9A45-0914EE68388F}C:\programdata\battle.net\agent\agent.3235\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3235\agent.exe
FirewallRules: [UDP Query User{238A1E97-563D-4489-BC7E-85FD98F84AFA}C:\programdata\battle.net\agent\agent.3235\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3235\agent.exe
FirewallRules: [TCP Query User{3C903BD3-1C9D-45F7-A164-91346187BC17}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [UDP Query User{F62A2747-502D-4B4A-A074-DF8667DA9846}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [TCP Query User{4BAA8922-CA06-4BCF-8D33-397AF8AE8DC6}C:\programdata\battle.net\agent\agent.3322\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3322\agent.exe
FirewallRules: [UDP Query User{45E2AD9B-53D8-4BC8-86EF-B71B45D7D3B8}C:\programdata\battle.net\agent\agent.3322\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3322\agent.exe
FirewallRules: [TCP Query User{AE33E6D2-64D3-4985-A176-DDAA07FD48C5}C:\programdata\battle.net\agent\agent.3323\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3323\agent.exe
FirewallRules: [UDP Query User{E57ED2ED-25F1-41EE-A910-E152D164A8C3}C:\programdata\battle.net\agent\agent.3323\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3323\agent.exe
FirewallRules: [TCP Query User{49DCC170-17C3-417A-B6A8-262FEDD54D78}C:\programdata\battle.net\agent\agent.3334\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3334\agent.exe
FirewallRules: [UDP Query User{75129978-2759-4572-91B2-27FD91DF6B5C}C:\programdata\battle.net\agent\agent.3334\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3334\agent.exe
FirewallRules: [TCP Query User{E731E6F0-8BD7-42FE-82E0-828E98AAA452}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [UDP Query User{2F673AF5-BDD7-40B4-AA11-72515EFF3AC6}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [TCP Query User{5EEB6C51-0181-4B0F-96BB-1D19BA03B257}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [UDP Query User{2A812201-492D-4AA2-9405-9ABB3E76B0A2}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [{A5937626-5F88-4B6D-9DB4-197AD425B27E}] => (Block) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [{031B22B4-C008-4748-8C1B-708305517680}] => (Block) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [TCP Query User{EC4777F3-2B32-4BD2-AE0C-1D0C1F1077DE}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{7689EC76-768D-46DB-8B75-53F849C42582}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{7A65E04C-BF4B-45D3-87C3-08E4B326B38D}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [UDP Query User{8F24E579-3BE0-40EB-9236-2F9E7B9F780F}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [TCP Query User{83C4EAD0-D748-4621-A8A8-203E04A4B6F5}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [UDP Query User{A0E58502-C005-4793-A750-0178448426AA}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [{6C62441D-93E3-4472-9157-8DB7B40E2240}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F43A93D-7CDB-4049-A431-1DAF7021936D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{A1B7C804-6B29-4F19-AA59-14372AE7FC7B}C:\programdata\battle.net\agent\agent.3454\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3454\agent.exe
FirewallRules: [UDP Query User{66CA1ED4-EED1-45B4-9AE2-C418EFFDC1D4}C:\programdata\battle.net\agent\agent.3454\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3454\agent.exe
FirewallRules: [TCP Query User{6AD05FB7-2ECB-4E5B-B456-CD9E85F26E5E}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [UDP Query User{E9E014F7-94F3-46ED-A399-E6AD263EB68D}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [TCP Query User{1EFBC12B-1919-4032-9966-D388AB339197}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{59C975F6-F7E7-44E6-88F9-67E961008334}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [TCP Query User{E63D656C-8DEA-477F-83CF-C41198A1E9CB}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{64EC3620-A7E9-4195-B489-6B17D274F546}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{D5F5F0A1-B604-4614-B240-251D5F4A6E1A}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{06EC7787-15A7-4223-BBF7-688EEA31D08F}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AADF7516-150A-4207-BA00-C67153151CA9}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3ED4F556-1991-4517-9613-94957A70653F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C44D8A7D-5146-4D3B-8DEB-0B1641E9D398}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{1E8F30C9-0B97-40B1-9B1E-7963F474BE0A}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [UDP Query User{53503480-768A-48ED-AA82-F60BDC3B5D53}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [TCP Query User{21F73B8E-2C67-44BD-9A9E-C639538A10DB}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [UDP Query User{4F039BF1-BF50-4941-BBAD-506FDE60019A}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [TCP Query User{96CB08FE-065D-4559-BA04-116ECFAFF4DC}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [UDP Query User{12DA14F2-767A-4FF8-B8A9-1213D211B8BE}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [TCP Query User{490D1C2D-537C-49DE-A49F-F8ED4FF7522D}C:\programdata\battle.net\agent\agent.3669\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3669\agent.exe
FirewallRules: [UDP Query User{3E9707DE-FBD1-40F1-A478-764E3EF43D85}C:\programdata\battle.net\agent\agent.3669\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3669\agent.exe
FirewallRules: [{AA69EB62-EC51-4C85-BE47-EE37C6ABD8C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BB9BE20-7593-430C-8CAD-DD06419D02DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E57F0A44-6223-4243-8491-2B498A3CB133}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [UDP Query User{EE3B99EF-E043-4B0C-BA64-6487062B4257}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [TCP Query User{1B55AA76-9F23-4083-A253-8C2202C6A914}C:\programdata\battle.net\agent\agent.3689\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3689\agent.exe
FirewallRules: [UDP Query User{D31DD184-6291-46C4-93F7-6F43D4D584E4}C:\programdata\battle.net\agent\agent.3689\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3689\agent.exe
FirewallRules: [TCP Query User{4C686609-CFCC-4CF2-82BD-D7B42799CAB3}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3715\agent.exe
FirewallRules: [UDP Query User{E04DE016-1E60-4B6B-8089-1D45690AC595}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3715\agent.exe
FirewallRules: [TCP Query User{658EE703-6E5D-48E4-9079-26DEC32FFF99}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F92D1319-EC97-4515-876D-1728330B96EC}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{4E4B103B-2558-46E2-9561-C95F1DF0524C}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{974A16E9-04C8-4935-B4DC-EC6D8E1EFE20}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{DD360DEA-2BD7-40B8-B3BC-3A902C904C1B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AAC7B5A3-37F8-44F2-BB01-3540FABC87DB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{ED006776-2D80-4A94-B56C-3BCAA1DECC8B}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4739B6FE-2DCA-414B-8EB9-CF2D41C07A1E}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F4186844-A288-459D-AE00-ACC2907DAC33}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A788A953-CFF1-42CD-A3BA-12F9EA485F39}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0D31CF9D-0632-4303-9DFF-7B726C4371E8}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{328C171A-7B53-4666-A05A-8F26CB3CD13B}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0CBA8157-5075-41CE-A850-66F643D6A595}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E3B1C544-0F6A-4D62-B29D-F6C9F78FF7CE}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{08BB7E6C-F9BB-4612-9D57-8D99B5E41ECB}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AF34A6E7-4003-4F38-BAD6-12E9B583E9E6}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6E0BFFD8-A2E5-4328-AA57-3F73188386BA}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5968A8E9-A73E-42EC-A60B-D524104CEF1D}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C0C2B911-2242-4A34-8AD2-26BCBFA6EBDA}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{31C401AC-9123-4FBE-A6C2-A4DA78FEFF1E}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{238A1C39-1C06-4C43-B383-F63C1C36D28A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{98507B51-6F21-4B81-BE4C-41916C86C407}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [TCP Query User{66BFD985-D0D2-42A3-9322-F8B913ABBE36}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{28073E8F-45D9-4DA7-9A5E-2A9A0D33C5C0}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{ED352F4F-2823-4C8C-82CC-3EC2DB45C3B2}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CD269D07-0B72-4608-981A-B767C80A3880}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
FirewallRules: [{496CB1BF-7A58-4D40-B38E-B335C839D793}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{1C195C95-D918-4A54-91F5-B3CF96BDE97E}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{70054E06-CF83-46E1-BED4-FA5E01BCCEE6}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{683D9518-9C53-4F1C-8E74-FB3C518FB682}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{2818D791-1923-4CEC-AF99-4321541C5BD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{244FA403-1BDB-4D68-86E5-6895CABD3F90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E3C390C4-235A-4221-A958-2D6D20E60653}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D396FB5A-3DB2-42B2-B0F7-60E334F6CEC6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E6A05851-831C-48DD-88B1-C32080E0E634}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5455AF3D-50AE-4D2A-9FF5-B7B6D7C037C3}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C2F3009C-C2B4-4439-828B-3B27ADEAA2E1}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [{ED86EC0D-ACA2-4954-9C10-3AD86B0AF753}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{53EF71C9-C255-4EAF-BC41-3D91B304302C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C69D6502-C16B-4F31-AC88-17F540566ADD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F56E7F49-AAF2-4755-B6B4-DD748EBA4410}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{FB04BE55-D7A7-464B-A3F0-99B6D47C12CD}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DBCB2DE5-81A6-47F0-BF3E-3DC81324D503}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [{AE09C0B5-D004-4146-A200-2824AF069031}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D4FF711F-1063-44A9-B045-7175151FA433}] => (Allow) C:\Users\Johannes\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{711C22C8-5871-498F-A076-C3FA448B05F7}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{7D1F946C-4B18-465B-B49A-2DE411988A94}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{837E7B56-F3E2-4731-8896-FC7EAD4F30BE}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{39C5CB44-C44F-42D1-8BB0-B50565D335B1}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{F5AC180A-F245-4502-86C1-71CF10A4757A}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{7646085C-4977-4C66-B9AA-176B8D47E797}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{B1A4FC68-1502-4408-B331-B9BDD66B517C}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{D0CC8F9E-2579-41EA-B840-E2852BA6BFBC}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{48A9182B-4BD2-43C1-892A-A4C4D66CA55E}] => (Allow) C:\Users\Johannes\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{0F4EB9B8-9744-404E-8276-A954DA59145F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD16B6C5-214E-4F1D-96F9-F4A693AF8E7D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{161E4654-9F1C-4FE0-9820-7070DD4FC5E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{858A748F-AB02-43A0-91A7-F30CFB83B84C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56FE4814-E2BD-490D-ACBE-326F860B3A69}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{B2CE2881-D1AC-4354-B4F7-BBE8ED71516B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{68B1F770-5C74-42A6-ABC1-5AE4F2734C23}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BCD0FE90-EA4C-49C9-A319-29E2972011BE}] => (Allow) LPort=2869
FirewallRules: [{B9FE2771-B7E4-415C-8E4B-0A7A78B91A33}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{30B11154-7823-41DF-918C-AC8F58846F9E}C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{553868C0-B2E1-44C6-9412-99C8B398E531}C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{AD96C59A-1A46-45DA-B6B5-02BD88AEE315}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C7068EF2-6FB6-4293-A841-ECB5894C8520}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [{0B2C3601-A992-4D16-B0AC-1558B664740F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{6CCCAB7B-9BBF-4E8C-83F4-DD6A0AE2E38A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

14-09-2017 10:40:33 Windows Update
15-09-2017 21:16:56 TubeBox
17-09-2017 17:44:09 Windows Update
20-09-2017 18:44:21 Windows Update
23-09-2017 21:31:42 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: VMware Bridge Protocol
Description: VMware Bridge Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VMnetBridge
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware Network Application Interface
Description: VMware Network Application Interface
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VMnetuserif
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware vmx86
Description: VMware vmx86
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: vmx86
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: VMware hcmon
Description: VMware hcmon
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: hcmon
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/26/2017 01:57:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3105

Error: (09/26/2017 01:57:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3105

Error: (09/26/2017 01:57:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2017 01:57:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106

Error: (09/26/2017 01:57:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106

Error: (09/26/2017 01:57:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2017 01:57:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1108

Error: (09/26/2017 01:57:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1108

Error: (09/26/2017 01:57:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2017 12:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9501


Systemfehler:
=============
Error: (09/23/2017 09:33:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.251.1360.0)

Error: (09/23/2017 09:32:39 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.251.1312.0

	Aktualisierungsquelle: Microsoft Update Server

	Aktualisierungsphase: Installieren

	Quellpfad: hxxp://www.microsoft.com

	Signaturtyp: AntiVirus

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.14104.0

	Fehlercode: 0x80070643

	Fehlerbeschreibung: Schwerwiegender Fehler bei der Installation.

Error: (09/21/2017 09:48:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.251.1261.0)

Error: (09/21/2017 09:48:00 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.251.1167.0

	Aktualisierungsquelle: Microsoft Update Server

	Aktualisierungsphase: Installieren

	Quellpfad: hxxp://www.microsoft.com

	Signaturtyp: AntiVirus

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.14104.0

	Fehlercode: 0x80070643

	Fehlerbeschreibung: Schwerwiegender Fehler bei der Installation.

Error: (09/19/2017 12:02:11 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/19/2017 12:02:11 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/19/2017 12:02:11 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/19/2017 12:02:11 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/19/2017 12:00:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/19/2017 12:00:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 3941.37 MB
Verfügbarer physikalischer RAM: 1717.11 MB
Summe virtueller Speicher: 7880.92 MB
Verfügbarer virtueller Speicher: 4885.84 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:297.87 GB) (Free:30.1 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C3FFC3FF)

Partition: GPT.

==================== Ende von Addition.txt ============================
         


Alt 26.09.2017, 21:32   #6
welcome77
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



Hier der Report vom tdsskiller:

Code:
ATTFilter
21:28:43.0941 0x1374  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
21:28:43.0941 0x1374  UEFI system
21:28:58.0810 0x1374  ============================================================
21:28:58.0810 0x1374  Current date / time: 2017/09/26 21:28:58.0810
21:28:58.0810 0x1374  SystemInfo:
21:28:58.0810 0x1374  
21:28:58.0810 0x1374  OS Version: 6.1.7601 ServicePack: 1.0
21:28:58.0810 0x1374  Product type: Workstation
21:28:58.0811 0x1374  ComputerName: JOHANNES-PC
21:28:58.0811 0x1374  UserName: Johannes
21:28:58.0812 0x1374  Windows directory: C:\Windows
21:28:58.0812 0x1374  System windows directory: C:\Windows
21:28:58.0812 0x1374  Running under WOW64
21:28:58.0812 0x1374  Processor architecture: Intel x64
21:28:58.0812 0x1374  Number of processors: 2
21:28:58.0812 0x1374  Page size: 0x1000
21:28:58.0812 0x1374  Boot type: Normal boot
21:28:58.0812 0x1374  CodeIntegrityOptions = 0x00000001
21:28:58.0812 0x1374  ============================================================
21:28:59.0371 0x1374  KLMD registered as C:\Windows\system32\drivers\91924612.sys
21:28:59.0372 0x1374  KLMD ARK init status: drvProperties = 0x7FF00, osBuild = 7601.23889, osProperties = 0x1
21:29:02.0661 0x1374  System UUID: {42970BC6-8F10-0921-7054-72C6EEA07D4B}
21:29:04.0374 0x1374  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:29:04.0380 0x1374  ============================================================
21:29:04.0380 0x1374  \Device\Harddisk0\DR0:
21:29:04.0380 0x1374  GPT partitions:
21:29:04.0381 0x1374  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {DD138F83-AD8F-40B6-8EAC-374922F3F38B}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
21:29:04.0381 0x1374  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D0F47269-FB60-4A08-AAE3-5B7EBFD3BBA2}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
21:29:04.0381 0x1374  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {09C75237-F861-44C4-970E-B4A86996F8A0}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x253BC000
21:29:04.0381 0x1374  MBR partitions:
21:29:04.0381 0x1374  ============================================================
21:29:04.0497 0x1374  C: <-> \Device\Harddisk0\DR0\Partition3
21:29:04.0497 0x1374  ============================================================
21:29:04.0497 0x1374  Initialize success
21:29:04.0497 0x1374  ============================================================
21:29:47.0968 0x21fc  ============================================================
21:29:47.0968 0x21fc  Scan started
21:29:47.0968 0x21fc  Mode: Manual; SigCheck; TDLFS; 
21:29:47.0968 0x21fc  ============================================================
21:29:47.0968 0x21fc  KSN ping started
21:29:48.0359 0x21fc  KSN ping finished: true
21:29:49.0351 0x21fc  ================ Scan system memory ========================
21:29:49.0352 0x21fc  System memory - ok
21:29:49.0359 0x21fc  ================ Scan services =============================
21:29:49.0998 0x21fc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:29:50.0097 0x21fc  1394ohci - ok
21:29:50.0168 0x21fc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:29:50.0230 0x21fc  ACPI - ok
21:29:50.0273 0x21fc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:29:50.0324 0x21fc  AcpiPmi - ok
21:29:50.0395 0x21fc  [ 5E813B11629007309E4FC0F0FD2B7C30, A8FDC3994D236248B7FAEA572E987C8D5903AF5305E06D624909DE786FA811BA ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
21:29:50.0554 0x21fc  ACPIVPC - ok
21:29:50.0744 0x21fc  [ 56FCC24867F2C87BF96EE9D17A4CC20E, 6DDEF1234D207C6CDE0298DD1DAC988AC6CD7716E4FDA01813D175AE50F6A022 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
21:29:50.0831 0x21fc  acsock - ok
21:29:51.0045 0x21fc  [ 9B112FDA1D5FB7B75627461001AC692A, 2EDF7C8FD59CD5FCD19FA528F60CBD6DDB9A8076AE0280B11D8EA8EAF7D39958 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:29:51.0082 0x21fc  AdobeARMservice - ok
21:29:51.0357 0x21fc  [ 3E27E2DAA6869642B2DCB85C777E38B7, FB60068DFEA117006D8236DE73CC5A9B65272C6F739E2C8D1DD771360B9D989F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:29:51.0495 0x21fc  AdobeFlashPlayerUpdateSvc - ok
21:29:51.0579 0x21fc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:29:51.0642 0x21fc  adp94xx - ok
21:29:51.0686 0x21fc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:29:51.0738 0x21fc  adpahci - ok
21:29:51.0796 0x21fc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:29:51.0835 0x21fc  adpu320 - ok
21:29:51.0887 0x21fc  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:29:51.0923 0x21fc  AeLookupSvc - ok
21:29:52.0032 0x21fc  [ 0DC2A9882540DEA4A55B08785E09D8FC, 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3 ] AFD             C:\Windows\system32\drivers\afd.sys
21:29:52.0104 0x21fc  AFD - ok
21:29:52.0159 0x21fc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:29:52.0190 0x21fc  agp440 - ok
21:29:52.0242 0x21fc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:29:52.0282 0x21fc  ALG - ok
21:29:52.0328 0x21fc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:29:52.0358 0x21fc  aliide - ok
21:29:52.0368 0x21fc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:29:52.0401 0x21fc  amdide - ok
21:29:52.0476 0x21fc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:29:52.0517 0x21fc  AmdK8 - ok
21:29:52.0536 0x21fc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:29:52.0581 0x21fc  AmdPPM - ok
21:29:52.0622 0x21fc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:29:52.0677 0x21fc  amdsata - ok
21:29:52.0713 0x21fc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:29:52.0802 0x21fc  amdsbs - ok
21:29:52.0822 0x21fc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:29:52.0844 0x21fc  amdxata - ok
21:29:52.0893 0x21fc  [ 449D90F1FB6402773C2F1ECCEAE15F74, D432D3F9D9AD14C70324B13C0A82A5BADC0EA4927B2E49B8BC31A5DEE6440374 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
21:29:52.0934 0x21fc  AMPPAL - ok
21:29:52.0953 0x21fc  [ 449D90F1FB6402773C2F1ECCEAE15F74, D432D3F9D9AD14C70324B13C0A82A5BADC0EA4927B2E49B8BC31A5DEE6440374 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
21:29:52.0997 0x21fc  AMPPALP - ok
21:29:53.0134 0x21fc  [ AB6E5B9333101E414D8F04BC570064F1, 4BB20C0ECE2C655B8E3A40E8C69A7B6974B73D3585AEDF47A0C52582D17BDAF6 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
21:29:53.0200 0x21fc  AMPPALR3 - ok
21:29:53.0263 0x21fc  [ C5D5B9BAF5A940953FE8393BF937AD60, 089985EB94755EBDC0D839173F2E7B29B104746DEF6CC503039E31D2791E2FDC ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
21:29:53.0289 0x21fc  AmUStor - ok
21:29:53.0349 0x21fc  [ 086CA47573FAF282C93BE3416E1B6D65, 608D208B9D5FDB8A6DAABA939EAC664FFBFA294FD53CCD21942C27F1B8FF016A ] AppID           C:\Windows\system32\drivers\appid.sys
21:29:53.0385 0x21fc  AppID - ok
21:29:53.0424 0x21fc  [ 5B502842E57F10BDC0301E15B98E3E26, 2FEC4F4409C9BF3A89E69C1806F8D9F37CF405E22971C68B5E297A43A8D6B3C4 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:29:53.0451 0x21fc  AppIDSvc - ok
21:29:53.0500 0x21fc  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
21:29:53.0532 0x21fc  Appinfo - ok
21:29:53.0609 0x21fc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:29:53.0641 0x21fc  arc - ok
21:29:53.0657 0x21fc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:29:53.0691 0x21fc  arcsas - ok
21:29:53.0971 0x21fc  [ 8637F3119057178364D200F2462E625C, 40CAE47AA6C6B23FEB95961FD06BB3EB075CA63BB91B54CB26215A368371B343 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:29:54.0130 0x21fc  aspnet_state - ok
21:29:54.0152 0x21fc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:54.0245 0x21fc  AsyncMac - ok
21:29:54.0302 0x21fc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:29:54.0330 0x21fc  atapi - ok
21:29:54.0421 0x21fc  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:29:54.0502 0x21fc  AudioEndpointBuilder - ok
21:29:54.0558 0x21fc  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:29:54.0637 0x21fc  AudioSrv - ok
21:29:54.0688 0x21fc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:29:54.0747 0x21fc  AxInstSV - ok
21:29:54.0841 0x21fc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:29:54.0904 0x21fc  b06bdrv - ok
21:29:54.0978 0x21fc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:55.0029 0x21fc  b57nd60a - ok
21:29:55.0465 0x21fc  [ 43AD3D3E7674833FCA9A7C4E7180AD54, 81CBF3146853FCCA26C14D23160892BD892269C5BB8B2167837339372BD38DA2 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:29:55.0783 0x21fc  BCM43XX - ok
21:29:55.0869 0x21fc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:29:55.0899 0x21fc  BDESVC - ok
21:29:55.0919 0x21fc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:29:55.0991 0x21fc  Beep - ok
21:29:56.0081 0x21fc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:29:56.0179 0x21fc  BFE - ok
21:29:56.0268 0x21fc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
21:29:56.0420 0x21fc  BITS - ok
21:29:56.0479 0x21fc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:56.0514 0x21fc  blbdrive - ok
21:29:56.0615 0x21fc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:29:56.0668 0x21fc  Bonjour Service - ok
21:29:56.0743 0x21fc  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:29:56.0783 0x21fc  bowser - ok
21:29:56.0824 0x21fc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:29:56.0863 0x21fc  BrFiltLo - ok
21:29:56.0871 0x21fc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:29:56.0911 0x21fc  BrFiltUp - ok
21:29:56.0953 0x21fc  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:29:57.0054 0x21fc  BridgeMP - ok
21:29:57.0099 0x21fc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:29:57.0140 0x21fc  Browser - ok
21:29:57.0166 0x21fc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:29:57.0217 0x21fc  Brserid - ok
21:29:57.0228 0x21fc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:57.0269 0x21fc  BrSerWdm - ok
21:29:57.0298 0x21fc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:57.0336 0x21fc  BrUsbMdm - ok
21:29:57.0354 0x21fc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:57.0387 0x21fc  BrUsbSer - ok
21:29:57.0574 0x21fc  [ D4D389ECC09405F351C1EB7C4F591B0C, E6B8D801E591C793A7CA35252D44A436D1BA35BECE46EDA12C393D4910A3D1A1 ] BstHdAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Service.exe
21:29:57.0634 0x21fc  BstHdAndroidSvc - ok
21:29:57.0688 0x21fc  [ A9D7DCEDAD90C21D9AF75199559825BC, 6FE4F520DCFD6814435A112662D0B9F1E04F42E2301B35C740C2DEADBDF48649 ] BstHdDrv        C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys
21:29:57.0728 0x21fc  BstHdDrv - ok
21:29:57.0847 0x21fc  [ 5DCF4EA66BE147BBBA3C08D9159B76DB, EE7680AA5C6CBF7C94CC4F62524AB1F537112C72F7F4B18D8150DB4EB5BAB9B2 ] BstHdLogRotatorSvc C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
21:29:57.0907 0x21fc  BstHdLogRotatorSvc - ok
21:29:58.0006 0x21fc  [ 510ABEC164B92BCEAFEC4248EB6FF01C, 8AC898806D758DD9136B6C9F80F3144E64085F1A54B33C3783CC42CB2BB42F7B ] BstHdPlusAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
21:29:58.0071 0x21fc  BstHdPlusAndroidSvc - ok
21:29:58.0158 0x21fc  [ 95820BAC50416203BAB1AA3B1D5C6ED5, 472A7ECE8F11597620D27EF37204AF42B92290C228B267B4AA3B5066F40B60CD ] BstkDrv         C:\Program Files (x86)\Bluestacks\BstkDrv.sys
21:29:58.0208 0x21fc  BstkDrv - ok
21:29:58.0241 0x21fc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:29:58.0285 0x21fc  BTHMODEM - ok
21:29:58.0316 0x21fc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:29:58.0432 0x21fc  bthserv - ok
21:29:58.0466 0x21fc  [ 588762F716C2B7A2054AFBC3D58E5C21, CD44B0200B2E0A81073563BE84ECF9C092F4B5E9DC166A8F0690D6272913CCB7 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
21:29:58.0507 0x21fc  BTHSSecurityMgr - ok
21:29:58.0534 0x21fc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:29:58.0660 0x21fc  cdfs - ok
21:29:58.0701 0x21fc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:29:58.0747 0x21fc  cdrom - ok
21:29:58.0794 0x21fc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:29:58.0898 0x21fc  CertPropSvc - ok
21:29:58.0920 0x21fc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:29:58.0968 0x21fc  circlass - ok
21:29:59.0050 0x21fc  [ 3963FEC1892368DD500E6ED1F5C286CE, A04689CB07AF1C1B4B1032B0ACAD88DA3EB03D89A575C59FE602A65E8C246138 ] CLFS            C:\Windows\system32\CLFS.sys
21:29:59.0133 0x21fc  CLFS - ok
21:29:59.0765 0x21fc  [ 1475C7821E9E919D14817D46C830D28B, 4ACC419736027184278915345BF10CBAAFB93B6F50A789CBC675FA126DAFC1A6 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
21:30:00.0095 0x21fc  ClickToRunSvc - ok
21:30:00.0247 0x21fc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:00.0332 0x21fc  clr_optimization_v2.0.50727_32 - ok
21:30:00.0470 0x21fc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:30:00.0534 0x21fc  clr_optimization_v2.0.50727_64 - ok
21:30:00.0759 0x21fc  [ 2BA609641FA64BAB02ACD3C0095672F5, FD1FE403864F0564CA4A2F1D7415649B8FFE16F8ED33C4B44ACB21767118AD5F ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:30:01.0072 0x21fc  clr_optimization_v4.0.30319_32 - ok
21:30:01.0105 0x21fc  [ 7C7502CD2A2CFAB399D0D8DA95DB03E7, 4AE53B468CF597FCFD912A6EEE27E87EE4D9BC73F2A794FB5DF5DA46C1DD1289 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:30:01.0254 0x21fc  clr_optimization_v4.0.30319_64 - ok
21:30:01.0303 0x21fc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:30:01.0336 0x21fc  CmBatt - ok
21:30:01.0362 0x21fc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:30:01.0389 0x21fc  cmdide - ok
21:30:01.0522 0x21fc  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:30:01.0598 0x21fc  CNG - ok
21:30:01.0638 0x21fc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:30:01.0666 0x21fc  Compbatt - ok
21:30:01.0699 0x21fc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:30:01.0739 0x21fc  CompositeBus - ok
21:30:01.0752 0x21fc  COMSysApp - ok
21:30:02.0025 0x21fc  [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:30:02.0075 0x21fc  cphs - ok
21:30:02.0119 0x21fc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:30:02.0147 0x21fc  crcdisk - ok
21:30:02.0214 0x21fc  [ 48FEDBE324F1EA9417BA1D62AE863011, 2C3D84F0842237A3BF2838DDB4126807977EB36588FA669B1E6671077584EF18 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:30:02.0264 0x21fc  CryptSvc - ok
21:30:02.0502 0x21fc  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
21:30:02.0542 0x21fc  dbupdate - ok
21:30:02.0572 0x21fc  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
21:30:02.0609 0x21fc  dbupdatem - ok
21:30:02.0657 0x21fc  dbx - ok
21:30:02.0707 0x21fc  [ 7F9D1FFB41D77DFA105E139881A86210, 6EC44131F7A89B0FCA736C5E52309706365909C155FC4DB5BF6F642BCFB0C1B4 ] DbxSvc          C:\Windows\system32\DbxSvc.exe
21:30:02.0738 0x21fc  DbxSvc - ok
21:30:02.0830 0x21fc  [ 3F1A199859B4F3F8357B2A0AF5666A54, B0ACE9384088B7D0E54CF82BF48D4FEAA518BDEF98A294BA8F5A37DFF0E45328 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:30:02.0908 0x21fc  DcomLaunch - ok
21:30:02.0965 0x21fc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:30:03.0079 0x21fc  defragsvc - ok
21:30:03.0132 0x21fc  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:30:03.0172 0x21fc  DfsC - ok
21:30:03.0225 0x21fc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:30:03.0279 0x21fc  Dhcp - ok
21:30:03.0524 0x21fc  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
21:30:03.0682 0x21fc  DiagTrack - ok
21:30:03.0712 0x21fc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:30:03.0806 0x21fc  discache - ok
21:30:03.0876 0x21fc  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
21:30:03.0909 0x21fc  Disk - ok
21:30:03.0972 0x21fc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:30:04.0017 0x21fc  Dnscache - ok
21:30:04.0076 0x21fc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:30:04.0183 0x21fc  dot3svc - ok
21:30:04.0208 0x21fc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:30:04.0309 0x21fc  DPS - ok
21:30:04.0382 0x21fc  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:30:04.0413 0x21fc  drmkaud - ok
21:30:04.0523 0x21fc  [ 5CEF80AE869336376F550ECAE91E424A, 49152AC35556A5629AE7A4A762FDB2112FAD1C9CDB91E6196172809F74A3149A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:30:04.0620 0x21fc  DXGKrnl - ok
21:30:04.0683 0x21fc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:30:04.0785 0x21fc  EapHost - ok
21:30:05.0044 0x21fc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:30:05.0309 0x21fc  ebdrv - ok
21:30:05.0357 0x21fc  [ 00A54A6CEDF599AABB72C20E0815BC37, 09835A43E1A17396BDC88BB38EF66EA8854913040347D9893EBF8550D0AA1452 ] EFS             C:\Windows\System32\lsass.exe
21:30:05.0391 0x21fc  EFS - ok
21:30:05.0530 0x21fc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:30:05.0626 0x21fc  ehRecvr - ok
21:30:05.0643 0x21fc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:30:05.0683 0x21fc  ehSched - ok
21:30:05.0767 0x21fc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:30:05.0831 0x21fc  elxstor - ok
21:30:05.0841 0x21fc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:30:05.0873 0x21fc  ErrDev - ok
21:30:05.0954 0x21fc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:30:06.0073 0x21fc  EventSystem - ok
21:30:06.0273 0x21fc  [ 64D25284A4E9D11CA0722AF3F30FD970, C7C40CA8AC444F7B0F88086396C17316348480EBA09109222897B5A42AD655DF ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:30:06.0338 0x21fc  EvtEng - ok
21:30:06.0400 0x21fc  [ 7E45F8B117419ABA3BB26579F6E70324, 03FE86519860153E1BE571F10ACC9BA58FFB5A661C5C3EBDF3B77973BCD96C84 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:30:06.0446 0x21fc  exfat - ok
21:30:06.0491 0x21fc  [ 6EDFA237D25433C03F42FBFDB16BDD24, A30F89A40F7AFC475D3C2D3591FB9AFC06AE3FEBC915FDCB24ED77946FBA4E2C ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:30:06.0538 0x21fc  fastfat - ok
21:30:06.0686 0x21fc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:30:06.0766 0x21fc  Fax - ok
21:30:06.0792 0x21fc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:30:06.0839 0x21fc  fdc - ok
21:30:06.0872 0x21fc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:30:06.0965 0x21fc  fdPHost - ok
21:30:06.0975 0x21fc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:30:07.0068 0x21fc  FDResPub - ok
21:30:07.0108 0x21fc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:30:07.0140 0x21fc  FileInfo - ok
21:30:07.0151 0x21fc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:30:07.0245 0x21fc  Filetrace - ok
21:30:07.0255 0x21fc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:30:07.0288 0x21fc  flpydisk - ok
21:30:07.0328 0x21fc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:30:07.0376 0x21fc  FltMgr - ok
21:30:07.0522 0x21fc  [ 785F474FB5E67E448E1931C98E8D0ABC, 911697D580CBF508A6F4A52D4F95A6976CF9A0EC3549076A8D0B5C8BD947C989 ] FontCache       C:\Windows\system32\FntCache.dll
21:30:07.0643 0x21fc  FontCache - ok
21:30:07.0698 0x21fc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:30:07.0725 0x21fc  FontCache3.0.0.0 - ok
21:30:07.0760 0x21fc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:30:07.0791 0x21fc  FsDepends - ok
21:30:07.0835 0x21fc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:30:07.0865 0x21fc  Fs_Rec - ok
21:30:07.0943 0x21fc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:30:08.0007 0x21fc  fvevol - ok
21:30:08.0055 0x21fc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:30:08.0086 0x21fc  gagp30kx - ok
21:30:08.0190 0x21fc  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
21:30:08.0281 0x21fc  gpsvc - ok
21:30:08.0386 0x21fc  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:08.0419 0x21fc  gupdate - ok
21:30:08.0449 0x21fc  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:08.0481 0x21fc  gupdatem - ok
21:30:08.0509 0x21fc  hcmon - ok
21:30:08.0548 0x21fc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:30:08.0593 0x21fc  hcw85cir - ok
21:30:08.0658 0x21fc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:30:08.0721 0x21fc  HdAudAddService - ok
21:30:08.0742 0x21fc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:30:08.0789 0x21fc  HDAudBus - ok
21:30:08.0818 0x21fc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:30:08.0854 0x21fc  HidBatt - ok
21:30:08.0870 0x21fc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:30:08.0915 0x21fc  HidBth - ok
21:30:08.0936 0x21fc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:30:08.0977 0x21fc  HidIr - ok
21:30:09.0005 0x21fc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
21:30:09.0099 0x21fc  hidserv - ok
21:30:09.0135 0x21fc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:30:09.0167 0x21fc  HidUsb - ok
21:30:09.0327 0x21fc  [ 79DDC6AA15247A38E18131D5F680845C, AFB7F05F5854861A7271B913143CE9364DBEB8708C8088E3BDE61551AB24BC55 ] HiSuiteOuc64.exe C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
21:30:09.0358 0x21fc  HiSuiteOuc64.exe - ok
21:30:09.0412 0x21fc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:30:09.0509 0x21fc  hkmsvc - ok
21:30:09.0553 0x21fc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:30:09.0601 0x21fc  HomeGroupListener - ok
21:30:09.0644 0x21fc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:30:09.0689 0x21fc  HomeGroupProvider - ok
21:30:09.0730 0x21fc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:30:09.0763 0x21fc  HpSAMD - ok
21:30:09.0877 0x21fc  [ CF5C9BD985120781200D35FD445D0BD5, 91B37F595A196542458CBBCDAD80779721D228A7030A34E55995DDBB06649248 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:30:09.0992 0x21fc  HTTP - ok
21:30:10.0147 0x21fc  [ C7F0B7C4B72ED9FA5B2043C9D375E3E1, 38A098258A7D72E1E3D71D779FA7ED653572832A58EA866BB433FB0A5FC5ED73 ] HuaweiHiSuiteService64.exe C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
21:30:10.0188 0x21fc  HuaweiHiSuiteService64.exe - ok
21:30:10.0293 0x21fc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:30:10.0322 0x21fc  hwpolicy - ok
21:30:10.0377 0x21fc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:30:10.0423 0x21fc  i8042prt - ok
21:30:10.0507 0x21fc  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:30:10.0577 0x21fc  iaStor - ok
21:30:10.0689 0x21fc  [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:30:10.0715 0x21fc  IAStorDataMgrSvc - ok
21:30:10.0773 0x21fc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:30:10.0830 0x21fc  iaStorV - ok
21:30:10.0943 0x21fc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:30:11.0048 0x21fc  idsvc - ok
21:30:11.0062 0x21fc  IEEtwCollectorService - ok
21:30:11.0493 0x21fc  [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:30:11.0905 0x21fc  igfx - ok
21:30:11.0941 0x21fc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:30:11.0965 0x21fc  iirsp - ok
21:30:12.0055 0x21fc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:30:12.0150 0x21fc  IKEEXT - ok
21:30:12.0547 0x21fc  [ BB0D3D57C25D6C5215077A8FAA7AD4B3, 886B543BB75F01F8EE7C8BC1603189259248B8EC397BD851ECBBB0DDAE1D2D69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:30:12.0961 0x21fc  IntcAzAudAddService - ok
21:30:13.0058 0x21fc  [ 2D66067C7A8A0112156BCD1C0BAA7042, 89F77EEE59FF3AD2E777DA15187F1447F6E112E8831417A0DE656ACB82E7B22E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:30:13.0123 0x21fc  Intel(R) Capability Licensing Service Interface - ok
21:30:13.0176 0x21fc  [ C9DCE1CB628AEED3C0C30ABBF4F1E718, 794E6BE05010E315C321DA75ED8FF427CAF3C2AA7C723B267CB22A5D9FC8C4C8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
21:30:13.0209 0x21fc  Intel(R) ME Service - ok
21:30:13.0240 0x21fc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:30:13.0269 0x21fc  intelide - ok
21:30:13.0311 0x21fc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:30:13.0349 0x21fc  intelppm - ok
21:30:13.0391 0x21fc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:30:13.0509 0x21fc  IPBusEnum - ok
21:30:13.0527 0x21fc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:13.0635 0x21fc  IpFilterDriver - ok
21:30:13.0732 0x21fc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:30:13.0808 0x21fc  iphlpsvc - ok
21:30:13.0824 0x21fc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:30:13.0861 0x21fc  IPMIDRV - ok
21:30:13.0876 0x21fc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:30:13.0975 0x21fc  IPNAT - ok
21:30:14.0027 0x21fc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:30:14.0071 0x21fc  IRENUM - ok
21:30:14.0080 0x21fc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:30:14.0108 0x21fc  isapnp - ok
21:30:14.0164 0x21fc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:30:14.0211 0x21fc  iScsiPrt - ok
21:30:14.0264 0x21fc  [ 6BCEF45131C8B8E1C558BE540B190B3C, DFFED7FD9DCC15808184E65065DE6138FE010AC01217E5016B2D20A5B89AC570 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:30:14.0289 0x21fc  iusb3hcs - ok
21:30:14.0347 0x21fc  [ F080EADA8715F811B58BD35BB774F2F9, 06D5A70CBA89561A71B9CB64D7A298767F098395411A7022F414C7D0AC89A44D ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
21:30:14.0411 0x21fc  iusb3hub - ok
21:30:14.0488 0x21fc  [ 0F1756D9396740F053221FA6260FCE66, 0B722BF6BCF66BBD49DE0E92555742976AB33319CF504461A50181BF7A77E886 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:30:14.0570 0x21fc  iusb3xhc - ok
21:30:14.0610 0x21fc  [ 3628933AF5305EAB8173949BFF912F04, 8609C196B8D5D941CE7181E849A7C44E658BD66995D1405B80D42F1C029B09EB ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:30:14.0656 0x21fc  jhi_service - ok
21:30:14.0686 0x21fc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:14.0719 0x21fc  kbdclass - ok
21:30:14.0738 0x21fc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:30:14.0779 0x21fc  kbdhid - ok
21:30:14.0812 0x21fc  [ 00A54A6CEDF599AABB72C20E0815BC37, 09835A43E1A17396BDC88BB38EF66EA8854913040347D9893EBF8550D0AA1452 ] KeyIso          C:\Windows\system32\lsass.exe
21:30:14.0841 0x21fc  KeyIso - ok
21:30:14.0880 0x21fc  [ 7635071BC8EDBC8B501F4EF2B0A82820, 276A5672196EF3990FB1A2CE646B6B92241580E1BB96BCCA3CBDC781CF42111A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:30:14.0909 0x21fc  KSecDD - ok
21:30:14.0937 0x21fc  [ 033937305C234FC8215A4692193AA43E, 1E48CA1F8020F9DA0778A0F39A69C3B918CF878B152A3B38A5D3B9892154B6DB ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:30:14.0967 0x21fc  KSecPkg - ok
21:30:15.0008 0x21fc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:30:15.0083 0x21fc  ksthunk - ok
21:30:15.0129 0x21fc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:30:15.0223 0x21fc  KtmRm - ok
21:30:15.0273 0x21fc  [ E84DA1A93978B3700EA63414357B9BA3, B6119D23457CDEE2CCEBA433F5427B183387C3C54E9E51B42D7C79D1524727A4 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
21:30:15.0299 0x21fc  L1C - ok
21:30:15.0346 0x21fc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:30:15.0440 0x21fc  LanmanServer - ok
21:30:15.0477 0x21fc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:30:15.0578 0x21fc  LanmanWorkstation - ok
21:30:15.0659 0x21fc  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
21:30:15.0684 0x21fc  LHDmgr - ok
21:30:15.0723 0x21fc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:30:15.0818 0x21fc  lltdio - ok
21:30:15.0871 0x21fc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:30:15.0985 0x21fc  lltdsvc - ok
21:30:16.0003 0x21fc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:30:16.0097 0x21fc  lmhosts - ok
21:30:16.0161 0x21fc  [ BF22ACF4CF3734D61357E67F0521BC03, EDDFBDC4BE29BF26904B2DF7074F471711238469CDDBED1CA253A49B993F53DF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:30:16.0205 0x21fc  LMS - ok
21:30:16.0250 0x21fc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:30:16.0285 0x21fc  LSI_FC - ok
21:30:16.0305 0x21fc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:30:16.0339 0x21fc  LSI_SAS - ok
21:30:16.0351 0x21fc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:30:16.0383 0x21fc  LSI_SAS2 - ok
21:30:16.0398 0x21fc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:30:16.0436 0x21fc  LSI_SCSI - ok
21:30:16.0451 0x21fc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:30:16.0554 0x21fc  luafv - ok
21:30:16.0590 0x21fc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:30:16.0629 0x21fc  Mcx2Svc - ok
21:30:16.0646 0x21fc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:30:16.0676 0x21fc  megasas - ok
21:30:16.0724 0x21fc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:30:16.0781 0x21fc  MegaSR - ok
21:30:16.0837 0x21fc  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:30:16.0866 0x21fc  MEIx64 - ok
21:30:16.0904 0x21fc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:30:17.0002 0x21fc  MMCSS - ok
21:30:17.0033 0x21fc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:30:17.0125 0x21fc  Modem - ok
21:30:17.0149 0x21fc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:30:17.0190 0x21fc  monitor - ok
21:30:17.0226 0x21fc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:30:17.0256 0x21fc  mouclass - ok
21:30:17.0271 0x21fc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:30:17.0304 0x21fc  mouhid - ok
21:30:17.0363 0x21fc  [ 072D8646E23ECF8A3F5F0157017B4DB6, EBFB1459ECC5AF94C94FB49CEBC724542612680F0777E24B5AA6E062C0EE5D94 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:30:17.0396 0x21fc  mountmgr - ok
21:30:17.0495 0x21fc  [ 0EACD4459D14FBB121A0F8202F170225, 6C63A3D69D6A44E6E03863D2256A5C6EF2DCA56B18DC90B8F3AE8C8DF5D303EF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:30:17.0533 0x21fc  MozillaMaintenance - ok
21:30:17.0636 0x21fc  [ 3665AB2F67F4024F5F3F80335ED5322A, BE3DC246F176E00D7611A7E16FBC22615199F49EBCB4C90B0C107294E592BF8D ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
21:30:17.0695 0x21fc  MpFilter - ok
21:30:17.0747 0x21fc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:30:17.0787 0x21fc  mpio - ok
21:30:18.0013 0x21fc  [ AA12FAF01013F63348B722D3588550FF, AADE8C93BFE0830AE43AD649F62D7D7E25FC14107B172815EF9F4069C19ADFCC ] MpKsl72c8e1eb   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C632B318-AEC6-418D-A8E7-88E405E6B684}\MpKsl72c8e1eb.sys
21:30:18.0049 0x21fc  MpKsl72c8e1eb - ok
21:30:18.0080 0x21fc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:30:18.0176 0x21fc  mpsdrv - ok
21:30:18.0253 0x21fc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:30:18.0401 0x21fc  MpsSvc - ok
21:30:18.0459 0x21fc  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:30:18.0495 0x21fc  MRxDAV - ok
21:30:18.0543 0x21fc  [ F77E8ABD746B93B9B4F9C13250302C47, 7A6B705DCFA540E90A2A10F8B245CFF7BCB018152EF67D4B988366386E67AE10 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:18.0580 0x21fc  mrxsmb - ok
21:30:18.0627 0x21fc  [ FF1B4AF370481C25B078FEAEE5455EDC, 596DE4DB5B29F99CD89038B9426000E42D47A27FEF56135F219C83F94B10C1E5 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:18.0683 0x21fc  mrxsmb10 - ok
21:30:18.0735 0x21fc  [ 125B7C9D7372711EDBD5BFEE2E33CE60, 53ED38EBD558C1EE46EE0D3E39964730237991994946BE494806F7EC4A62D966 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:18.0779 0x21fc  mrxsmb20 - ok
21:30:18.0840 0x21fc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:30:18.0869 0x21fc  msahci - ok
21:30:18.0921 0x21fc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:30:18.0958 0x21fc  msdsm - ok
21:30:19.0006 0x21fc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:30:19.0056 0x21fc  MSDTC - ok
21:30:19.0089 0x21fc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:30:19.0192 0x21fc  Msfs - ok
21:30:19.0216 0x21fc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:30:19.0308 0x21fc  mshidkmdf - ok
21:30:19.0316 0x21fc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:30:19.0346 0x21fc  msisadrv - ok
21:30:19.0381 0x21fc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:30:19.0485 0x21fc  MSiSCSI - ok
21:30:19.0493 0x21fc  msiserver - ok
21:30:19.0532 0x21fc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:30:19.0624 0x21fc  MSKSSRV - ok
21:30:19.0781 0x21fc  [ 5ADED2C1239D7BD798E2C4EF9EAA1FA3, 6A462DAC110015F3E59610202714120C557674019A0196680B72031C50D7C474 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:30:19.0821 0x21fc  MsMpSvc - ok
21:30:19.0865 0x21fc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:19.0958 0x21fc  MSPCLOCK - ok
21:30:19.0976 0x21fc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:30:20.0076 0x21fc  MSPQM - ok
21:30:20.0118 0x21fc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:30:20.0176 0x21fc  MsRPC - ok
21:30:20.0192 0x21fc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:30:20.0220 0x21fc  mssmbios - ok
21:30:20.0238 0x21fc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:30:20.0317 0x21fc  MSTEE - ok
21:30:20.0325 0x21fc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:30:20.0353 0x21fc  MTConfig - ok
21:30:20.0363 0x21fc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:30:20.0387 0x21fc  Mup - ok
21:30:20.0450 0x21fc  [ E3B58E3011B207C5289D11173B30E298, 68BDF7DE4FD5E38D33DBAD2A2E05E32BABA8BBD85DBC4364AF7CD62C54C6B539 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:30:20.0483 0x21fc  MyWiFiDHCPDNS - ok
21:30:20.0548 0x21fc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:30:20.0661 0x21fc  napagent - ok
21:30:20.0736 0x21fc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:30:20.0801 0x21fc  NativeWifiP - ok
21:30:20.0933 0x21fc  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:30:21.0029 0x21fc  NDIS - ok
21:30:21.0070 0x21fc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:30:21.0163 0x21fc  NdisCap - ok
21:30:21.0188 0x21fc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:21.0281 0x21fc  NdisTapi - ok
21:30:21.0300 0x21fc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:21.0393 0x21fc  Ndisuio - ok
21:30:21.0410 0x21fc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:21.0490 0x21fc  NdisWan - ok
21:30:21.0500 0x21fc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:30:21.0585 0x21fc  NDProxy - ok
21:30:21.0612 0x21fc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:30:21.0687 0x21fc  NetBIOS - ok
21:30:21.0751 0x21fc  [ 734837208CAFD6E0959A7A0333C95C9D, 0B7CD6E3CE43ABE021DBE6516492E326265EC0273F2F4297187CE70602CB8CE1 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:30:21.0795 0x21fc  NetBT - ok
21:30:21.0847 0x21fc  [ 00A54A6CEDF599AABB72C20E0815BC37, 09835A43E1A17396BDC88BB38EF66EA8854913040347D9893EBF8550D0AA1452 ] Netlogon        C:\Windows\system32\lsass.exe
21:30:21.0881 0x21fc  Netlogon - ok
21:30:21.0933 0x21fc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:30:22.0054 0x21fc  Netman - ok
21:30:22.0262 0x21fc  [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:22.0334 0x21fc  NetMsmqActivator - ok
21:30:22.0349 0x21fc  [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:22.0389 0x21fc  NetPipeActivator - ok
21:30:22.0452 0x21fc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:30:22.0579 0x21fc  netprofm - ok
21:30:22.0607 0x21fc  [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:22.0660 0x21fc  NetTcpActivator - ok
21:30:22.0675 0x21fc  [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:22.0717 0x21fc  NetTcpPortSharing - ok
21:30:22.0762 0x21fc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:30:22.0793 0x21fc  nfrd960 - ok
21:30:22.0862 0x21fc  [ CE5F6E635FE4506AE6F2D6EB87425128, 3DB5ECF7CD2F2C3C010AA40CE57F1B3856E284BBA359FBC41A1B340E3180FD5F ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:30:22.0907 0x21fc  NisDrv - ok
21:30:22.0997 0x21fc  [ D630B510E1E3FF6BA12B705F47F115D9, 05D76065D5D9A82E53EA18CD2D0184338681A7BBD3CD5D6C44D1FA5CB1C63640 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
21:30:23.0056 0x21fc  NisSrv - ok
21:30:23.0136 0x21fc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:30:23.0191 0x21fc  NlaSvc - ok
21:30:23.0230 0x21fc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:30:23.0323 0x21fc  Npfs - ok
21:30:23.0365 0x21fc  [ 668B9EFF5CCA4542F435D2CD9CE3C778, 7409EF35D1DC0DE2BAB752694981FFA1F1855C7F11310366B80BD1EC3513262E ] nsi             C:\Windows\system32\nsisvc.dll
21:30:23.0405 0x21fc  nsi - ok
21:30:23.0426 0x21fc  [ BE313E566EEA2A4B7F9AAC9782A567D4, 377C624737B1A4FBC1DFF988F029B8ED9A368827C33A4FEEBA1B7937A87C2B47 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:30:23.0462 0x21fc  nsiproxy - ok
21:30:23.0636 0x21fc  [ 7FD5A7FB8F55254E9AF5666C653AF3CA, 5EE9805BB4A952AE455D08953FF12E55879776A521B3333F2730AC552DC17C48 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:30:23.0787 0x21fc  Ntfs - ok
21:30:23.0815 0x21fc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:30:23.0907 0x21fc  Null - ok
21:30:23.0954 0x21fc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:30:23.0993 0x21fc  nvraid - ok
21:30:24.0033 0x21fc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:30:24.0071 0x21fc  nvstor - ok
21:30:24.0120 0x21fc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:30:24.0155 0x21fc  nv_agp - ok
21:30:24.0174 0x21fc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:30:24.0211 0x21fc  ohci1394 - ok
21:30:24.0361 0x21fc  [ 33840F7285A70D308882A23AF6D65D7E, 08506691E5F4AAB76811B1B2BCB9A68731B771F27A0571489E363D26A6EF0D0C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:30:24.0408 0x21fc  ose - ok
21:30:24.0863 0x21fc  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:30:25.0213 0x21fc  osppsvc - ok
21:30:25.0616 0x21fc  [ E62964F4AF3EE449FC3A3BF7A00A8317, 397357CB35A1D3EDC1BC50480048AC52924D42F578B21212CA1BF8529B17BABC ] OverwolfUpdater C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
21:30:25.0732 0x21fc  OverwolfUpdater - ok
21:30:25.0792 0x21fc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:30:25.0847 0x21fc  p2pimsvc - ok
21:30:25.0897 0x21fc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:30:25.0960 0x21fc  p2psvc - ok
21:30:25.0997 0x21fc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:30:26.0034 0x21fc  Parport - ok
21:30:26.0076 0x21fc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:30:26.0108 0x21fc  partmgr - ok
21:30:26.0160 0x21fc  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:30:26.0208 0x21fc  PcaSvc - ok
21:30:26.0228 0x21fc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:30:26.0268 0x21fc  pci - ok
21:30:26.0294 0x21fc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:30:26.0322 0x21fc  pciide - ok
21:30:26.0361 0x21fc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:30:26.0404 0x21fc  pcmcia - ok
21:30:26.0442 0x21fc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:30:26.0472 0x21fc  pcw - ok
21:30:26.0531 0x21fc  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:30:26.0615 0x21fc  PEAUTH - ok
21:30:26.0854 0x21fc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:30:26.0889 0x21fc  PerfHost - ok
21:30:27.0061 0x21fc  [ BC5F8C5C7ACCD0B884FCB8B67616F537, 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27 ] pla             C:\Windows\system32\pla.dll
21:30:27.0197 0x21fc  pla - ok
21:30:27.0306 0x21fc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:30:27.0355 0x21fc  PlugPlay - ok
21:30:27.0392 0x21fc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:30:27.0424 0x21fc  PNRPAutoReg - ok
21:30:27.0454 0x21fc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:30:27.0508 0x21fc  PNRPsvc - ok
21:30:27.0588 0x21fc  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:30:27.0656 0x21fc  PolicyAgent - ok
21:30:27.0712 0x21fc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:30:27.0819 0x21fc  Power - ok
21:30:27.0861 0x21fc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:30:27.0956 0x21fc  PptpMiniport - ok
21:30:27.0974 0x21fc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:30:28.0009 0x21fc  Processor - ok
21:30:28.0070 0x21fc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:30:28.0113 0x21fc  ProfSvc - ok
21:30:28.0136 0x21fc  [ 00A54A6CEDF599AABB72C20E0815BC37, 09835A43E1A17396BDC88BB38EF66EA8854913040347D9893EBF8550D0AA1452 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:30:28.0166 0x21fc  ProtectedStorage - ok
21:30:28.0208 0x21fc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:30:28.0305 0x21fc  Psched - ok
21:30:28.0453 0x21fc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:30:28.0603 0x21fc  ql2300 - ok
21:30:28.0641 0x21fc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:30:28.0677 0x21fc  ql40xx - ok
21:30:28.0719 0x21fc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:30:28.0783 0x21fc  QWAVE - ok
21:30:28.0814 0x21fc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:30:28.0861 0x21fc  QWAVEdrv - ok
21:30:28.0870 0x21fc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:30:28.0961 0x21fc  RasAcd - ok
21:30:28.0993 0x21fc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:30:29.0088 0x21fc  RasAgileVpn - ok
21:30:29.0129 0x21fc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:30:29.0230 0x21fc  RasAuto - ok
21:30:29.0268 0x21fc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:29.0365 0x21fc  Rasl2tp - ok
21:30:29.0410 0x21fc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:30:29.0527 0x21fc  RasMan - ok
21:30:29.0547 0x21fc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:29.0645 0x21fc  RasPppoe - ok
21:30:29.0665 0x21fc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:30:29.0763 0x21fc  RasSstp - ok
21:30:29.0804 0x21fc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:30:29.0920 0x21fc  rdbss - ok
21:30:29.0937 0x21fc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:30:29.0982 0x21fc  rdpbus - ok
21:30:30.0009 0x21fc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:30.0084 0x21fc  RDPCDD - ok
21:30:30.0099 0x21fc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:30:30.0175 0x21fc  RDPENCDD - ok
21:30:30.0192 0x21fc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:30:30.0268 0x21fc  RDPREFMP - ok
21:30:30.0422 0x21fc  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:30:30.0465 0x21fc  RdpVideoMiniport - ok
21:30:30.0520 0x21fc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:30:30.0564 0x21fc  RDPWD - ok
21:30:30.0615 0x21fc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:30:30.0659 0x21fc  rdyboost - ok
21:30:30.0741 0x21fc  [ F3AF2B43F35DBB3A0EB9FEEEC7D62217, 5BFB97BFE94F52CE02DFB2B7E8A9AD34AE489B77BA689F63D733EFB65548D734 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:30:30.0774 0x21fc  RegSrvc - ok
21:30:30.0806 0x21fc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:30:30.0907 0x21fc  RemoteAccess - ok
21:30:30.0956 0x21fc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:30:31.0062 0x21fc  RemoteRegistry - ok
21:30:31.0121 0x21fc  [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:30:31.0150 0x21fc  RimUsb - ok
21:30:31.0191 0x21fc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:30:31.0291 0x21fc  RpcEptMapper - ok
21:30:31.0315 0x21fc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:30:31.0351 0x21fc  RpcLocator - ok
21:30:31.0432 0x21fc  [ 3F1A199859B4F3F8357B2A0AF5666A54, B0ACE9384088B7D0E54CF82BF48D4FEAA518BDEF98A294BA8F5A37DFF0E45328 ] RpcSs           C:\Windows\system32\rpcss.dll
21:30:31.0508 0x21fc  RpcSs - ok
21:30:31.0558 0x21fc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:30:31.0654 0x21fc  rspndr - ok
21:30:31.0681 0x21fc  [ 00A54A6CEDF599AABB72C20E0815BC37, 09835A43E1A17396BDC88BB38EF66EA8854913040347D9893EBF8550D0AA1452 ] SamSs           C:\Windows\system32\lsass.exe
21:30:31.0716 0x21fc  SamSs - ok
21:30:31.0731 0x21fc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:30:31.0769 0x21fc  sbp2port - ok
21:30:31.0822 0x21fc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:30:31.0949 0x21fc  SCardSvr - ok
21:30:31.0985 0x21fc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:30:32.0095 0x21fc  scfilter - ok
21:30:32.0234 0x21fc  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
21:30:32.0376 0x21fc  Schedule - ok
21:30:32.0462 0x21fc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:30:32.0579 0x21fc  SCPolicySvc - ok
21:30:32.0641 0x21fc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:30:32.0690 0x21fc  SDRSVC - ok
21:30:32.0740 0x21fc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:30:32.0772 0x21fc  secdrv - ok
21:30:32.0836 0x21fc  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
21:30:32.0871 0x21fc  seclogon - ok
21:30:32.0899 0x21fc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
21:30:32.0997 0x21fc  SENS - ok
21:30:33.0025 0x21fc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:30:33.0060 0x21fc  SensrSvc - ok
21:30:33.0084 0x21fc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:30:33.0118 0x21fc  Serenum - ok
21:30:33.0153 0x21fc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:30:33.0192 0x21fc  Serial - ok
21:30:33.0202 0x21fc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:30:33.0236 0x21fc  sermouse - ok
21:30:33.0287 0x21fc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:30:33.0388 0x21fc  SessionEnv - ok
21:30:33.0400 0x21fc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:30:33.0439 0x21fc  sffdisk - ok
21:30:33.0448 0x21fc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:30:33.0489 0x21fc  sffp_mmc - ok
21:30:33.0498 0x21fc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:30:33.0538 0x21fc  sffp_sd - ok
21:30:33.0546 0x21fc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:30:33.0580 0x21fc  sfloppy - ok
21:30:33.0649 0x21fc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:30:33.0769 0x21fc  SharedAccess - ok
21:30:33.0825 0x21fc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:30:33.0945 0x21fc  ShellHWDetection - ok
21:30:33.0981 0x21fc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:30:34.0011 0x21fc  SiSRaid2 - ok
21:30:34.0024 0x21fc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:30:34.0058 0x21fc  SiSRaid4 - ok
21:30:34.0194 0x21fc  [ E6DA1192D36D2D29FF8387917C2D70A6, 6F6AB7A2E45D7E05F5ED0B08B1ED9FFA03BDBFAF5E80F8B9E2C4D6CF6F74B851 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:30:34.0273 0x21fc  SkypeUpdate - ok
21:30:34.0321 0x21fc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:30:34.0421 0x21fc  Smb - ok
21:30:34.0470 0x21fc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:30:34.0507 0x21fc  SNMPTRAP - ok
21:30:34.0517 0x21fc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:30:34.0547 0x21fc  spldr - ok
21:30:34.0626 0x21fc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:30:34.0702 0x21fc  Spooler - ok
21:30:34.0981 0x21fc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:30:35.0383 0x21fc  sppsvc - ok
21:30:35.0406 0x21fc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:30:35.0505 0x21fc  sppuinotify - ok
21:30:35.0591 0x21fc  [ 9FDD80B815A7F29554FF6E0D77A7F60D, 768F1173063FDEDCFD98FF3D4E8D9A21E9F9C1E768C3C88D6649DF801F0D9044 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:30:35.0659 0x21fc  srv - ok
21:30:35.0718 0x21fc  [ D62B353400F2C1FD0A5E93F8BDA83715, D7CD9E9FC235C599F408862B65ED6025EDA335071C6B4F315431D6E82071B253 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:30:35.0782 0x21fc  srv2 - ok
21:30:35.0830 0x21fc  [ CAEAA7FF473E33DB8E5B72AB145907D3, 8BF6F274F975A600E6E63637C3F9E425EEE64198F4780C9818CA7856AD683CA2 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:30:35.0877 0x21fc  srvnet - ok
21:30:35.0931 0x21fc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:30:36.0040 0x21fc  SSDPSRV - ok
21:30:36.0054 0x21fc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:30:36.0154 0x21fc  SstpSvc - ok
21:30:36.0279 0x21fc  [ 7AE700179C4839F657D245319E234A06, 6EAEFE4A8CAF1A70F1BAD4DD457C6AEC080839542D4E5582376489800BE52E89 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:30:36.0364 0x21fc  Steam Client Service - ok
21:30:36.0410 0x21fc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:30:36.0448 0x21fc  stexstor - ok
21:30:36.0532 0x21fc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:30:36.0625 0x21fc  stisvc - ok
21:30:36.0668 0x21fc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:30:36.0695 0x21fc  swenum - ok
21:30:36.0757 0x21fc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:30:36.0892 0x21fc  swprv - ok
21:30:36.0977 0x21fc  [ 48A191AE1F810F3F76F04187BA6B0F14, 3401EF6B378F1BE60769132706D0EAACCBF9763644EF3DE4510A8F69C97AA56A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:30:37.0033 0x21fc  SynTP - ok
21:30:37.0213 0x21fc  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
21:30:37.0384 0x21fc  SysMain - ok
21:30:37.0419 0x21fc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:30:37.0473 0x21fc  TabletInputService - ok
21:30:37.0521 0x21fc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:30:37.0638 0x21fc  TapiSrv - ok
21:30:37.0839 0x21fc  [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:30:38.0016 0x21fc  Tcpip - ok
21:30:38.0184 0x21fc  [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:30:38.0346 0x21fc  TCPIP6 - ok
21:30:38.0426 0x21fc  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:30:38.0458 0x21fc  tcpipreg - ok
21:30:38.0496 0x21fc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:30:38.0527 0x21fc  TDPIPE - ok
21:30:38.0565 0x21fc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:30:38.0596 0x21fc  TDTCP - ok
21:30:38.0632 0x21fc  [ 4DD986720F7CB7A8A5D1226793097B9A, 9020375B45E9C966BF44CF425C127D7E0EC82EB99C7047F225C25402FF97743D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:30:38.0696 0x21fc  tdx - ok
21:30:38.0749 0x21fc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:30:38.0780 0x21fc  TermDD - ok
21:30:38.0877 0x21fc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:30:38.0961 0x21fc  TermService - ok
21:30:39.0006 0x21fc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:30:39.0057 0x21fc  Themes - ok
21:30:39.0095 0x21fc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:30:39.0194 0x21fc  THREADORDER - ok
21:30:39.0253 0x21fc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:30:39.0358 0x21fc  TrkWks - ok
21:30:39.0424 0x21fc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:30:39.0525 0x21fc  TrustedInstaller - ok
21:30:39.0576 0x21fc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:39.0608 0x21fc  tssecsrv - ok
21:30:39.0662 0x21fc  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:30:39.0695 0x21fc  TsUsbFlt - ok
21:30:39.0730 0x21fc  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:30:39.0761 0x21fc  TsUsbGD - ok
21:30:39.0801 0x21fc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:30:39.0899 0x21fc  tunnel - ok
21:30:39.0911 0x21fc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:30:39.0944 0x21fc  uagp35 - ok
21:30:39.0978 0x21fc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:30:40.0089 0x21fc  udfs - ok
21:30:40.0129 0x21fc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:30:40.0169 0x21fc  UI0Detect - ok
21:30:40.0195 0x21fc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:30:40.0228 0x21fc  uliagpkx - ok
21:30:40.0252 0x21fc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:30:40.0287 0x21fc  umbus - ok
21:30:40.0295 0x21fc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:30:40.0328 0x21fc  UmPass - ok
21:30:40.0446 0x21fc  [ B097EBA0E3FEB020BB65FE43AF5ECCFF, B8FE680EE49B633F3FAFD81E8CE5063397774F63636C9F3C280815114A0ABD0F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:30:40.0499 0x21fc  UNS - ok
21:30:40.0548 0x21fc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:30:40.0668 0x21fc  upnphost - ok
21:30:40.0740 0x21fc  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:30:40.0777 0x21fc  usbaudio - ok
21:30:40.0835 0x21fc  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
21:30:40.0871 0x21fc  usbccgp - ok
21:30:40.0912 0x21fc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:30:40.0949 0x21fc  usbcir - ok
21:30:40.0980 0x21fc  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:30:41.0016 0x21fc  usbehci - ok
21:30:41.0086 0x21fc  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
21:30:41.0142 0x21fc  usbhub - ok
21:30:41.0200 0x21fc  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:30:41.0232 0x21fc  usbohci - ok
21:30:41.0282 0x21fc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:30:41.0323 0x21fc  usbprint - ok
21:30:41.0371 0x21fc  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:30:41.0404 0x21fc  usbscan - ok
21:30:41.0450 0x21fc  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:41.0487 0x21fc  USBSTOR - ok
21:30:41.0516 0x21fc  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:30:41.0548 0x21fc  usbuhci - ok
21:30:41.0587 0x21fc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:30:41.0628 0x21fc  usbvideo - ok
21:30:41.0669 0x21fc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:30:41.0766 0x21fc  UxSms - ok
21:30:41.0792 0x21fc  [ 00A54A6CEDF599AABB72C20E0815BC37, 09835A43E1A17396BDC88BB38EF66EA8854913040347D9893EBF8550D0AA1452 ] VaultSvc        C:\Windows\system32\lsass.exe
21:30:41.0826 0x21fc  VaultSvc - ok
21:30:41.0877 0x21fc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:30:41.0906 0x21fc  vdrvroot - ok
21:30:41.0965 0x21fc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:30:42.0097 0x21fc  vds - ok
21:30:42.0115 0x21fc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:42.0155 0x21fc  vga - ok
21:30:42.0165 0x21fc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:30:42.0247 0x21fc  VgaSave - ok
21:30:42.0301 0x21fc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:30:42.0335 0x21fc  vhdmp - ok
21:30:42.0365 0x21fc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:30:42.0388 0x21fc  viaide - ok
21:30:42.0496 0x21fc  [ 8793B8146F58D54D07245CE5F722DA93, 89AF8CCA4CA603C06EB3E64B9230AAE561E6BE0D94841B4436A25AFF874E92AC ] vm331avs        C:\Windows\system32\Drivers\vm331avs.sys
21:30:42.0590 0x21fc  vm331avs - ok
21:30:42.0760 0x21fc  [ 688911427532BCD0FB6E840CD75BE77A, 5D6F2E6E4856EDEC89FA72B0D636E510B4A21CCCBCE50BCCDDD3398AFEE4B35B ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
21:30:42.0796 0x21fc  VMAuthdService - ok
21:30:42.0852 0x21fc  [ 23B3E571717D59C8B0A6963B79061B57, B41BF84972DE78FDD9FA1D69D0514FEABB238321A29608A5304D97EB6CC02B3F ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
21:30:42.0883 0x21fc  vmci - ok
21:30:42.0943 0x21fc  [ DCC85609E3B9BEA350386FF49E77839D, 01B5234676F2BD130193FBE60FDA78B746E6316167125C5B38EAE26E16A1206F ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
21:30:42.0970 0x21fc  vmkbd - ok
21:30:43.0004 0x21fc  VMnetAdapter - ok
21:30:43.0035 0x21fc  VMnetBridge - ok
21:30:43.0314 0x21fc  [ D845AD2EF17354B85A9C2564EFCBE692, 76E91C6A8FBB3F8DBAE4B665530201E5780DBBF1A3046528A7AF608B6D5C7B02 ] VMnetDHCP       C:\Windows\SysWOW64\vmnetdhcp.exe
21:30:43.0367 0x21fc  VMnetDHCP - ok
21:30:43.0376 0x21fc  VMnetuserif - ok
21:30:43.0533 0x21fc  [ 4AD6167F85CF70754D18222D33DB2F75, E2F4459E6065EE5212E87CDC5E3D6BC1414FAC8A13580037C1EA0BDF74DFD9CD ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
21:30:43.0626 0x21fc  VMUSBArbService - ok
21:30:43.0700 0x21fc  [ 21189E3D6E45A0537D326E2A41A31936, 9C76BC82973DC5B78ED6AAC07C293914C903FEF559CC055427CD3DD68A02E693 ] VMware NAT Service C:\Windows\SysWOW64\vmnat.exe
21:30:43.0757 0x21fc  VMware NAT Service - ok
21:30:43.0796 0x21fc  vmx86 - ok
21:30:43.0836 0x21fc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:30:43.0867 0x21fc  volmgr - ok
21:30:43.0939 0x21fc  [ 85C5468BC395819AE2A0C747334BA14C, 75EB4751F90F3347229442A5622539383CE0B1834EE7B995260D0D433BA2E25F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:30:43.0991 0x21fc  volmgrx - ok
21:30:44.0019 0x21fc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:30:44.0067 0x21fc  volsnap - ok
21:30:44.0330 0x21fc  [ 683150C8D37623EF5799E8658620ED3E, 22DB9BA5B12552CBD311B12B582360C1D53B9DA509FA304514A9A352A59AFA15 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
21:30:44.0415 0x21fc  vpnagent - ok
21:30:44.0458 0x21fc  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\Windows\system32\DRIVERS\vpnva64-6.sys
21:30:44.0489 0x21fc  vpnva - ok
21:30:44.0527 0x21fc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:30:44.0566 0x21fc  vsmraid - ok
21:30:44.0630 0x21fc  [ 7639A7B4A8E5204BB37B479C2D1C8934, 2A35B3A7B20EE3F5888A089D1E46A7FD7B2D86AB36D3401A224F7CD39ABE7F27 ] vsock           C:\Windows\system32\drivers\vsock.sys
21:30:44.0659 0x21fc  vsock - ok
21:30:44.0810 0x21fc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:30:45.0026 0x21fc  VSS - ok
21:30:45.0075 0x21fc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:30:45.0114 0x21fc  vwifibus - ok
21:30:45.0126 0x21fc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:30:45.0175 0x21fc  VWiFiFlt - ok
21:30:45.0190 0x21fc  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:30:45.0236 0x21fc  vwifimp - ok
21:30:45.0305 0x21fc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:30:45.0430 0x21fc  W32Time - ok
21:30:45.0465 0x21fc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:30:45.0498 0x21fc  WacomPen - ok
21:30:45.0522 0x21fc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:30:45.0617 0x21fc  WANARP - ok
21:30:45.0629 0x21fc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:30:45.0724 0x21fc  Wanarpv6 - ok
21:30:45.0918 0x21fc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:30:46.0041 0x21fc  WatAdminSvc - ok
21:30:46.0191 0x21fc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:30:46.0337 0x21fc  wbengine - ok
21:30:46.0389 0x21fc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:30:46.0454 0x21fc  WbioSrvc - ok
21:30:46.0514 0x21fc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:30:46.0588 0x21fc  wcncsvc - ok
21:30:46.0671 0x21fc  [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:30:46.0742 0x21fc  WcsPlugInService - ok
21:30:46.0770 0x21fc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:30:46.0798 0x21fc  Wd - ok
21:30:46.0896 0x21fc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:30:46.0983 0x21fc  Wdf01000 - ok
21:30:47.0034 0x21fc  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:30:47.0074 0x21fc  WdiServiceHost - ok
21:30:47.0087 0x21fc  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:30:47.0125 0x21fc  WdiSystemHost - ok
21:30:47.0179 0x21fc  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
21:30:47.0236 0x21fc  WebClient - ok
21:30:47.0275 0x21fc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:30:47.0388 0x21fc  Wecsvc - ok
21:30:47.0405 0x21fc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:30:47.0509 0x21fc  wercplsupport - ok
21:30:47.0543 0x21fc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:30:47.0643 0x21fc  WerSvc - ok
21:30:47.0677 0x21fc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:30:47.0769 0x21fc  WfpLwf - ok
21:30:47.0779 0x21fc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:30:47.0808 0x21fc  WIMMount - ok
21:30:47.0836 0x21fc  WinDefend - ok
21:30:47.0861 0x21fc  WinHttpAutoProxySvc - ok
21:30:47.0991 0x21fc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:30:48.0102 0x21fc  Winmgmt - ok
21:30:48.0291 0x21fc  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:30:48.0465 0x21fc  WinRM - ok
21:30:48.0532 0x21fc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:30:48.0565 0x21fc  WinUsb - ok
21:30:48.0655 0x21fc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:30:48.0769 0x21fc  Wlansvc - ok
21:30:49.0051 0x21fc  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:30:49.0239 0x21fc  wlidsvc - ok
21:30:49.0277 0x21fc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:30:49.0304 0x21fc  WmiAcpi - ok
21:30:49.0344 0x21fc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:30:49.0383 0x21fc  wmiApSrv - ok
21:30:49.0425 0x21fc  WMPNetworkSvc - ok
21:30:49.0458 0x21fc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:30:49.0492 0x21fc  WPCSvc - ok
21:30:49.0509 0x21fc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:30:49.0558 0x21fc  WPDBusEnum - ok
21:30:49.0579 0x21fc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:30:49.0673 0x21fc  ws2ifsl - ok
21:30:49.0697 0x21fc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
21:30:49.0752 0x21fc  wscsvc - ok
21:30:49.0762 0x21fc  WSearch - ok
21:30:50.0027 0x21fc  [ 88009DB9E1166B6B6713A858C176FECD, CBF4C63D3C5D14AF3C3F0D9C48E5AC9E7A4323BFB0363E9948FD801963BE1467 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:30:50.0303 0x21fc  wuauserv - ok
21:30:50.0368 0x21fc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:30:50.0403 0x21fc  WudfPf - ok
21:30:50.0440 0x21fc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:30:50.0485 0x21fc  WUDFRd - ok
21:30:50.0524 0x21fc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:30:50.0565 0x21fc  wudfsvc - ok
21:30:50.0624 0x21fc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:30:50.0674 0x21fc  WwanSvc - ok
21:30:50.0833 0x21fc  [ 74713CB32792F9C7632DAA7DA22CA974, 1B1D907F8F18AE22E36F371EE6417D068C01FB4F9413571444AF3845A27F3C4D ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:30:50.0899 0x21fc  ZeroConfigService - ok
21:30:50.0975 0x21fc  ================ Scan global ===============================
21:30:51.0037 0x21fc  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
21:30:51.0103 0x21fc  [ 100788FE26FF7A1E530DD2A7ABE855F1, 64FDD30D7986AB41E0A545558AB8F93D5B1AEDF5ACE4F40B9C7B1FB3A59442AA ] C:\Windows\system32\winsrv.dll
21:30:51.0139 0x21fc  [ 100788FE26FF7A1E530DD2A7ABE855F1, 64FDD30D7986AB41E0A545558AB8F93D5B1AEDF5ACE4F40B9C7B1FB3A59442AA ] C:\Windows\system32\winsrv.dll
21:30:51.0193 0x21fc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:30:51.0269 0x21fc  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:30:51.0292 0x21fc  [ Global ] - ok
21:30:51.0293 0x21fc  ================ Scan MBR ==================================
21:30:51.0324 0x21fc  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:30:51.0419 0x21fc  \Device\Harddisk0\DR0 - ok
21:30:51.0421 0x21fc  ================ Scan VBR ==================================
21:30:51.0425 0x21fc  [ 93885A43FA8DE4A28CC787B1F88081EA ] \Device\Harddisk0\DR0\Partition1
21:30:51.0427 0x21fc  \Device\Harddisk0\DR0\Partition1 - ok
21:30:51.0466 0x21fc  [ BABD689A5DEF1F3397C3E4C6E5520BF6 ] \Device\Harddisk0\DR0\Partition2
21:30:51.0466 0x21fc  \Device\Harddisk0\DR0\Partition2 - ok
21:30:51.0485 0x21fc  [ 76E32C2DABB35D1E6EE01F6A58D43541 ] \Device\Harddisk0\DR0\Partition3
21:30:51.0489 0x21fc  \Device\Harddisk0\DR0\Partition3 - ok
21:30:51.0489 0x21fc  ================ Scan generic autorun ======================
21:30:52.0398 0x21fc  [ 4320A7045EC51CCC554E607B1CE0FA26, 67BBCD69B54C4C02A91BA4D0960C4F31675DE3C5B06C74852061A754FCF4E0E0 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
21:30:53.0424 0x21fc  RtHDVCpl - ok
21:30:53.0536 0x21fc  [ 350AE710634AF327DDC90B897BBBA23A, E4F0C0D50894A9CA63311AC48EA22F7B9BCA35AE3AC71AD6259C0FAC6FA134B9 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:30:53.0625 0x21fc  RtHDVBg_Dolby - ok
21:30:53.0689 0x21fc  [ 02F2FE12B0C924D649F16073D0B011D1, E6D61ADD817A1DF882F176E901E55B99141F6D4FD848A97E47FF34BB7A36B28E ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
21:30:53.0728 0x21fc  AmIcoSinglun64 - ok
21:30:53.0730 0x21fc  SynTPEnh - ok
21:30:54.0395 0x21fc  [ 0EC61D81D929CDC4866450148AAE97F5, 76C1BA06B11A15EAEA637669DC00383AEBDA237A1D7DEA2580D1295EF35DF68C ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
21:30:55.0098 0x21fc  Energy Management - ok
21:30:55.0627 0x21fc  [ 9BD21473A5FB8192CE57E6C22D724626, BDC8E3585A75C058D5395612794D222BAFCCFD01B8AB92AB5F7D9118A545F12B ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
21:30:56.0143 0x21fc  EnergyUtility - ok
21:30:56.0216 0x21fc  [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\Windows\system32\igfxtray.exe
21:30:56.0248 0x21fc  IgfxTray - ok
21:30:56.0280 0x21fc  [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\Windows\system32\hkcmd.exe
21:30:56.0326 0x21fc  HotKeysCmds - ok
21:30:56.0385 0x21fc  [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\Windows\system32\igfxpers.exe
21:30:56.0434 0x21fc  Persistence - ok
21:30:56.0610 0x21fc  [ 7A727248EBC065BD2BB94A9B2892D190, B1E12ED3D07963EF0FA09B3ECD8AC3FBD316733D968A99C958DF7026B1BDFD99 ] c:\Program Files\Microsoft Security Client\msseces.exe
21:30:56.0753 0x21fc  MSC - ok
21:30:56.0861 0x21fc  [ 766AE515B1749F2141E418CC6C08515B, 02DDB5A7DB8278AA47A951604818E73DB69155DBF1ECD06B6E11926204EADAE7 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
21:30:56.0907 0x21fc  IAStorIcon - ok
21:30:57.0001 0x21fc  [ 4D241A6A8F6BA9FA32FF836551FFDCEA, DEE87DFB6A8E87D40E3653435223B54AF2AB232DDC02D22468C126C54096F006 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:30:57.0048 0x21fc  USB3MON - ok
21:30:57.0116 0x21fc  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
21:30:57.0141 0x21fc  HP Software Update - ok
21:30:57.0268 0x21fc  [ 7A727248EBC065BD2BB94A9B2892D190, B1E12ED3D07963EF0FA09B3ECD8AC3FBD316733D968A99C958DF7026B1BDFD99 ] C:\Program Files\Microsoft Security Client\msseces.exe
21:30:57.0413 0x21fc  Application Restart #0 - ok
21:30:57.0421 0x21fc  Waiting for KSN requests completion. In queue: 116
21:30:58.0566 0x21fc  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.10.209.0 ), 0x61000 ( enabled : updated )
21:30:58.0613 0x21fc  Win FW state via NFP2: enabled ( trusted )
21:30:58.0847 0x21fc  ============================================================
21:30:58.0847 0x21fc  Scan finished
21:30:58.0847 0x21fc  ============================================================
21:30:58.0868 0x1bf0  Detected object count: 0
21:30:58.0868 0x1bf0  Actual detected object count: 0
         

Alt 26.09.2017, 21:51   #7
M-K-D-B
/// TB-Ausbilder
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



Servus,





Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Image File Execution Options Schlüssel
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • Firewall
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware 3 (Bebilderte Anleitung)
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.





Schritt 3
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die zwei neuen Logdateien von FRST.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 27.09.2017, 00:15   #8
welcome77
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



AdwCleaner-Log:

Code:
ATTFilter
# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 26 20:54:36 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Image File Execution Options%s keys deleted
::Prefetch files deleted
::Proxy settings cleared
::Firewall rules cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [6162 B] - [2017/9/15 18:43:39]
C:/AdwCleaner/AdwCleaner[C1].txt - [1393 B] - [2017/9/15 18:52:10]
C:/AdwCleaner/AdwCleaner[S0].txt - [23239 B] - [2015/1/1 17:6:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [7005 B] - [2017/9/15 18:42:28]
C:/AdwCleaner/AdwCleaner[S2].txt - [1220 B] - [2017/9/15 18:51:58]
C:/AdwCleaner/AdwCleaner[S3].txt - [1291 B] - [2017/9/15 19:26:17]
C:/AdwCleaner/AdwCleaner[S4].txt - [1359 B] - [2017/9/26 20:53:29]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########
         
mbam.txt:

Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 26.09.17
Scan-Zeit: 23:06
Protokolldatei: 9c27fab6-a2fe-11e7-a20f-3c970eac10a0.json
Administrator: Ja

-Softwaredaten-
Version: 3.2.2.2029
Komponentenversion: 1.0.188
Version des Aktualisierungspakets: 1.0.2893
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Johannes-PC\Johannes

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 407921
Erkannte Bedrohungen: 36
In die Quarantäne verschobene Bedrohungen: 35
Abgelaufene Zeit: 39 Min., 47 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.SearchProtect.AppFlsh, HKU\S-1-5-21-3713904842-3737894215-1530784781-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [2141], [169670],1.0.2893

Registrierungswert: 2
PUP.Optional.SecurityProtection, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|DETGDP@GMAIL.COM, In Quarantäne, [11812], [242842],1.0.2893
PUP.Optional.FilesFrog, HKLM\SOFTWARE\CLASSES\SDP\SHELL\OPEN\COMMAND|, Entfernung fehlgeschlagen, [1640], [258347],1.0.2893

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 10
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\js\pack, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\js\lib, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\locale\en-US, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\locale\zh-CN, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\js, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\locale, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\skin, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA5P60R8.DEFAULT\EXTENSIONS\DETGDP@GMAIL.COM, In Quarantäne, [11812], [179501],1.0.2893

Datei: 23
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\js\lib\jquery-2.1.1.min.js, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\js\epurls.js, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\js\inject.js, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\js\restart.js, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\content\restartOverlay.xul, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\locale\en-US\restart.dtd, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\locale\zh-CN\restart.dtd, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\skin\icon.png, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\skin\iconsmall.png, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\skin\iconverysmall.png, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome\skin\restartfirefox.css, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\chrome.manifest, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\extensions\detgdp@gmail.com\install.rdf, In Quarantäne, [11812], [179501],1.0.2893
PUP.Optional.SecurityProtection, C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NOAJMLKIPCLMEOLFCNFLKJHIJKIGPFJH.CRX, In Quarantäne, [11812], [242840],1.0.2893
PUP.Optional.DownloadSponsor, C:\USERS\JOHANNES\DOWNLOADS\ANDY ANDROID EMULATOR 64 BIT - CHIP-INSTALLER.EXE, In Quarantäne, [517], [413936],1.0.2893
PUP.Optional.OpenCandy, C:\USERS\JOHANNES\DOWNLOADS\PHOTOSCAPE_V3.6.5.EXE, In Quarantäne, [520], [297667],1.0.2893
PUP.Optional.DownloadGuide, C:\USERS\JOHANNES\DOWNLOADS\TUBEBOX5.EXE, In Quarantäne, [182], [55900],1.0.2893
PUP.Optional.Somoto, C:\USERS\JOHANNES\DOWNLOADS\PDFCREATORSETUP-N7TVMBREP.EXE, In Quarantäne, [366], [301181],1.0.2893
PUP.Optional.SofTonic, C:\USERS\JOHANNES\DOWNLOADS\SOFTONICDOWNLOADER_FUER_MICROSOFT-LIFECAM.EXE, In Quarantäne, [3319], [8262],1.0.2893
PUP.Optional.CoolMirage, C:\USERS\JOHANNES\DOWNLOADS\THE_KOOKS_-_LISTEN_-_DELUXE_EDITION_2014.EXE, In Quarantäne, [6424], [301023],1.0.2893
PUP.Optional.SofTonic, C:\USERS\JOHANNES\DOWNLOADS\SOFTONICDOWNLOADER_FUER_DELICIOUS-EMILY-UND-DIE-TRAUMHOCHZEIT-SAMMLERED.EXE, In Quarantäne, [3319], [8262],1.0.2893

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         
die neue frst.txt

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2017 01
durchgeführt von Johannes (Administrator) auf JOHANNES-PC (27-09-2017 00:00:22)
Gestartet von C:\Users\Johannes\Desktop
Geladene Profile: Johannes (Verfügbare Profile: Johannes & Uni & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-12-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-08] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8069024 2013-11-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6201248 2013-11-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-09-20] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53649;https=127.0.0.1:53649
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{62DD59A3-AECC-42F1-B257-BDC13679AEF5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84567B36-88A2-4704-894E-0EF333596947}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-24] (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-06-24] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-24] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-06-24] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-31] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-24] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-31] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9ira0lt3.default
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Zotero\Zotero\Profiles\9ira0lt3.default [2017-09-26]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2017-09-22] [ist nicht signiert]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2017-09-22] [ist nicht signiert]
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default [2017-09-26]
FF Extension: (spottster.com) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\com.spottster.addon.firefox@jetpack.xpi [2016-04-27]
FF Extension: (Der Camelizer) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\izer@camelcamelcamel.com.xpi [2017-09-08]
FF Extension: (Zotero) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-09-16]
FF Extension: (Gutscheinaffe) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2017-09-08]
FF Extension: (Adblock Plus) - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\xa5p60r8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-12]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-11-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-24] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1420131101&from=wpm12311&uid=HGSTXHTS545032A7E380_TMA45C480EH8YM0EH8YMX
CHR Profile: C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default [2017-09-27]
CHR Extension: (Google Präsentationen) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-02]
CHR Extension: (Google Docs) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-15]
CHR Extension: (YouTube) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Google-Suche) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-02]
CHR Extension: (Скачать музыку Вконтакте) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hanjiajgnonaobdlklncdjdmpbomlhoa [2017-09-11]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-31]
CHR Extension: (Citavi Picker) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2017-03-29]
CHR Extension: (Google Mail) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [441880 2016-07-04] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [421400 2016-07-04] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [458264 2016-07-04] (BlueStack Systems, Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-09-20] (Dropbox, Inc.)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [137024 2014-01-28] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [204096 2014-01-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310960 2016-10-30] (Overwolf LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ACHTUNG (kein ServiceDLL)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-04] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-04] (Bluestack System Inc. )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-26] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-26] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-26] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-26] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-07] (Vimicro Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [X]
S1 MpKsl72c8e1eb; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C632B318-AEC6-418D-A8E7-88E405E6B684}\MpKsl72c8e1eb.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
S2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [X]
S2 vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-27 00:00 - 2017-09-27 00:04 - 000021817 _____ C:\Users\Johannes\Desktop\FRST.txt
2017-09-26 23:57 - 2017-09-26 23:57 - 000007976 _____ C:\Users\Johannes\Desktop\mbam.txt
2017-09-26 23:05 - 2017-09-26 23:54 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-26 23:05 - 2017-09-26 23:54 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-26 23:05 - 2017-09-26 23:54 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-26 23:05 - 2017-09-26 23:54 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-26 23:05 - 2017-09-26 23:05 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-26 23:05 - 2017-09-26 23:05 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-26 23:05 - 2017-09-26 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-26 23:05 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-26 23:04 - 2017-09-26 23:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-26 23:04 - 2017-09-26 23:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-26 23:03 - 2017-09-26 23:03 - 068408664 _____ (Malwarebytes ) C:\Users\Johannes\Downloads\mb3-setup-consumer-3.2.2.2029.exe
2017-09-26 22:46 - 2017-09-26 22:46 - 008182736 _____ (Malwarebytes) C:\Users\Johannes\Downloads\adwcleaner_7.0.2.1.exe
2017-09-26 21:28 - 2017-09-26 21:34 - 000213164 _____ C:\TDSSKiller.3.1.0.15_26.09.2017_21.28.43_log.txt
2017-09-26 21:28 - 2017-09-26 21:28 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Johannes\Desktop\tdsskiller.exe
2017-09-26 21:27 - 2017-09-26 21:28 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Johannes\Downloads\tdsskiller.exe
2017-09-26 20:54 - 2017-09-26 21:02 - 000076931 _____ C:\Users\Johannes\Downloads\Addition.txt
2017-09-26 20:50 - 2017-09-27 00:00 - 000000000 ____D C:\FRST
2017-09-26 20:50 - 2017-09-26 21:02 - 000069954 _____ C:\Users\Johannes\Downloads\FRST.txt
2017-09-26 20:35 - 2017-09-26 20:50 - 002399744 _____ (Farbar) C:\Users\Johannes\Desktop\FRST64.exe
2017-09-25 11:57 - 2017-09-25 11:57 - 000322469 _____ C:\Users\Johannes\Downloads\006.VG-chapter.pdf
2017-09-24 19:57 - 2017-09-25 10:41 - 000009008 _____ C:\Users\Johannes\Desktop\Kopfschmerztagebuch.xlsx
2017-09-23 10:39 - 2017-09-23 10:39 - 000408444 _____ C:\Users\Johannes\Downloads\9783658139315-c2.pdf
2017-09-23 08:54 - 2017-09-23 08:54 - 000001536 _____ C:\Users\Johannes\Desktop\Bachelorarbeit - Verknüpfung.lnk
2017-09-21 21:58 - 2017-09-21 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-21 15:12 - 2017-09-21 15:12 - 000060438 _____ C:\Users\Johannes\Downloads\STUDIIBescheinigungImmaoU (1).pdf
2017-09-20 18:48 - 2017-09-20 18:48 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-09-20 18:48 - 2017-09-20 18:48 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-09-20 18:48 - 2017-09-20 18:48 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-09-20 18:48 - 2017-09-20 18:48 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-09-18 19:11 - 2017-09-18 19:11 - 001201048 _____ C:\Windows\Minidump\091817-44491-01.dmp
2017-09-18 19:10 - 2017-09-18 19:10 - 537626535 _____ C:\Windows\MEMORY.DMP
2017-09-18 15:32 - 2017-09-18 15:32 - 002378571 _____ C:\Users\Johannes\Downloads\8518.pdf
2017-09-15 21:30 - 2017-09-15 21:30 - 000002613 _____ C:\Users\Johannes\Downloads\ComboFix-quarantined-files.txt
2017-09-15 20:33 - 2017-09-15 20:39 - 008182736 _____ (Malwarebytes) C:\Users\Johannes\Desktop\adwcleaner_7.0.2.1.exe
2017-09-15 20:25 - 2017-09-15 20:25 - 000003250 _____ C:\Windows\System32\Tasks\{18D5BFA1-9370-419A-94F5-CB77D4444E16}
2017-09-15 15:12 - 2017-09-15 15:12 - 000006438 _____ C:\Users\Johannes\Downloads\{397648F0-6BA8-4BC9-B8EC-02A1F0C4C208}.xls
2017-09-14 22:04 - 2017-09-14 22:04 - 000029401 _____ C:\Users\Johannes\Downloads\ComboFix.txt
2017-09-14 21:40 - 2017-09-14 21:40 - 000029401 _____ C:\ComboFix.txt
2017-09-14 21:05 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe
2017-09-14 21:05 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe
2017-09-14 21:05 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe
2017-09-14 21:05 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe
2017-09-14 20:56 - 2017-09-14 21:05 - 000306107 _____ (Swearware) C:\Users\Johannes\Downloads\Nicht bestätigt 166292.crdownload
2017-09-14 20:54 - 2017-09-14 21:40 - 000000000 ____D C:\Qoobox
2017-09-14 20:53 - 2017-09-14 21:37 - 000000000 ____D C:\Windows\erdnt
2017-09-14 20:47 - 2017-09-14 20:48 - 005660248 ____R (Swearware) C:\Users\Johannes\Downloads\ComboFix.exe
2017-09-13 08:14 - 2017-08-19 17:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 08:14 - 2017-08-16 17:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-13 08:14 - 2017-08-16 17:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-13 08:14 - 2017-08-16 16:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 08:14 - 2017-08-16 03:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-13 08:14 - 2017-08-16 02:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-13 08:14 - 2017-08-15 17:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 08:14 - 2017-08-15 17:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 08:14 - 2017-08-15 16:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-13 08:14 - 2017-08-15 16:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-13 08:14 - 2017-08-15 16:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-13 08:14 - 2017-08-15 15:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-13 08:14 - 2017-08-14 19:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-13 08:14 - 2017-08-14 19:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-13 08:14 - 2017-08-13 23:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-13 08:14 - 2017-08-13 23:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-13 08:14 - 2017-08-13 20:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-13 08:14 - 2017-08-13 19:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-13 08:14 - 2017-08-13 18:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-13 08:14 - 2017-08-13 18:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-13 08:14 - 2017-08-13 18:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-13 08:14 - 2017-08-13 18:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-13 08:14 - 2017-08-13 18:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-13 08:14 - 2017-08-13 18:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-13 08:14 - 2017-08-13 18:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-13 08:14 - 2017-08-13 18:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-13 08:14 - 2017-08-13 18:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-13 08:14 - 2017-08-13 18:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-13 08:14 - 2017-08-13 17:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-13 08:14 - 2017-08-13 17:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-13 08:14 - 2017-08-13 17:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-13 08:14 - 2017-08-13 17:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-13 08:14 - 2017-08-13 17:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-13 08:14 - 2017-08-13 17:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-13 08:14 - 2017-08-13 17:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-13 08:14 - 2017-08-11 08:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-13 08:14 - 2017-08-11 08:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 08:14 - 2017-08-11 08:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-13 08:14 - 2017-08-11 08:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-13 08:14 - 2017-08-11 08:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-13 08:14 - 2017-08-11 08:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 08:14 - 2017-08-11 08:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 08:14 - 2017-08-11 08:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 08:14 - 2017-08-11 08:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-13 08:14 - 2017-08-11 08:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-13 08:14 - 2017-08-11 08:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 08:14 - 2017-08-11 08:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-13 08:14 - 2017-08-11 08:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-13 08:14 - 2017-08-11 08:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 08:14 - 2017-08-11 08:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-13 08:14 - 2017-08-11 08:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 08:14 - 2017-08-11 08:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-13 08:14 - 2017-08-11 08:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 08:14 - 2017-08-11 07:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 08:14 - 2017-08-11 07:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 08:14 - 2017-07-07 17:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-13 08:14 - 2017-07-07 17:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-09-13 08:13 - 2017-08-19 17:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 08:13 - 2017-08-15 17:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-13 08:13 - 2017-08-15 17:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-13 08:13 - 2017-08-15 16:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-13 08:13 - 2017-08-13 19:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-13 08:13 - 2017-08-13 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-13 08:13 - 2017-08-13 19:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-13 08:13 - 2017-08-13 19:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-13 08:13 - 2017-08-13 19:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-13 08:13 - 2017-08-13 19:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-13 08:13 - 2017-08-13 19:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-13 08:13 - 2017-08-13 18:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-13 08:13 - 2017-08-13 18:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-13 08:13 - 2017-08-13 18:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-13 08:13 - 2017-08-13 18:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-13 08:13 - 2017-08-13 18:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-13 08:13 - 2017-08-13 18:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-13 08:13 - 2017-08-13 18:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-13 08:13 - 2017-08-13 18:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-13 08:13 - 2017-08-13 18:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-13 08:13 - 2017-08-13 18:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-13 08:13 - 2017-08-13 18:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-13 08:13 - 2017-08-13 18:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-13 08:13 - 2017-08-13 18:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-13 08:13 - 2017-08-13 18:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-13 08:13 - 2017-08-13 18:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-13 08:13 - 2017-08-13 18:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-13 08:13 - 2017-08-13 18:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-13 08:13 - 2017-08-13 18:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-13 08:13 - 2017-08-13 18:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-13 08:13 - 2017-08-13 18:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-13 08:13 - 2017-08-13 18:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-13 08:13 - 2017-08-13 18:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-13 08:13 - 2017-08-13 18:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-13 08:13 - 2017-08-13 18:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-13 08:13 - 2017-08-13 18:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-13 08:13 - 2017-08-13 18:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-13 08:13 - 2017-08-13 18:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-13 08:13 - 2017-08-13 18:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-13 08:13 - 2017-08-13 18:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-13 08:13 - 2017-08-13 17:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-13 08:13 - 2017-08-13 17:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-13 08:13 - 2017-08-13 17:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-13 08:13 - 2017-08-13 17:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-13 08:13 - 2017-08-13 17:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-13 08:13 - 2017-08-13 17:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-13 08:13 - 2017-08-11 08:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-13 08:13 - 2017-08-11 08:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-13 08:13 - 2017-08-11 08:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 08:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-13 08:13 - 2017-08-11 08:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-13 08:13 - 2017-08-11 08:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 08:13 - 2017-08-11 08:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-13 08:13 - 2017-08-11 08:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 08:13 - 2017-08-11 08:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-13 08:13 - 2017-08-11 08:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-13 08:13 - 2017-08-11 08:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-13 08:13 - 2017-08-11 08:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-13 08:13 - 2017-08-11 08:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-13 08:13 - 2017-08-11 08:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-13 08:13 - 2017-08-11 08:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-13 08:13 - 2017-08-11 07:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-13 08:13 - 2017-08-11 07:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-13 08:13 - 2017-08-11 07:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-13 08:13 - 2017-08-11 07:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-13 08:13 - 2017-08-11 07:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-13 08:13 - 2017-08-11 07:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-13 08:13 - 2017-08-11 07:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-13 08:13 - 2017-08-11 07:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-13 08:13 - 2017-08-11 07:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-13 08:13 - 2017-08-11 07:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-13 08:13 - 2017-08-11 07:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-13 08:13 - 2017-08-11 07:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 07:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 07:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 08:13 - 2017-08-11 07:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-12 09:22 - 2017-09-12 09:23 - 000263171 _____ C:\Users\Johannes\Downloads\Bewertung_Motivation.pdf
2017-09-10 14:05 - 2017-09-10 14:06 - 001437807 _____ C:\Users\Johannes\Downloads\8435.pdf
2017-09-08 10:57 - 2017-09-08 10:58 - 006111629 _____ C:\Users\Johannes\Downloads\fileadmin-user_upload-PDF-berichtsbaende-VuMA_2017_Berichtsband.pdf
2017-09-08 09:30 - 2017-09-08 09:31 - 000742603 _____ C:\Users\Johannes\Downloads\PIP_Teens_Games_and_Civics_Report_FINAL.pdf.pdf
2017-09-08 08:50 - 2017-09-08 08:50 - 001024060 _____ C:\Users\Johannes\Downloads\PI_2015-12-15_gaming-and-gamers_FINAL.pdf
2017-09-08 08:26 - 2017-09-08 08:26 - 000003034 _____ C:\Windows\System32\Tasks\{6B76AC51-6F5C-478A-9258-5552981164C2}
2017-09-08 08:26 - 2017-09-08 08:26 - 000003034 _____ C:\Windows\System32\Tasks\{57CC44A5-EFB1-4DA5-B38E-123E221D3461}
2017-09-07 19:18 - 2017-09-18 19:11 - 000000000 ____D C:\Windows\Minidump
2017-09-07 19:18 - 2017-09-07 19:19 - 001256824 _____ C:\Windows\Minidump\090717-44382-01.dmp
2017-09-07 09:58 - 2017-09-23 08:54 - 000000000 ____D C:\Users\Uni\Desktop\6.-7. Semester
2017-09-03 21:35 - 2017-09-04 12:59 - 000000000 ____D C:\Users\Johannes\Documents\Schweden-Krankenhaus
2017-09-01 10:47 - 2017-07-21 16:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-09-01 10:47 - 2017-07-21 16:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-09-01 10:47 - 2017-07-14 17:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-09-01 10:47 - 2017-07-14 17:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-09-01 10:47 - 2017-07-14 17:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-01 10:47 - 2017-07-14 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-09-01 10:47 - 2017-07-01 15:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-09-01 10:46 - 2017-07-29 16:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-09-01 10:46 - 2017-07-21 16:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-09-01 10:46 - 2017-07-21 16:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-09-01 10:46 - 2017-07-14 17:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-09-01 10:46 - 2017-07-14 17:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-09-01 10:46 - 2017-07-14 17:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-09-01 10:46 - 2017-07-14 17:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-09-01 10:46 - 2017-07-14 17:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-09-01 10:46 - 2017-07-14 17:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-09-01 10:46 - 2017-07-14 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-09-01 10:46 - 2017-07-14 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-09-01 10:46 - 2017-07-14 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-09-01 10:46 - 2017-07-14 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-09-01 10:46 - 2017-07-14 16:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-01 10:46 - 2017-07-14 16:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-01 10:46 - 2017-07-14 16:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-09-01 10:46 - 2017-07-08 17:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-09-01 10:46 - 2017-07-07 17:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-09-01 10:46 - 2017-07-07 17:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-09-01 10:46 - 2017-07-07 17:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-26 23:51 - 2015-06-22 19:15 - 000001214 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-09-26 23:51 - 2013-11-29 22:55 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-09-26 23:50 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-26 23:42 - 2015-06-22 19:15 - 000001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-09-26 23:09 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-26 23:09 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-26 22:55 - 2016-05-26 14:33 - 000000000 ____D C:\Program Files (x86)\Zotero Standalone
2017-09-26 22:54 - 2015-01-01 19:03 - 000000000 ____D C:\AdwCleaner
2017-09-26 20:17 - 2013-11-29 22:55 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-09-25 09:53 - 2014-06-22 20:41 - 000000000 ____D C:\Users\Johannes\AppData\Local\Battle.net
2017-09-24 20:51 - 2014-06-22 20:41 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-24 20:17 - 2014-06-22 20:53 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-09-22 09:52 - 2014-06-18 18:24 - 000002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-21 21:58 - 2015-06-22 19:15 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-18 19:10 - 2016-11-16 11:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-18 19:10 - 2013-11-30 15:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-15 23:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-15 21:24 - 2013-12-15 16:51 - 000056320 ___SH C:\Users\Johannes\Thumbs.db
2017-09-15 21:18 - 2014-11-01 19:55 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-15 21:10 - 2015-05-26 19:56 - 000000000 ____D C:\ProgramData\Trymedia
2017-09-15 11:52 - 2016-06-25 11:35 - 000000000 ____D C:\Windows\pss
2017-09-15 08:50 - 2014-03-02 20:00 - 000000000 ____D C:\Users\Johannes\Desktop\sortieren
2017-09-14 21:35 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini
2017-09-14 11:34 - 2010-11-21 08:50 - 000702064 _____ C:\Windows\system32\perfh007.dat
2017-09-14 11:34 - 2010-11-21 08:50 - 000150698 _____ C:\Windows\system32\perfc007.dat
2017-09-14 11:34 - 2009-07-14 07:13 - 001627626 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-14 11:34 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-09-14 11:23 - 2009-07-14 06:45 - 000463016 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-14 11:14 - 2013-11-29 17:03 - 000000000 ____D C:\Windows\system32\MRT
2017-09-14 11:06 - 2013-11-29 17:03 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-14 10:47 - 2013-11-29 19:08 - 001601906 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-12 20:21 - 2013-11-30 14:14 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-12 20:21 - 2013-11-30 14:14 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-12 20:21 - 2013-11-30 14:14 - 000004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-12 20:20 - 2013-11-30 14:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-12 20:20 - 2013-11-30 14:14 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-08 08:30 - 2016-11-16 12:36 - 000000000 ____D C:\Users\Johannes\AppData\LocalLow\Mozilla
2017-09-07 19:46 - 2015-06-22 19:20 - 000000000 ___RD C:\Users\Johannes\Dropbox
2017-09-07 09:56 - 2014-11-05 23:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2017-09-07 09:56 - 2013-11-29 23:15 - 000000000 ____D C:\Program Files (x86)\Cisco
2017-09-07 09:55 - 2014-11-05 23:00 - 000000000 ____D C:\ProgramData\Cisco
2017-09-04 21:47 - 2015-05-28 15:46 - 000000000 ____D C:\Users\Johannes\AppData\Roaming\Audacity
2017-08-31 22:27 - 2015-07-03 21:57 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-31 22:25 - 2016-07-30 20:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-31 20:46 - 2015-04-01 12:32 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-03-13 20:56 - 2017-03-13 20:56 - 000001217 _____ () C:\Users\Johannes\AppData\Local\psppirerc
2017-03-13 20:56 - 2017-03-13 20:56 - 000010850 _____ () C:\Users\Johannes\AppData\Local\recently-used.xbel
2013-11-29 23:36 - 2013-11-29 23:37 - 000002205 _____ () C:\Users\Johannes\AppData\Local\WiDiSetupLog.20131129.223618.txt
2014-11-09 14:25 - 2014-11-09 14:25 - 000000057 _____ () C:\ProgramData\Ament.ini
2015-11-14 18:52 - 2015-11-14 18:52 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Einige Dateien in TEMP:
====================
2017-09-15 20:23 - 2017-09-15 20:24 - 000740416 _____ (Oracle Corporation) C:\Users\Johannes\AppData\Local\Temp\jre-8u144-windows-au.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2015-02-13 15:16

==================== Ende von FRST.txt ============================
         

Alt 27.09.2017, 00:16   #9
welcome77
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



die neue addition.txt:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-09-2017 01
durchgeführt von Johannes (27-09-2017 00:07:19)
Gestartet von C:\Users\Johannes\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-29 20:39:35)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3713904842-3737894215-1530784781-500 - Administrator - Disabled)
Gast (S-1-5-21-3713904842-3737894215-1530784781-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3713904842-3737894215-1530784781-1002 - Limited - Enabled)
Johannes (S-1-5-21-3713904842-3737894215-1530784781-1000 - Administrator - Enabled) => C:\Users\Johannes
Uni (S-1-5-21-3713904842-3737894215-1530784781-1003 - Administrator - Enabled) => C:\Users\Uni

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{169BAE78-A355-48F1-9A62-39F44804CE29}) (Version: 3.3.42.70280 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.42.70280 - Alcor Micro Corp.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.9.9 - Atheros Communications Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.37.6239 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.5.01044 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{D0D55FBB-BF2B-4B0D-9D0E-A4A0E1DB5DDF}) (Version: 4.5.01044 - Cisco Systems, Inc.) Hidden
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.2.0.8 - Swiss Academic Software)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
Double Pack Burger Shop Deluxe (HKLM-x32\...\e868d14d921fe32308758a4cb836a5e2) (Version:  - Zylom)
Double Pack Burger Shop Deluxe (HKLM-x32\...\fb6b3d6a15f43a4190e1dbbde9562faf) (Version:  - Zylom)
Double Pack Delicious Deluxe (HKLM-x32\...\1cc19516e92a6f56c7aded5e04cdc19c) (Version:  - Zylom)
Dropbox (HKLM-x32\...\Dropbox) (Version: 35.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DX-Ball 1.09 (HKLM-x32\...\DX-Ball 1.09) (Version:  - )
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.2.5 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.2.5 - Lenovo)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
GoGear SA5MXX_V2 Device Manager (HKLM-x32\...\{4BFC5335-CE8C-4F4E-A2E6-8B07CF599D10}) (Version: 1.00 - Ihr Firmenname)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.26.00.06 - Huawei Technologies Co.,Ltd)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Hilfe (HKLM-x32\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Inquisit 4 Web Player (HKLM\...\{E8620E4B-8567-4E07-8CDB-8432054BD5B2}) (Version: 4.0.8.0 - Millisecond Software)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.1206.1 - Vimicro)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.7 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.99.11.0 - Overwolf Ltd.)
PDF24 Creator 7.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PokeMMO (HKLM-x32\...\PokeMMO_is1) (Version:  - PokeMMO)
PSPP (HKLM-x32\...\PSPP) (Version: 0.10.4 - Free Software Foundation, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 3520 series Produkten (HKLM\...\{A5BB6A58-BC1A-48A7-BB19-1768A80CF9C9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Supermarket Mania(R) 2 (HKLM-x32\...\be45c0c959302115103bb04dd55d7f0e) (Version:  - Zylom)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VMware Player (HKLM\...\{537B7F85-2B95-44ED-8D90-765F6F36D666}) (Version: 12.1.1 - VMware, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.3.00000 - VMware, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-07] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0011450F-3B9E-4BA8-8068-5D9B77FDAA71} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {19D2B353-6DBC-4BF1-9CD1-CCE09B2AA089} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-10-30] (Overwolf LTD)
Task: {1F233AE9-CB44-42FA-B08C-92DE4EE4130B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {2326A950-472A-4873-BA62-B7126E35C731} - System32\Tasks\{57CC44A5-EFB1-4DA5-B38E-123E221D3461} => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2017-07-22] (Cisco Systems, Inc.)
Task: {32A9273B-7018-419C-BEA4-6F00442F2364} - System32\Tasks\{D98EF6B9-006A-4E46-AE6D-841589A58BBD} => C:\Users\Johannes\Downloads\Hearthstone Deck Tracker.exe [2015-11-12] (Epix)
Task: {3E17BFD9-E7AB-4F29-9951-694035CF64B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-24] (Microsoft Corporation)
Task: {49E38F27-DA06-4241-BFCE-4B874079CC2C} - System32\Tasks\{C72AD2AA-8132-4720-AED8-A13A3710BE2C} => C:\Users\Johannes\Downloads\Hearthstone Deck Tracker.exe [2015-11-12] (Epix)
Task: {5C0E729D-17DB-4BB6-9819-219E7CA3B097} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5CF595C5-EC47-4EFB-A448-DBDA0CB6F349} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {78100506-D6F0-47D6-B9A0-E30F7576D5CC} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {7DC8FC9A-121E-4047-A5CE-233B2F337EF8} - System32\Tasks\{18D5BFA1-9370-419A-94F5-CB77D4444E16} => C:\Windows\system32\pcalua.exe -a C:\Users\Johannes\AppData\Local\Temp\jre-8u144-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {7E21310E-E574-4DBF-8786-A9DD25170256} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-24] (Microsoft Corporation)
Task: {8C7BF1D8-13C3-45A6-B59D-8CC4B03D5717} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {9FB0CB49-71DF-4DE8-B8D2-2DDF5E168A3D} - System32\Tasks\HP AR Program Upload - 4811cd8c08034312991abe64220277c5d82e076025cd4736a335bd16fbaf2628 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A4FD7AE3-9CF3-4FD5-ABC1-24003A89FB6F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {ACAC9E37-F929-49A4-986D-9ADCB19D208D} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B89594A6-E027-40E5-99F8-EB797F9CACCD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {BDD8A54F-25B3-45EA-8C43-D042CC917581} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {C78AD151-7E42-44E5-9BE5-447C7980A9C5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {C95DB26F-297B-4528-AE97-D9A63BF9ED6C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {D7531752-9CBA-4560-A655-A04B4A62CB85} - System32\Tasks\HP AR Program Upload - 54ff7944da244accb89631a69a7866c840937d2dbc8e4020bd676cfb7120f1bd => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {DCB63D9B-A754-437D-8452-69B35390A753} - System32\Tasks\{6B76AC51-6F5C-478A-9258-5552981164C2} => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2017-07-22] (Cisco Systems, Inc.)
Task: {EC17B2BB-016F-408F-B694-C8A778861080} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-24] (Microsoft Corporation)
Task: {F9D72BFD-5D5E-4FE9-93D8-9374F121C642} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2008-12-20 04:20 - 2013-11-29 23:23 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-01-04 19:46 - 2013-11-29 23:23 - 001496480 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 04:20 - 2013-11-29 23:23 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-11-29 22:59 - 2012-02-17 02:21 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-08-21 16:52 - 2014-01-28 09:44 - 000137024 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2016-08-21 16:52 - 2014-01-28 09:44 - 000204096 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2013-11-29 22:55 - 2011-12-16 06:37 - 000128280 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2017-09-26 23:05 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-22 14:18 - 2017-07-22 14:18 - 000033792 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_system-vc140-mt-1_59.dll
2017-07-22 14:18 - 2017-07-22 14:18 - 000062976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_date_time-vc140-mt-1_59.dll
2017-07-22 14:18 - 2017-07-22 14:18 - 000106496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_thread-vc140-mt-1_59.dll
2017-07-22 14:18 - 2017-07-22 14:18 - 000042496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_chrono-vc140-mt-1_59.dll
2017-07-22 14:18 - 2017-07-22 14:18 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2011-08-15 21:12 - 2011-08-15 21:12 - 002603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-15 21:15 - 2011-08-15 21:15 - 000382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 17:41 - 2011-08-17 17:41 - 000400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 17:48 - 2011-08-17 17:48 - 000322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-11-25 14:29 - 2011-11-25 14:29 - 000015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 21:12 - 2011-08-15 21:12 - 001006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 17:48 - 2011-08-17 17:48 - 000195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 20:23 - 2011-08-15 20:23 - 000062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 14:28 - 2011-11-25 14:28 - 000484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 14:42 - 2011-11-25 14:42 - 000499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 14:26 - 2011-11-25 14:26 - 000013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2017-09-21 21:57 - 2017-09-20 18:48 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-21 21:57 - 2017-09-20 18:48 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-21 21:57 - 2017-09-20 18:49 - 000023872 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_bootstrap.dll
2017-09-21 21:58 - 2017-09-20 18:48 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-21 21:58 - 2017-09-20 18:48 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-21 21:58 - 2017-09-20 18:50 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-21 21:58 - 2017-09-20 18:48 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-21 21:58 - 2017-09-20 18:50 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-21 21:57 - 2017-09-20 18:48 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-21 21:57 - 2017-09-20 18:49 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-21 21:58 - 2017-09-20 18:50 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-21 21:57 - 2017-09-20 18:49 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-09-21 21:57 - 2017-09-20 18:49 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-21 21:58 - 2017-09-20 18:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-09-21 21:57 - 2017-09-20 18:50 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-09-14 12:41 - 2017-09-14 12:41 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f203ecbdc8e8f4f836e1627efb89f9ae\IsdiInterop.ni.dll
2013-11-29 22:50 - 2011-11-29 21:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-29 22:54 - 2011-12-16 04:39 - 001198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Johannes\Documents\Fragenbogen_Armoneit_Burk_LeHuyen_Reber_Stein.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Johannes\Documents\Hausaufgabe Gruppe 3.docx:com.dropbox.attributes [256]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear SA5MXX_V2 Device Manager.lnk => C:\Windows\pss\Philips GoGear SA5MXX_V2 Device Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Johannes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Johannes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk.Startup
MSCONFIG\startupreg: 331BigDog => C:\Program Files (x86)\USB Camera\VM331_STI.EXE
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: Mobile Partner => C:\Program Files (x86)\HiSuite\HiSuite.exe -s
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\\OverwolfLauncher.exe -overwolfsilent
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Johannes\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{D1D038FA-8CFB-4AC8-B18A-2741F348B3BD}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{4C00D526-F816-47DC-AD08-A6E4E17CA5B6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{A4E737D5-61C4-4D2B-B3BE-6FA6171793FB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{DEA6A6E3-8C50-494D-88A4-C10C034028A7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Wiederherstellungspunkte =========================

15-09-2017 21:16:56 TubeBox
17-09-2017 17:44:09 Windows Update
20-09-2017 18:44:21 Windows Update
23-09-2017 21:31:42 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: MpKsl72c8e1eb
Description: MpKsl72c8e1eb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl72c8e1eb
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware Bridge Protocol
Description: VMware Bridge Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VMnetBridge
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware Network Application Interface
Description: VMware Network Application Interface
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VMnetuserif
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware vmx86
Description: VMware vmx86
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: vmx86
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware hcmon
Description: VMware hcmon
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: hcmon
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/26/2017 11:56:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7601.23755 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cd8

Startzeit: 01d33711cda31e6f

Endzeit: 78

Anwendungspfad: C:\Windows\System32\rundll32.exe

Berichts-ID:

Error: (09/26/2017 11:54:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (09/26/2017 10:57:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (09/26/2017 09:55:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3136

Error: (09/26/2017 09:55:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3136

Error: (09/26/2017 09:55:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2017 09:55:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2122

Error: (09/26/2017 09:55:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2122

Error: (09/26/2017 09:55:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2017 09:55:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014


Systemfehler:
=============
Error: (09/26/2017 11:58:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.

Error: (09/26/2017 11:53:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "VMware USB Arbitration Service" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (09/26/2017 11:53:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde mit folgendem Fehler beendet: 
%%-2147196306

Error: (09/26/2017 11:53:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "VMware DHCP Service" ist vom Dienst "VMware Network Application Interface" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Das System kann die angegebene Datei nicht finden.

Error: (09/26/2017 11:53:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "VMware NAT Service" ist vom Dienst "VMware Network Application Interface" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Das System kann die angegebene Datei nicht finden.

Error: (09/26/2017 11:53:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VMware Network Application Interface" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (09/26/2017 11:53:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "VMware Authorization Service" ist vom Dienst "VMware vmx86" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Das System kann die angegebene Datei nicht finden.

Error: (09/26/2017 11:52:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (09/26/2017 11:52:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft Office-Klick-und-Los-Dienst erreicht.

Error: (09/26/2017 11:51:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BlueStacks Log Rotator Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 3941.37 MB
Verfügbarer physikalischer RAM: 1695.82 MB
Summe virtueller Speicher: 7880.92 MB
Verfügbarer virtueller Speicher: 5533.84 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:297.87 GB) (Free:31.96 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C3FFC3FF)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 27.09.2017, 22:12   #10
M-K-D-B
/// TB-Ausbilder
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



Servus,



kennst du diese Chrome Erweiterung?
Скачать музыку Вконтакте >>> hanjiajgnonaobdlklncdjdmpbomlhoa
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 28.09.2017, 17:58   #11
welcome77
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



Hallo!
Ja der erste Teil sagt mir was. Ich brauche die aber eigentlich nicht mehr. Könnte das der Auslöser für meine Probleme sein?
LG

Alt 28.09.2017, 22:32   #12
M-K-D-B
/// TB-Ausbilder
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



Servus,



ich glaube nicht, dass es der Auslöser ist. Bei solchen russischen Namen bin ich immer etwas vorsichtig...






wir entfernen noch ein bisschen was und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.





Schritt 1
  • Kopiere den Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:53649;https=127.0.0.1:53649
    CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1420131101&from=wpm12311&uid=HGSTXHTS545032A7E380_TMA45C480EH8YM0EH8YMX
    CMD: dir "%ProgramFiles%"
    CMD: dir "%ProgramFiles(x86)%"
    CMD: dir "%ProgramData%"
    CMD: dir "%Appdata%"
    CMD: dir "%LocalAppdata%"
    CMD: dir "%CommonProgramFiles(x86)%"
    CMD: dir "%CommonProgramW6432%"
    CMD: dir "%UserProfile%"
    CMD: dir "C:\"
    ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
    RemoveProxy:
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    EmptyTemp:
    End::
             
  • Starte nun FRST und klicke den Entfernen Button.
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 3
Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
  • Starte die Installationsdatei.
  • Akzeptiere die Nutzungsbedingungen.
  • Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
  • Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
  • Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
  • Wähle In Textdatei speichern... aus und speichere die Datei als eset.txt auf deinem Desktop ab.
  • Füge den Inhalt der eset.txt mit deiner nächsten Antwort hinzu.
  • Sollte ESET nichts finden, so kann auch keine Logdatei erstellt werden. Teile uns das dann unbedingt mit.
  • Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.





Schritt 4
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.







Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 30.09.2017, 15:54   #13
welcome77
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



fixlog.txt:

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-09-2017 01
durchgeführt von Johannes (30-09-2017 14:59:07) Run:1
Gestartet von C:\Users\Johannes\Desktop
Geladene Profile: Johannes (Verfügbare Profile: Johannes & Uni & Gast)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53649;https=127.0.0.1:53649
CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1420131101&from=wpm12311&uid=HGSTXHTS545032A7E380_TMA45C480EH8YM0EH8YMX
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "C:\"
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:

*****************

Prozesse erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Wert erfolgreich entfernt
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wert erfolgreich entfernt
Chrome HomePage => erfolgreich entfernt

========= dir "%ProgramFiles%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 904C-80B8

 Verzeichnis von C:\Program Files

26.09.2017  23:04    <DIR>          .
26.09.2017  23:04    <DIR>          ..
12.07.2016  22:59    <DIR>          Bonjour
30.11.2013  14:23    <DIR>          CDBurnerXP
10.08.2016  14:03    <DIR>          Common Files
29.11.2013  23:24    <DIR>          DIFX
24.11.2014  23:11    <DIR>          dm
17.03.2017  08:21    <DIR>          DVD Maker
09.11.2014  14:27    <DIR>          HP
29.11.2013  23:16    <DIR>          Intel
14.09.2017  11:16    <DIR>          Internet Explorer
29.11.2013  23:24    <DIR>          Lenovo
26.09.2017  23:04    <DIR>          Malwarebytes
21.11.2010  09:00    <DIR>          Microsoft Games
26.02.2016  16:28    <DIR>          Microsoft Office 15
02.12.2016  10:52    <DIR>          Microsoft Security Client
14.07.2009  07:32    <DIR>          MSBuild
04.02.2016  19:43    <DIR>          OBS
29.11.2013  23:07    <DIR>          Realtek
14.07.2009  07:32    <DIR>          Reference Assemblies
29.11.2013  23:18    <DIR>          Synaptics
29.11.2013  18:41    <DIR>          Windows Defender
21.11.2010  08:50    <DIR>          Windows Mail
13.10.2016  18:20    <DIR>          Windows Media Player
29.11.2013  22:39    <DIR>          Windows NT
21.11.2010  08:50    <DIR>          Windows Photo Viewer
21.11.2010  05:31    <DIR>          Windows Portable Devices
21.11.2010  08:50    <DIR>          Windows Sidebar
               0 Datei(en),              0 Bytes
              28 Verzeichnis(se), 33.597.931.520 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 904C-80B8

 Verzeichnis von C:\Program Files (x86)

15.09.2017  21:18    <DIR>          .
15.09.2017  21:18    <DIR>          ..
08.02.2015  17:23    <DIR>          7-Zip
30.07.2016  20:09    <DIR>          Adobe
29.11.2013  23:13    <DIR>          AmIcoSingLun
28.05.2015  15:46    <DIR>          Audacity
27.09.2017  07:17    <DIR>          Battle.net
12.07.2016  23:39    <DIR>          Bluestacks
12.07.2016  22:59    <DIR>          Bonjour
07.09.2017  09:56    <DIR>          Cisco
03.11.2015  15:04    <DIR>          Citavi 5
14.09.2017  21:26    <DIR>          Common Files
21.09.2017  21:58    <DIR>          Dropbox
05.12.2013  22:16    <DIR>          DVDVideoSoft
24.01.2017  20:18    <DIR>          DX-Ball
07.03.2015  21:43    <DIR>          Electronic Arts
18.06.2014  18:24    <DIR>          Google
24.09.2017  20:17    <DIR>          Hearthstone
26.11.2015  19:10    <DIR>          HearthstoneTracker
31.08.2017  20:46    <DIR>          Heroes of the Storm
21.08.2016  16:52    <DIR>          HiSuite
09.11.2014  14:28    <DIR>          HP
09.11.2014  14:29    <DIR>          HP Photo Creations
29.11.2013  19:19    <DIR>          Intel
14.09.2017  11:16    <DIR>          Internet Explorer
31.08.2016  23:32    <DIR>          Java
30.11.2013  14:17    <DIR>          K-Lite Codec Pack
29.11.2013  23:24    <DIR>          Lenovo
15.09.2017  22:21    <DIR>          Microsoft
24.06.2016  07:33    <DIR>          Microsoft Office
26.02.2016  16:41    <DIR>          Microsoft OneDrive
02.12.2016  10:52    <DIR>          Microsoft Security Client
02.03.2014  17:09    <DIR>          Microsoft SQL Server Compact Edition
07.03.2015  21:43    <DIR>          Microsoft WSE
26.02.2016  16:39    <DIR>          Microsoft.NET
18.09.2017  19:10    <DIR>          Mozilla Firefox
18.09.2017  19:10    <DIR>          Mozilla Maintenance Service
03.06.2015  21:50    <DIR>          Mozilla Thunderbird
14.07.2009  07:32    <DIR>          MSBuild
04.02.2016  19:43    <DIR>          OBS
30.11.2013  14:23    <DIR>          OpenOffice 4
07.11.2016  23:20    <DIR>          Overwolf
10.08.2016  16:03    <DIR>          OXXOGames
10.11.2015  20:25    <DIR>          PDF24
03.09.2015  14:04    <DIR>          Philips
30.11.2013  15:30    <DIR>          PhotoScape
01.02.2017  13:41    <DIR>          PSPP
20.02.2014  21:47    <DIR>          RealArcade
29.11.2013  23:06    <DIR>          Realtek
14.07.2009  07:32    <DIR>          Reference Assemblies
03.06.2017  19:58    <DIR>          Skype
08.12.2016  12:35    <DIR>          StarCraft II
13.08.2015  14:16    <DIR>          Steam
29.11.2013  23:20    <DIR>          USB Camera
30.11.2013  14:16    <DIR>          VideoLAN
29.11.2013  23:20    <DIR>          Vimicro
10.08.2016  14:03    <DIR>          VMware
29.11.2013  18:41    <DIR>          Windows Defender
01.09.2016  20:14    <DIR>          Windows Live
21.11.2010  08:50    <DIR>          Windows Mail
13.10.2016  18:20    <DIR>          Windows Media Player
14.07.2009  07:32    <DIR>          Windows NT
21.11.2010  08:50    <DIR>          Windows Photo Viewer
21.11.2010  05:31    <DIR>          Windows Portable Devices
21.11.2010  08:50    <DIR>          Windows Sidebar
08.12.2016  12:35    <DIR>          World of Warcraft
26.09.2017  22:55    <DIR>          Zotero Standalone
               0 Datei(en),              0 Bytes
              67 Verzeichnis(se), 33.597.890.560 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramData%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 904C-80B8

 Verzeichnis von C:\ProgramData

26.09.2017  23:04    <DIR>          .
26.09.2017  23:04    <DIR>          ..
16.03.2016  22:36    <DIR>          .mono
30.07.2016  20:08    <DIR>          Adobe
09.11.2014  14:25                57 Ament.ini
29.11.2013  23:13    <DIR>          AmUStor
12.07.2016  22:59    <DIR>          Apple
05.01.2017  18:47    <DIR>          Ashampoo
18.02.2016  14:41    <DIR>          Battle.net
21.09.2015  22:17    <DIR>          Blizzard Entertainment
12.07.2016  23:39    <DIR>          Bluestacks
01.08.2016  23:02    <DIR>          BlueStacksSetup
07.09.2017  09:55    <DIR>          Cisco
20.06.2015  20:05    <DIR>          com.gamehouse.acid
29.11.2013  23:23    <DIR>          Downloaded Installations
22.06.2015  19:15    <DIR>          Dropbox
07.03.2015  21:45    <DIR>          Electronic Arts
31.03.2014  14:44    <DIR>          Energy Management
21.12.2014  23:52    <DIR>          GameHouse
22.02.2014  21:13    <DIR>          GoBit Games
21.08.2016  16:52    <DIR>          HandSetService
20.10.2014  19:06    <DIR>          Hewlett-Packard
21.08.2016  16:52    <DIR>          HiSuiteOuc
09.11.2014  14:27    <DIR>          HP
09.11.2014  14:29    <DIR>          HP Photo Creations
05.12.2014  15:38    <DIR>          hps
29.11.2013  23:15    <DIR>          Intel
21.12.2014  23:52    <DIR>          Intenium
26.09.2017  23:04    <DIR>          Malwarebytes
26.02.2016  16:41    <DIR>          Microsoft OneDrive
14.11.2015  18:52                98 Microsoft.SqlServer.Compact.400.32.bc
30.11.2013  14:31    <DIR>          Mozilla
31.08.2016  23:34    <DIR>          Oracle
08.11.2016  11:47    <DIR>          Overwolf
15.09.2017  21:18    <DIR>          Package Cache
24.06.2016  12:10    <DIR>          regid.1991-06.com.microsoft
29.11.2013  23:16    <DIR>          Roaming
03.06.2017  19:58    <DIR>          Skype
03.11.2015  15:06    <DIR>          Swiss Academic Software
17.10.2016  15:37    <DIR>          tmp
15.09.2017  21:10    <DIR>          Trymedia
09.11.2014  14:29    <DIR>          Visan
10.08.2016  14:03    <DIR>          VMware
               2 Datei(en),            155 Bytes
              41 Verzeichnis(se), 33.597.837.312 Bytes frei

========= Ende von CMD: =========


========= dir "%Appdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 904C-80B8

 Verzeichnis von C:\Users\Johannes\AppData\Roaming

26.02.2017  20:06    <DIR>          .
26.02.2017  20:06    <DIR>          ..
16.03.2016  22:36    <DIR>          .mono
29.12.2013  15:29    <DIR>          Adobe
12.07.2016  23:31    <DIR>          Andy
04.09.2017  21:47    <DIR>          Audacity
15.07.2016  07:16    <DIR>          Battle.net
30.11.2013  14:23    <DIR>          Canneverbe Limited
01.11.2014  19:56    <DIR>          dlg
22.06.2015  19:17    <DIR>          Dropbox
05.12.2013  22:17    <DIR>          DVDVideoSoft
30.01.2017  17:04    <DIR>          GalileoPress
10.06.2017  23:13    <DIR>          HearthstoneDeckTracker
30.10.2015  12:11    <DIR>          hps-install
21.06.2017  18:55    <DIR>          HpUpdate
29.11.2013  22:40    <DIR>          Identities
29.11.2013  22:50    <DIR>          InstallShield
29.11.2013  23:16    <DIR>          Intel
29.11.2013  22:51    <DIR>          Intel Corporation
21.12.2014  23:52    <DIR>          Intenium
30.11.2013  14:26    <DIR>          Macromedia
21.11.2010  09:00    <DIR>          Media Center Programs
25.06.2015  11:33    <DIR>          Millisecond Software
30.11.2013  14:32    <DIR>          Mozilla
09.02.2017  17:42    <DIR>          OBS
30.11.2013  14:44    <DIR>          OpenOffice
03.09.2015  14:05    <DIR>          Philips
19.02.2014  23:45    <DIR>          PhotoScape
31.08.2016  23:51    <DIR>          PokeMMO
20.07.2017  08:13    <DIR>          Skype
26.02.2017  20:05    <DIR>          Sparda
26.02.2017  20:11    <DIR>          SpardaSecureApp
30.09.2017  14:56    <DIR>          Spotify
31.08.2016  23:34    <DIR>          Sun
18.02.2014  19:11    <DIR>          Supermarket Mania 2
03.11.2015  19:46    <DIR>          Swiss Academic Software
09.04.2014  15:40    <DIR>          temp
09.03.2014  17:17    <DIR>          Thunderbird
30.03.2016  23:27    <DIR>          TS3Client
26.02.2017  20:05    <DIR>          UninstallData
31.05.2017  22:41    <DIR>          vlc
31.07.2016  20:15    <DIR>          VMware
18.02.2014  19:05    <DIR>          WinRAR
26.05.2016  14:33    <DIR>          Zotero
               0 Datei(en),              0 Bytes
              44 Verzeichnis(se), 33.597.771.776 Bytes frei

========= Ende von CMD: =========


========= dir "%LocalAppdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 904C-80B8

 Verzeichnis von C:\Users\Johannes\AppData\Local

29.09.2017  20:41    <DIR>          .
29.09.2017  20:41    <DIR>          ..
10.08.2016  23:55    <DIR>          Adobe
27.09.2017  08:08    <DIR>          Battle.net
22.06.2014  21:03    <DIR>          Blizzard
22.06.2014  20:41    <DIR>          Blizzard Entertainment
12.07.2016  23:38    <DIR>          Bluestacks
09.08.2015  17:35    <DIR>          CEF
05.11.2014  23:00    <DIR>          Cisco
20.06.2015  20:15    <DIR>          com.gamehouse.acid
26.11.2015  22:08    <DIR>          Diagnostics
03.11.2015  15:02    <DIR>          Downloaded Installations
12.06.2017  22:31    <DIR>          Dropbox
26.11.2015  22:11    <DIR>          Epix
01.11.2014  19:57    <DIR>          Freetec
13.12.2016  10:17           118.120 GDIPFONTCACHEV1.DAT
26.03.2017  20:14    <DIR>          Google
15.02.2017  20:13    <DIR>          gtk-3.0
15.02.2017  21:30    <DIR>          HearthSim
14.11.2015  18:52    <DIR>          HearthstoneTracker
21.08.2016  16:52    <DIR>          HiSuite
09.11.2014  14:56    <DIR>          HP
30.11.2013  15:10    <DIR>          Macromedia
26.02.2017  19:12    <DIR>          Microsoft
09.11.2015  00:12    <DIR>          Microsoft Games
17.04.2017  14:19    <DIR>          Microsoft Help
21.12.2013  16:00    <DIR>          Mozilla
16.09.2015  21:26    <DIR>          netz
24.05.2017  17:01    <DIR>          Overwolf
10.11.2015  20:26    <DIR>          PDF24
30.11.2013  14:17    <DIR>          Programs
13.03.2017  20:56             1.217 psppirerc
13.03.2017  20:56            10.850 recently-used.xbel
29.09.2017  21:55    <DIR>          Spotify
30.03.2015  17:20    <DIR>          Steam
23.02.2016  22:57    <DIR>          TeamSpeak 3 Client
30.09.2017  14:59    <DIR>          Temp
03.06.2015  21:53    <DIR>          Thunderbird
01.11.2014  19:58    <DIR>          TubeBox
27.06.2015  13:01    <DIR>          VirtualStore
29.11.2013  23:37             2.205 WiDiSetupLog.20131129.223618.txt
01.09.2016  21:45    <DIR>          Windows Live
26.05.2016  14:33    <DIR>          Zotero
               4 Datei(en),        132.392 Bytes
              39 Verzeichnis(se), 33.597.509.632 Bytes frei

========= Ende von CMD: =========


========= dir "%CommonProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 904C-80B8

 Verzeichnis von C:\Program Files (x86)\Common Files

14.09.2017  21:26    <DIR>          .
14.09.2017  21:26    <DIR>          ..
30.07.2016  20:09    <DIR>          Adobe
21.09.2015  22:18    <DIR>          Blizzard Entertainment
24.06.2016  12:08    <DIR>          DESIGNER
05.12.2013  22:16    <DIR>          DVDVideoSoft
29.11.2013  23:04    <DIR>          InstallShield
29.11.2013  22:59    <DIR>          Intel
29.11.2013  22:55    <DIR>          Intel Corporation
31.08.2016  23:34    <DIR>          Java
24.06.2016  12:08    <DIR>          microsoft shared
07.11.2016  23:15    <DIR>          Overwolf
29.11.2013  22:54    <DIR>          postureAgent
14.07.2009  05:20    <DIR>          Services
03.06.2017  19:58    <DIR>          Skype
14.07.2009  05:20    <DIR>          SpeechEngines
30.03.2015  17:20    <DIR>          Steam
29.11.2013  18:41    <DIR>          System
12.07.2016  23:00    <DIR>          ThinPrint
12.07.2016  23:00    <DIR>          VMware
02.03.2014  17:05    <DIR>          Windows Live
               0 Datei(en),              0 Bytes
              21 Verzeichnis(se), 33.597.452.288 Bytes frei

========= Ende von CMD: =========


========= dir "%CommonProgramW6432%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 904C-80B8

 Verzeichnis von C:\Program Files\Common Files

10.08.2016  14:03    <DIR>          .
10.08.2016  14:03    <DIR>          ..
29.11.2013  23:15    <DIR>          Intel
26.02.2016  16:02    <DIR>          Microsoft Shared
14.07.2009  05:20    <DIR>          Services
14.07.2009  05:20    <DIR>          SpeechEngines
29.11.2013  18:41    <DIR>          System
               0 Datei(en),              0 Bytes
               7 Verzeichnis(se), 33.597.390.848 Bytes frei

========= Ende von CMD: =========


========= dir "%UserProfile%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 904C-80B8

 Verzeichnis von C:\Users\Johannes

01.02.2017  13:41    <DIR>          .
01.02.2017  13:41    <DIR>          ..
12.07.2016  23:22    <DIR>          .android
26.10.2016  09:41    <DIR>          .cisco
13.03.2017  19:29    <DIR>          .dbus-keyrings
31.08.2016  23:34    <DIR>          .oracle_jre_usage
29.11.2013  23:02                 0 agent.log
12.07.2016  22:55    <DIR>          Andy
14.09.2017  11:26    <DIR>          Contacts
30.09.2017  14:59    <DIR>          Desktop
14.09.2017  11:26    <DIR>          Documents
26.09.2017  23:59    <DIR>          Downloads
07.09.2017  19:46    <DIR>          Dropbox
14.09.2017  11:26    <DIR>          Favorites
08.12.2013  16:01        43.590.569 foto_friend.flv
21.12.2013  17:49         1.396.679 hohohohoho.flv
14.09.2017  11:26    <DIR>          Links
14.09.2017  11:26    <DIR>          Music
14.09.2017  11:26    <DIR>          Pictures
13.03.2017  20:56             6.945 pspp.jnl
05.12.2014  15:51    <DIR>          restore
29.11.2013  23:16    <DIR>          Roaming
14.09.2017  11:26    <DIR>          Saved Games
14.09.2017  11:26    <DIR>          Searches
05.01.2016  17:35    <DIR>          Tracing
21.12.2013  17:38         1.233.832 trolololol.flv
25.01.2016  17:47           429.771 Unbenannt.PNG
14.09.2017  11:26    <DIR>          Videos
               6 Datei(en),     46.657.796 Bytes
              22 Verzeichnis(se), 33.597.337.600 Bytes frei

========= Ende von CMD: =========


========= dir "C:\" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 904C-80B8

 Verzeichnis von C:\

12.02.2016  09:54    <DIR>          3a569c0c1bf26f571d1d09
11.02.2015  12:41    <DIR>          66ffab1f5b93baefd566c5b35d0a42
26.09.2017  22:54    <DIR>          AdwCleaner
10.12.2014  10:47    <DIR>          bb5fedeb2f530fcb88b4146c
14.09.2017  21:40            29.401 ComboFix.txt
30.09.2017  14:59    <DIR>          FRST
29.11.2013  22:58    <DIR>          Intel
13.02.2014  19:38    <DIR>          output
14.07.2009  05:20    <DIR>          PerfLogs
26.09.2017  23:04    <DIR>          Program Files
15.09.2017  21:18    <DIR>          Program Files (x86)
26.09.2017  23:04    <DIR>          ProgramData
14.09.2017  21:40    <DIR>          Qoobox
29.11.2013  22:39    <DIR>          Recovery
26.09.2017  21:34           213.164 TDSSKiller.3.1.0.15_26.09.2017_21.28.43_log.txt
12.10.2014  12:51    <DIR>          Users
27.09.2017  00:12    <DIR>          Windows
20.06.2015  20:13    <DIR>          Zylom Games
               2 Datei(en),        242.565 Bytes
              16 Verzeichnis(se), 33.597.272.064 Bytes frei

========= Ende von CMD: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]

=== Ende von ExportKey ===

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Wert erfolgreich entfernt
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3713904842-3737894215-1530784781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21102709 B
Java, Flash, Steam htmlcache => 29505799 B
Windows/system/drivers => 10606395 B
Edge => 0 B
Chrome => 642410260 B
Firefox => 426249032 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 1841168 B
LocalService => 0 B
NetworkService => 133721237 B
Johannes => 183808826 B
Uni => 10090604 B
Gast => 67242 B

RecycleBin => 13736 B
EmptyTemp: => 1.4 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 15:15:25 ====
         
Hier die Logdatei von HitmanPro: (Schritt 3 und 4 mache ich heute abend, also nicht wundern, falls jetzt erstmal nichts kommt)

Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : JOHANNES-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Johannes-PC\Johannes
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-09-30 15:32:36
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 19m 37s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 4

   Objects scanned . . . : 2.253.994
   Files scanned . . . . : 89.696
   Remnants scanned  . . : 642.775 files / 1.521.523 keys

Malware _____________________________________________________________________

   C:\Users\Johannes\Downloads\ComboFix.exe
      Size . . . . . . . : 5.660.248 bytes
      Age  . . . . . . . : 15.8 days (2017-09-14 20:47:17)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 7A9F705506F29AF83C9D2C89FD379A62A65AA6331E26D805B7B6817CE1E2CFC8
      Product  . . . . . : ComboFix
      Publisher  . . . . : Swearware
      Description  . . . : ComboFix NSIS Installer
      Version  . . . . . : 17.09.14.01
      Copyright  . . . . : sUBs
      LanguageID . . . . : 1033
    > HitmanPro  . . . . : App/NirCmd-Gen
      Fuzzy  . . . . . . : 104.0

   C:\Users\Johannes\Downloads\Open Broadcaster Software - CHIP-Installer.exe
      Size . . . . . . . : 1.466.656 bytes
      Age  . . . . . . . : 603.8 days (2016-02-04 19:41:10)
      Entropy  . . . . . : 7.2
      SHA-256  . . . . . : E38D8FB341ACCC96D177FD1409387DBEBA0701024972CDF3204F53F792679915
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.DownloadSponsor.pj
      Fuzzy  . . . . . . : 103.0

   C:\Users\Johannes\Downloads\PDF24 Creator - CHIP-Installer.exe
      Size . . . . . . . : 1.466.656 bytes
      Age  . . . . . . . : 689.8 days (2015-11-10 20:23:09)
      Entropy  . . . . . : 7.2
      SHA-256  . . . . . : E620945188407EF99186D2B558337CF617C3DD89973E341032A08B056D4AD85B
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.DownloadSponsor.pg
      Fuzzy  . . . . . . : 103.0


Suspicious files ____________________________________________________________

   C:\Users\Johannes\Desktop\FRST64.exe
      Size . . . . . . . : 2.399.744 bytes
      Age  . . . . . . . : 3.8 days (2017-09-26 20:35:00)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 17565A79D28CC2D1BA114F810C5FB1FD6EAA01A932D9B9C32F2358BCC68AA6C6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         

Alt 30.09.2017, 21:26   #14
M-K-D-B
/// TB-Ausbilder
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



Ok, gut gemacht bisher.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 01.10.2017, 15:30   #15
welcome77
 
Combofix-Log-Auswertung für Neuling - Standard

Combofix-Log-Auswertung für Neuling



Hallo!
Ich bin jetzt nach fast 20 h endlich fertig mit dem Scan mit Eset. Ich habe jetzt die Log-Datei, bin mir aber nicht sicher, ob ich die Bedrohungen, die gefunden wurden, jetzt säubern soll oder nicht? Oder soll ich Schritt 4 machen? Bin mir nur unsicher, weil sonst immer extra dastand, dass ich nichts säubern soll.
Ich hab das Fenster von Eset quasi noch offen, will nicht nochmal so ewig warten

Antwort

Themen zu Combofix-Log-Auswertung für Neuling
ahnung, andere, anfänger, combofix, einloggen, falsch, gelöst, geändert, google, heute, hoffe, häufiger, komische, login, mailadresse, mailadressen, malware, neu, neuling, passwort, problem, programm, sache, sofort, verschickt, wirklich



Ähnliche Themen: Combofix-Log-Auswertung für Neuling


  1. Bundespolizei Trojaner, Systemwiederherstellung danach Combofix, bitte um Auswertung
    Log-Analyse und Auswertung - 10.08.2012 (4)
  2. Support bei Auswertung DDS und Combofix
    Log-Analyse und Auswertung - 04.03.2012 (1)
  3. Auswertung der ComboFix-Logfile
    Log-Analyse und Auswertung - 04.02.2012 (1)
  4. Eine höfliche Anfrage zur Auswertung von einem Combofix-Log
    Log-Analyse und Auswertung - 29.07.2011 (12)
  5. Security Suite entfernen - ComboFix-Auswertung
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (31)
  6. Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2011 (8)
  7. Auswertung combofix-log
    Log-Analyse und Auswertung - 19.09.2010 (1)
  8. combofix logfile auswertung
    Log-Analyse und Auswertung - 31.01.2010 (1)
  9. Neuling udn Hilfe
    Mülltonne - 05.11.2008 (0)
  10. Neuling mit Problem
    Mülltonne - 22.07.2008 (0)
  11. HiJachThis und Combofix LOG-File Auswertung
    Log-Analyse und Auswertung - 08.06.2008 (2)
  12. neuling
    Alles rund um Windows - 17.01.2008 (3)
  13. Neuling hat Probleme
    Log-Analyse und Auswertung - 17.08.2005 (7)
  14. Neuling
    Log-Analyse und Auswertung - 01.04.2005 (2)
  15. hilfe für neuling
    Plagegeister aller Art und deren Bekämpfung - 25.01.2005 (17)
  16. Hijack von neuling ;-) please help
    Log-Analyse und Auswertung - 10.11.2004 (9)
  17. neuling
    Plagegeister aller Art und deren Bekämpfung - 08.08.2003 (16)

Zum Thema Combofix-Log-Auswertung für Neuling - Hallo! Ich bin ganz neu hier, also versteht es bitte, falls ich irgendwas falsch mache/gemacht habe. Ich war heute auf meinem Amazon-Konto, weil ich etwas bestellen wollte. Als ich mich - Combofix-Log-Auswertung für Neuling...
Archiv
Du betrachtest: Combofix-Log-Auswertung für Neuling auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.