Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.08.2018, 21:02   #1
Rolls
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Trojaner eingefangen trotz aktuellem Avira. Auf populären News-Siten wird Chrome plötzlich umgeleitet auf https://prizemediayou.com. Zurück geht nicht mehr, man muss das Fenster schliessen. Rechner wird sehr sehr langsam, hängt teilweise für 30-40 Sekunden.

Avira auf aktuellem Stand, surfe selbstverständlich auch nicht als Administrator. Ausser Updates auch nichts installiert, Herkunft ist mir unklar.

Hier mein FRST Log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by popp_000 (ATTENTION: The user is not administrator) on ROLLS_PC (04-08-2018 12:12:23)
Running from C:\Users\popp_000\Downloads
Loaded Profiles: Rolls & popp_000 (Available Profiles: Rolls & popp_000)
Platform: Windows 8.1 (Update) (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> avguard.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> OfficeClickToRun.exe
Failed to access process -> svchost.exe
Failed to access process -> dasHost.exe
Failed to access process -> EvtEng.exe
Failed to access process -> FCUpdateService.exe
Failed to access process -> HuaweiHiSuiteService64.exe
Failed to access process -> HeciServer.exe
Failed to access process -> ibtrksrv.exe
Failed to access process -> iSCTAgent.exe
Failed to access process -> PGService.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> RichVideo64.exe
Failed to access process -> svchost.exe
Failed to access process -> VfConnectorService.exe
Failed to access process -> ZeroConfigService.exe
Failed to access process -> Avira.ServiceHost.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
Failed to access process -> iPodService.exe
(Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
Failed to access process -> devmonsrv.exe
Failed to access process -> obexsrv.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> GoogleCrashHandler64.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> jhi_service.exe
Failed to access process -> LMS.exe
Failed to access process -> wmpnetwk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-01-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-01-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [1775464 2011-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [1771368 2011-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Create 7-reminder] => "C:\Program Files (x86)\Nuance\PDFCreate\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Create 7\Ereg\Ereg.ini"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\windows\SYSTEM32\WerFault.exe [465320 2014-10-29] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [{0bb4751a-1ff2-4c79-80df-5bab5da63823}] => C:\ProgramData\Package Cache\{0bb4751a-1ff2-4c79-80df-5bab5da63823}\Avira.OE.Setup.Bundle.exe [1293824 2018-07-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [Dropbox Update] => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654728 2018-06-26] (Skype Technologies S.A.)
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\RunOnce: [Application Restart #5] => C:\Users\popp_000\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-si (the data entry has 546 more characters).
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6574-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6629-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-20]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-419436004-3641650613-4044294934-1004] => 144.76.1.58:80
Tcpip\Parameters: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Tcpip\..\Interfaces\{4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}: [DhcpNameServer] 129.132.98.12 129.132.250.2
Tcpip\..\Interfaces\{A18FC3BF-B907-4373-9D7F-2A14F0C58609}: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Tcpip\..\Interfaces\{E9525CEC-B32C-409E-B026-B233ABEF911C}: [DhcpNameServer] 129.132.98.12 129.132.250.2

Internet Explorer:
==================
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: [S-1-5-21-419436004-3641650613-4044294934-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
SearchScopes: HKU\.DEFAULT -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-01] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF DefaultProfile: o2okhndp.default
FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Zotero\Zotero\Profiles\tco359nz.default [2016-06-17]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-06-07] [Legacy] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-06-07] [Legacy] [not signed]
FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Mozilla\Firefox\Profiles\o2okhndp.default [2018-05-16]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-419436004-3641650613-4044294934-1004: pokki.com/PokkiDownloadHelper -> C:\Users\popp_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default [2018-08-04]
CHR Extension: (Docs) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (uBlock Origin) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-18]
CHR Extension: (Google-Suche) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Session Buddy) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30]
CHR Extension: (Zotero Connector) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Google Mail) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [880040 2018-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164808 2018-07-11] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 lmhosts; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 lmhosts; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 NlaSvc; C:\windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 NlaSvc; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-08] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-08] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-01-20] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [179376 2018-07-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-07-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-22] (Avira Operations GmbH & Co. KG)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation)
R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated)
S1 vflt; C:\windows\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\windows\system32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-04 12:12 - 2018-08-04 12:13 - 000028707 _____ C:\Users\popp_000\Downloads\FRST.txt
2018-08-04 12:12 - 2018-08-04 12:12 - 000000000 ____D C:\FRST
2018-08-04 12:11 - 2018-08-04 12:11 - 002412544 _____ (Farbar) C:\Users\popp_000\Downloads\FRST64.exe
2018-08-03 11:44 - 2018-08-03 11:44 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2 (1).exe
2018-08-03 11:28 - 2018-08-03 11:32 - 000000000 ____D C:\AdwCleaner
2018-08-03 11:28 - 2018-08-03 11:28 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2.exe
2018-08-03 11:01 - 2018-08-03 11:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-03 11:01 - 2018-08-03 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-08-03 10:35 - 2018-08-03 10:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 10:35 - 2018-08-03 10:35 - 000002237 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-02 12:05 - 2018-08-02 12:05 - 001318374 _____ C:\Users\popp_000\Downloads\foreignpolicy.com-Why I Didnt Sign Up to Defend the International Order.pdf
2018-08-02 11:33 - 2018-08-02 11:33 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-31 13:47 - 2018-03-27 01:24 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2018-07-31 13:47 - 2018-03-27 01:24 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2018-07-31 13:47 - 2018-03-27 01:17 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2018-07-31 13:47 - 2018-03-27 01:17 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2018-07-30 13:38 - 2018-07-30 13:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-30 13:22 - 2018-07-30 13:22 - 001540104 _____ (CHIP Digital GmbH) C:\Users\popp_000\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe
2018-07-25 17:19 - 2018-07-25 17:19 - 000158109 _____ C:\Users\popp_000\Desktop\Bell_QuestioningGlobalTurn_2014.pdf
2018-07-25 17:19 - 2018-07-25 17:19 - 000065607 _____ C:\Users\popp_000\Desktop\Burton_MethodScaleWH_2007.pdf
2018-07-25 17:17 - 2018-07-25 17:17 - 000131170 _____ C:\Users\popp_000\Desktop\Tsing_EconomyAppearances_2000.pdf
2018-07-24 20:33 - 2018-07-24 20:33 - 002092858 _____ C:\Users\popp_000\Desktop\Tsing_GlobalSituation_2000.pdf
2018-07-23 19:48 - 2018-07-23 19:48 - 000055476 _____ C:\Users\popp_000\Desktop\GoodeRevonCollier_2018.pdf
2018-07-23 19:45 - 2018-07-23 19:45 - 001227292 _____ C:\Users\popp_000\Desktop\Rovner_LongWarEast_2018.pdf
2018-07-23 19:44 - 2018-07-23 19:44 - 000985481 _____ C:\Users\popp_000\Desktop\Kroenig_D&STRT_NucleNonprolif_2018.pdf
2018-07-23 19:22 - 2018-07-23 19:22 - 000282576 _____ C:\Users\popp_000\Desktop\Porter_HabitUSGrandStrategy_2018.pdf
2018-07-23 19:19 - 2018-07-23 19:19 - 000176411 _____ C:\Users\popp_000\Desktop\VielhaberBleek_ShadoiwwarsReview_2012.pdf
2018-07-23 19:06 - 2018-07-23 19:06 - 000527232 _____ C:\Users\popp_000\Desktop\MillerVolpe_SaudiNukes_2018.pdf
2018-07-23 19:06 - 2018-07-23 19:06 - 000417636 _____ C:\Users\popp_000\Desktop\Nephew_SanctionsRelief_2018.pdf
2018-07-23 19:04 - 2018-07-23 19:04 - 000501283 _____ C:\Users\popp_000\Desktop\Glaser_IllusionofAmericDecline_2018.pdf
2018-07-22 11:57 - 2018-07-22 11:57 - 000001333 _____ C:\Users\Public\Desktop\Skype.lnk
2018-07-22 11:57 - 2018-07-22 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-07-16 19:25 - 2018-07-16 19:25 - 000060349 _____ C:\Users\popp_000\Downloads\CAE17-09 Additional Information.pdf
2018-07-16 10:41 - 2018-07-16 10:41 - 000041845 _____ C:\Users\popp_000\Downloads\Buchungsdetail 20180716104127.pdf
2018-07-15 13:07 - 2018-06-29 00:07 - 000835064 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-07-15 13:07 - 2018-06-29 00:07 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-14 06:45 - 2018-07-14 06:52 - 000385911 _____ C:\Users\popp_000\Desktop\Passport.pdf
2018-07-12 11:17 - 2018-07-12 11:17 - 000001147 _____ C:\Users\Public\Desktop\Avira.lnk
2018-07-12 10:19 - 2018-06-20 22:01 - 007398232 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-07-12 10:19 - 2018-06-20 21:44 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-07-12 10:19 - 2018-06-20 21:44 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-07-12 10:19 - 2018-06-20 20:48 - 000095744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2018-07-12 10:19 - 2018-06-20 20:48 - 000027136 ____C (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys
2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2018-07-12 10:19 - 2018-06-20 18:58 - 000092672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2018-07-12 10:19 - 2018-06-15 05:01 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-07-12 10:19 - 2018-06-12 10:00 - 022374248 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2018-07-12 10:19 - 2018-06-12 09:57 - 019790760 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2018-07-12 10:19 - 2018-06-11 18:55 - 025744896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-07-12 10:19 - 2018-06-11 18:36 - 003119616 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2018-07-12 10:19 - 2018-06-11 18:14 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-07-12 10:19 - 2018-06-11 18:06 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-07-12 10:19 - 2018-06-11 18:04 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-07-12 10:19 - 2018-06-11 17:39 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-07-12 10:19 - 2018-06-11 17:36 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-07-12 10:19 - 2018-06-11 17:31 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-07-12 10:19 - 2018-06-11 17:22 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-07-12 10:19 - 2018-06-11 17:11 - 001545216 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-07-12 10:19 - 2018-06-11 16:59 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-07-12 10:19 - 2018-06-09 18:40 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-07-12 10:19 - 2018-06-09 18:26 - 002712064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2018-07-12 10:19 - 2018-06-09 18:09 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-07-12 10:19 - 2018-06-09 17:59 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-07-12 10:19 - 2018-06-09 17:37 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-07-12 10:19 - 2018-06-09 17:37 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-07-12 10:19 - 2018-06-09 17:36 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-07-12 10:19 - 2018-06-09 17:32 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-07-12 10:19 - 2018-06-09 17:11 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-07-12 10:19 - 2018-06-09 17:08 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-07-12 10:19 - 2018-06-09 17:06 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-07-12 10:19 - 2018-06-09 04:47 - 002176072 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2018-07-12 10:19 - 2018-06-09 03:44 - 001565528 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2018-07-12 10:19 - 2018-06-08 20:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll
2018-07-12 10:19 - 2018-06-08 19:54 - 000656384 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2018-07-12 10:19 - 2018-06-08 19:53 - 000252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2018-07-12 10:19 - 2018-06-08 19:07 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll
2018-07-12 10:19 - 2018-06-08 18:44 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2018-07-12 10:19 - 2018-06-07 20:51 - 000074240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2018-07-12 10:19 - 2018-05-24 23:29 - 002449752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-07-12 10:19 - 2018-05-24 23:29 - 000428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2018-07-12 10:19 - 2018-05-15 10:42 - 000590680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2018-07-12 10:19 - 2018-05-04 01:02 - 000439640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2018-07-12 10:19 - 2018-05-04 01:02 - 000325456 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2018-07-12 10:19 - 2018-05-04 01:02 - 000187728 ____C (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2018-07-12 10:19 - 2018-04-26 15:43 - 000918296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000065880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000021848 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000018776 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000015704 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000015192 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000013152 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000063832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000020824 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000019288 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000016216 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000015704 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000013656 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012632 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-12 10:19 - 2018-04-25 19:38 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2018-07-12 10:02 - 2018-06-12 21:01 - 000149632 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-07-12 10:02 - 2018-06-08 15:15 - 002860032 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-07-12 10:02 - 2018-06-08 15:15 - 001602048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000783872 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000612352 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000470016 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000443392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000246272 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-07-11 13:58 - 2018-07-11 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-09 17:51 - 2018-07-09 17:51 - 000111660 _____ C:\Users\popp_000\Downloads\RAC 15-148.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-04 12:12 - 2015-06-19 15:42 - 000001254 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job
2018-08-04 12:12 - 2015-06-19 15:42 - 000001202 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job
2018-08-04 11:30 - 2017-09-16 11:44 - 000007594 _____ C:\Users\Rolls\AppData\Local\Resmon.ResmonCfg
2018-08-04 11:30 - 2014-02-24 22:06 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-04 11:30 - 2014-02-24 22:06 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-03 11:45 - 2014-03-04 14:59 - 000000000 ___DO C:\Users\popp_000\SkyDrive
2018-08-03 11:38 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-03 11:35 - 2014-01-20 08:43 - 000027136 _____ C:\windows\system32\VfService.trf
2018-08-03 11:23 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-08-03 11:05 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-03 11:01 - 2017-05-02 11:20 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-08-03 10:59 - 2014-01-20 08:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-03 10:54 - 2013-08-22 17:36 - 000000000 ____D C:\windows\tracing
2018-08-03 10:34 - 2014-02-24 22:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-02 11:46 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-08-02 11:34 - 2014-03-04 15:59 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Dropbox
2018-08-01 11:33 - 2014-01-20 08:31 - 000157476 _____ C:\windows\system32\perfc00C.dat
2018-08-01 11:33 - 2014-01-20 08:31 - 000081754 _____ C:\windows\system32\perfh00C.dat
2018-08-01 11:33 - 2014-01-20 08:26 - 000761160 _____ C:\windows\system32\perfh007.dat
2018-08-01 11:33 - 2014-01-20 08:26 - 000157652 _____ C:\windows\system32\perfc007.dat
2018-08-01 11:33 - 2013-10-07 20:27 - 002015868 _____ C:\windows\system32\PerfStringBackup.INI
2018-07-31 13:59 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-07-30 17:51 - 2014-03-04 16:03 - 000000000 ___RD C:\Users\popp_000\Dropbox
2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\ProgramData\Garmin
2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-07-28 21:45 - 2014-01-20 08:13 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-25 17:59 - 2014-03-04 22:53 - 000000000 ____D C:\Users\popp_000\AppData\Local\CrashDumps
2018-07-24 21:31 - 2017-11-17 11:34 - 000000000 ____D C:\Users\popp_000\Desktop\LATER
2018-07-24 16:36 - 2018-05-07 11:13 - 001091675 _____ C:\Users\popp_000\Desktop\Kennedy_WoodrowWWI_2018.pdf
2018-07-22 11:57 - 2016-01-24 17:30 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-07-22 11:57 - 2014-03-25 21:31 - 000000000 ____D C:\ProgramData\Skype
2018-07-22 11:55 - 2014-03-25 21:31 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Skype
2018-07-18 22:51 - 2017-05-02 11:26 - 000002377 _____ C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-07-16 20:48 - 2013-08-22 17:36 - 000000000 ____D C:\windows\LiveKernelReports
2018-07-16 15:07 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-07-15 13:33 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-15 13:23 - 2014-01-20 08:44 - 000000000 ____D C:\ProgramData\Energy Manager
2018-07-15 13:04 - 2013-08-22 16:44 - 000500816 _____ C:\windows\system32\FNTCACHE.DAT
2018-07-15 12:58 - 2015-04-18 18:10 - 000000000 ____D C:\windows\system32\appraiser
2018-07-15 12:58 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-07-15 12:57 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\NDF
2018-07-12 15:38 - 2014-03-04 15:58 - 000000000 ____D C:\windows\system32\MRT
2018-07-12 15:31 - 2014-03-04 15:58 - 134675576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-07-12 09:52 - 2018-05-09 10:30 - 000685568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2018-07-11 13:55 - 2014-02-24 22:16 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2018-07-11 13:55 - 2014-02-24 22:16 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2018-07-10 17:05 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\VirtualStore
2018-07-09 16:52 - 2015-11-09 17:52 - 000000424 _____ C:\windows\Tasks\DriverEasy Scheduled Scan.job

Some files in TEMP:
====================
2014-03-04 14:58 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\popp_000\AppData\Local\Temp\avgnt.exe
2016-12-31 18:38 - 2014-07-01 11:20 - 011719232 _____ (Foxit Corporation) C:\Users\popp_000\AppData\Local\Temp\Foxit Reader Updater.exe
2014-12-21 09:41 - 2014-12-21 09:41 - 095168336 _____ (SweetLabs,Inc.) C:\Users\popp_000\AppData\Local\Temp\oct50EC.tmp.exe
2017-07-12 13:05 - 2017-07-12 13:06 - 064794200 _____ (SweetLabs,Inc.) C:\Users\popp_000\AppData\Local\Temp\oct5FE4.tmp.exe
2017-10-02 13:09 - 2018-07-22 11:56 - 057812744 _____ (Skype Technologies S.A.) C:\Users\popp_000\AppData\Local\Temp\SkypeSetup.exe
2014-02-24 22:16 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\Rolls\AppData\Local\Temp\avgnt.exe
2015-11-09 17:47 - 2015-11-09 17:47 - 064809432 _____ (SweetLabs,Inc.) C:\Users\Rolls\AppData\Local\Temp\oct5CEE.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---


Additions.txt:

[CODE]Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by popp_000 (04-08-2018 12:15:35)
Running from C:\Users\popp_000\Downloads
Windows 8.1 (Update) (X64) (2014-02-24 19:54:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled)
Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled)
popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Limited - Enabled) => C:\Users\popp_000
Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{b883705a-0784-4d1e-9766-601e8d66945a}) (Version: 1.2.115.14232 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions)
GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version:  - )
GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{AAE126B3-95C5-49E1-A590-7B5F6EDC7D60}) (Version: 12.5.32.203 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => 
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-06-27 08:53 - 2018-06-22 21:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-27 08:53 - 2018-06-22 21:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 62.2.17.60 - 62.2.24.162
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe
FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC8120C7-33BE-4EE0-A5D3-2FC1CDB57184}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{FFDB7024-EDC1-4129-AAE2-F6C96C8E383E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{C6053D39-4308-4B42-8A8A-6E2A35310460}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{95CBABA5-8E3D-4A5B-A1B8-03D82509368F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{6266A37E-5C70-40AA-899F-C3525EED13D9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3AFE67D9-1ACF-4E60-AE30-AEF8B0F6AEEC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74821703

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2018 11:44:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d5c

Startzeit: 01d42b0dcbb3b9b0

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: c2926c2b-9701-11e8-8336-fcf8ae81aa91

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (08/03/2018 11:42:02 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (08/03/2018 10:40:27 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/03/2018 10:36:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6a18

Startzeit: 01d42b03eebce287

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 3f7d4b87-96f8-11e8-8334-fcf8ae81aa91

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten.

Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet.

Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\windows\System32\IWMSSvc.dll

Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\windows\System32\IWMSSvc.dll

Error: (08/03/2018 11:34:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\windows\System32\IWMSSvc.dll

Error: (08/03/2018 11:34:41 AM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


Windows Defender:
===================================
Date: 2017-05-04 16:39:21.013
Description: 
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Aktuell
Fehlercode: 0x80073aba
Fehlerbeschreibung: The resource is too old to be compatible. 
Signaturversion: 1.155.266.0;1.155.266.0
Modulversion: 1.1.9700.0

CodeIntegrity:
===================================

Date: 2018-08-03 11:42:33.517
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:42:31.189
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:42:26.634
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:37:39.892
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-03 11:22:59.575
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:22:54.841
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:22:47.622
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:22:42.906
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 59%
Total physical RAM: 8104.27 MB
Available physical RAM: 3286.13 MB
Total Virtual: 13480.27 MB
Available Virtual: 7809.13 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:151.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS

\\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS
\\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---


Additions.TXT

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by popp_000 (04-08-2018 12:15:35)
Running from C:\Users\popp_000\Downloads
Windows 8.1 (Update) (X64) (2014-02-24 19:54:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled)
Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled)
popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Limited - Enabled) => C:\Users\popp_000
Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{b883705a-0784-4d1e-9766-601e8d66945a}) (Version: 1.2.115.14232 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions)
GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version:  - )
GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{AAE126B3-95C5-49E1-A590-7B5F6EDC7D60}) (Version: 12.5.32.203 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => 
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-06-27 08:53 - 2018-06-22 21:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-27 08:53 - 2018-06-22 21:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 62.2.17.60 - 62.2.24.162
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe
FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC8120C7-33BE-4EE0-A5D3-2FC1CDB57184}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{FFDB7024-EDC1-4129-AAE2-F6C96C8E383E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{C6053D39-4308-4B42-8A8A-6E2A35310460}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{95CBABA5-8E3D-4A5B-A1B8-03D82509368F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{6266A37E-5C70-40AA-899F-C3525EED13D9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3AFE67D9-1ACF-4E60-AE30-AEF8B0F6AEEC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74821703

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2018 11:44:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d5c

Startzeit: 01d42b0dcbb3b9b0

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: c2926c2b-9701-11e8-8336-fcf8ae81aa91

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (08/03/2018 11:42:02 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (08/03/2018 10:40:27 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/03/2018 10:36:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6a18

Startzeit: 01d42b03eebce287

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 3f7d4b87-96f8-11e8-8334-fcf8ae81aa91

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten.

Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet.

Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\windows\System32\IWMSSvc.dll

Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\windows\System32\IWMSSvc.dll

Error: (08/03/2018 11:34:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\windows\System32\IWMSSvc.dll

Error: (08/03/2018 11:34:41 AM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


Windows Defender:
===================================
Date: 2017-05-04 16:39:21.013
Description: 
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Aktuell
Fehlercode: 0x80073aba
Fehlerbeschreibung: The resource is too old to be compatible. 
Signaturversion: 1.155.266.0;1.155.266.0
Modulversion: 1.1.9700.0

CodeIntegrity:
===================================

Date: 2018-08-03 11:42:33.517
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:42:31.189
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:42:26.634
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:37:39.892
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-03 11:22:59.575
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:22:54.841
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:22:47.622
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:22:42.906
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 59%
Total physical RAM: 8104.27 MB
Available physical RAM: 3286.13 MB
Total Virtual: 13480.27 MB
Available Virtual: 7809.13 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:151.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS

\\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS
\\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================
         
--- --- ---

Alt 04.08.2018, 21:03   #2
Rolls
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Und der letzte AviraScan:

Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 4. August 2018  12:20


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 8.1
Windowsversion : (plain)  [6.3.9600]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ROLLS_PC

Versionsinformationen:
build.dat      : 15.0.36.211   121920 Bytes  28.06.2018 15:34:00
AVSCAN.EXE     : 15.0.36.208  1306056 Bytes  11.07.2018 11:55:02
AVSCANRC.DLL   : 15.0.36.115    73768 Bytes  02.05.2018 14:30:37
LUKE.DLL       : 15.0.36.207    81120 Bytes  11.07.2018 11:55:13
AVSCPLR.DLL    : 15.0.36.207   153648 Bytes  11.07.2018 11:55:02
REPAIR.DLL     : 15.0.36.208   778752 Bytes  11.07.2018 11:55:01
repair.rdf     : 1.0.43.48    1409885 Bytes  03.08.2018 08:39:29
AVREG.DLL      : 15.0.36.207   442576 Bytes  11.07.2018 11:55:01
avlode.dll     : 15.0.36.208  1017072 Bytes  11.07.2018 11:55:00
avlode.rdf     : 14.0.5.154    218943 Bytes  27.07.2018 09:53:31
XBV00004.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00005.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00006.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00007.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00008.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00009.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00010.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00011.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00012.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00013.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00014.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00015.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00016.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00017.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00018.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00019.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00020.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00021.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00022.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00023.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00024.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00025.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00026.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00027.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00028.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:46
XBV00029.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00030.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00031.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00032.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00033.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00034.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00035.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00036.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00037.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00038.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00039.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00040.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00041.VDF   : 8.15.0.146      2408 Bytes  10.07.2018 11:55:47
XBV00077.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00078.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00079.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00080.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00081.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00082.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00083.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00084.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00085.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00086.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00087.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00088.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:55
XBV00089.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00090.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00091.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00092.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00093.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00094.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00095.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00096.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00097.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00098.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00099.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00100.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00101.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00102.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00103.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00104.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00105.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00106.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00107.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00108.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00109.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00110.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00111.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00112.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:56
XBV00113.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00114.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00115.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00116.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00117.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00118.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00119.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00120.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00121.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00122.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00123.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00124.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00125.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00126.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00127.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00128.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00129.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00130.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00131.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00132.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00133.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00134.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00135.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00136.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00137.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:57
XBV00138.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00139.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00140.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00141.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00142.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00143.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00144.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00145.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00146.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00147.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00148.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00149.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00150.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00151.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00152.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00153.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00154.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00155.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00156.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00157.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00158.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00159.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00160.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00161.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:58
XBV00162.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00163.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00164.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00165.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00166.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00167.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00168.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00169.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00170.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00171.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00172.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00173.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00174.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00175.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00176.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00177.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00178.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00179.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00180.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00181.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00182.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00183.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00184.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00185.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:01:59
XBV00186.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:00
XBV00187.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:00
XBV00188.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:00
XBV00189.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00190.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00191.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00192.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00193.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00194.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00195.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00196.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00197.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00198.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00199.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00200.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00201.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00202.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00203.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00204.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00205.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00206.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00207.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00208.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00209.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00210.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00211.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00212.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:01
XBV00213.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00214.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00215.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00216.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00217.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00218.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00219.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00220.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00221.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00222.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00223.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00224.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00225.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00226.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00227.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00228.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00229.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00230.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00231.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00232.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00233.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00234.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:02
XBV00235.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00236.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00237.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00238.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00239.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00240.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00241.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00242.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00243.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00244.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00245.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00246.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00247.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00248.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00249.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00250.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00251.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00252.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00253.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00254.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00255.VDF   : 8.15.2.90       2408 Bytes  30.07.2018 08:02:03
XBV00000.VDF   : 7.15.0.32   43855208 Bytes  10.07.2018 11:55:37
XBV00001.VDF   : 8.15.0.146  10104680 Bytes  10.07.2018 11:55:45
XBV00002.VDF   : 8.15.1.94     927592 Bytes  19.07.2018 09:13:02
XBV00003.VDF   : 8.15.2.90     647528 Bytes  30.07.2018 08:01:53
XBV00042.VDF   : 8.15.2.92      51048 Bytes  31.07.2018 08:01:53
XBV00043.VDF   : 8.15.2.94      15208 Bytes  31.07.2018 12:02:15
XBV00044.VDF   : 8.15.2.96      49512 Bytes  31.07.2018 16:40:18
XBV00045.VDF   : 8.15.2.98      20328 Bytes  31.07.2018 18:40:26
XBV00046.VDF   : 8.15.2.100     14696 Bytes  31.07.2018 18:40:26
XBV00047.VDF   : 8.15.2.102     31080 Bytes  31.07.2018 09:38:26
XBV00048.VDF   : 8.15.2.104     60776 Bytes  31.07.2018 09:38:26
XBV00049.VDF   : 8.15.2.106     53096 Bytes  01.08.2018 09:38:26
XBV00050.VDF   : 8.15.2.108    283496 Bytes  01.08.2018 09:38:27
XBV00051.VDF   : 8.15.2.110      8040 Bytes  01.08.2018 11:38:46
XBV00052.VDF   : 8.15.2.112      5992 Bytes  01.08.2018 13:38:38
XBV00053.VDF   : 8.15.2.114     14696 Bytes  01.08.2018 15:38:33
XBV00054.VDF   : 8.15.2.116      8040 Bytes  01.08.2018 15:38:33
XBV00055.VDF   : 8.15.2.120      5992 Bytes  01.08.2018 17:38:42
XBV00056.VDF   : 8.15.2.122      5480 Bytes  01.08.2018 09:41:57
XBV00057.VDF   : 8.15.2.124      2920 Bytes  01.08.2018 09:41:57
XBV00058.VDF   : 8.15.2.126     79720 Bytes  01.08.2018 09:41:57
XBV00059.VDF   : 8.15.2.128     15720 Bytes  02.08.2018 09:41:57
XBV00060.VDF   : 8.15.2.130      6504 Bytes  02.08.2018 09:41:57
XBV00061.VDF   : 8.15.2.132      3944 Bytes  02.08.2018 11:41:49
XBV00062.VDF   : 8.15.2.134      8040 Bytes  02.08.2018 08:39:30
XBV00063.VDF   : 8.15.2.136     10600 Bytes  02.08.2018 08:39:30
XBV00064.VDF   : 8.15.2.138     25448 Bytes  02.08.2018 08:39:30
XBV00065.VDF   : 8.15.2.140     23400 Bytes  02.08.2018 08:39:30
XBV00066.VDF   : 8.15.2.142      5480 Bytes  02.08.2018 08:39:30
XBV00067.VDF   : 8.15.2.144      5992 Bytes  02.08.2018 08:39:30
XBV00068.VDF   : 8.15.2.146     45416 Bytes  02.08.2018 08:39:30
XBV00069.VDF   : 8.15.2.148     54120 Bytes  03.08.2018 08:39:30
XBV00070.VDF   : 8.15.2.150     31080 Bytes  03.08.2018 10:38:53
XBV00071.VDF   : 8.15.2.152      5480 Bytes  03.08.2018 09:17:56
XBV00072.VDF   : 8.15.2.154      7016 Bytes  03.08.2018 09:17:56
XBV00073.VDF   : 8.15.2.156     66408 Bytes  03.08.2018 09:17:56
XBV00074.VDF   : 8.15.2.158     18280 Bytes  03.08.2018 09:17:56
XBV00075.VDF   : 8.15.2.160     23400 Bytes  03.08.2018 09:17:56
XBV00076.VDF   : 8.15.2.162     42856 Bytes  04.08.2018 09:17:56
LOCAL001.VDF   : 8.15.2.162  58366464 Bytes  04.08.2018 09:18:20
Engineversion  : 8.3.52.38 
AEBB.DLL       : 8.1.3.2        71144 Bytes  27.10.2017 10:46:54
AECORE.DLL     : 8.3.16.4      278952 Bytes  15.07.2018 12:54:10
AECRYPTO.DLL   : 8.2.1.2       141800 Bytes  05.12.2017 15:31:45
AEDROID.DLL    : 8.4.4.12     2805800 Bytes  07.05.2018 14:58:43
AEEMU.DLL      : 8.1.3.10      420248 Bytes  27.10.2017 10:46:54
AEEXP.DLL      : 8.4.5.4       399464 Bytes  05.04.2018 09:15:39
AEGEN.DLL      : 8.1.8.334     707928 Bytes  03.08.2018 08:39:28
AEHELP.DLL     : 8.3.3.4       299728 Bytes  07.05.2018 14:58:27
AEHEUR.DLL     : 8.1.6.358   11878384 Bytes  26.07.2018 10:37:57
AELIBINF.DLL   : 8.2.1.6        79464 Bytes  14.11.2017 16:40:27
AEMOBILE.DLL   : 8.1.20.2      362072 Bytes  14.02.2018 13:48:41
AEOFFICE.DLL   : 8.4.6.4       707016 Bytes  15.07.2018 12:54:10
AEPACK.DLL     : 8.4.3.4       856632 Bytes  04.07.2018 09:14:56
AERDL.DLL      : 8.2.2.50     1263912 Bytes  07.12.2017 14:51:42
AESBX.DLL      : 8.2.22.16    1667056 Bytes  05.03.2018 13:44:09
AESCN.DLL      : 8.3.8.4       158416 Bytes  20.06.2018 09:26:50
AESCRIPT.DLL   : 8.3.7.28     1065344 Bytes  03.08.2018 08:39:28
AEVDF.DLL      : 8.3.3.6       154264 Bytes  27.10.2017 10:46:56
AVWINLL.DLL    : 15.0.36.164    37448 Bytes  13.05.2018 12:32:37
AVPREF.DLL     : 15.0.36.164    63920 Bytes  13.05.2018 12:32:40
AVREP.DLL      : 15.0.36.164   234888 Bytes  13.05.2018 12:32:40
AVARKT.DLL     : 15.0.36.194   241096 Bytes  17.06.2018 12:05:18
SQLITE3.DLL    : 15.0.36.164   473256 Bytes  13.05.2018 12:32:50
AVSMTP.DLL     : 15.0.36.164    90392 Bytes  13.05.2018 12:32:41
NETNT.DLL      : 15.0.36.164    26568 Bytes  13.05.2018 12:32:48
CommonImageRc.dll: 15.0.36.115  4265072 Bytes  02.05.2018 14:30:33
CommonTextRc.dll: 15.0.36.185    83104 Bytes  17.06.2018 12:05:17

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Prüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Auszulassende Dateien.................: 

Beginn des Suchlaufs: Samstag, 4. August 2018  12:20

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Der Bootsektor wurde aufgrund des inkompatiblen Formats nicht gescannt.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeClickToRun.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'FCUpdateService.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'HuaweiHiSuiteService64.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibtrksrv.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'iSCTAgent.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'PGService.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo64.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'VfConnectorService.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZeroConfigService.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '263' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SettingSyncHost.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'skydrive.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'OUTLOOK.EXE' - '182' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTFTrack.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Energy Manager.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'utility.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'ScanToPCActivationApp.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'iSCTsysTray8.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '192' Modul(e) wurden durchsucht
Durchsuche Prozess 'PdfPro7Hook.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'PdfCreate7Hook.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPSupportSolutionsFrameworkService.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'FRST64.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TiWorker.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2378' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows8_OS>
Cloud SDK Initialisierung und Lizenz überprüfen erfolgreich.
Die Datei 'C:\Program Files (x86)\Uninstall Information\103\4143\uninstall.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = B2183128E1CC3E056202020FED52C607CE16A902103A4F709E189ED65A75A993
Die Datei 'C:\Users\popp_000\AppData\Local\Temp\HW_UTPS_SP_Autorun\HiSuiteDownLoader.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = CE0E394983B97F542B9E87115714130CD8C5FE7C601E2EA63C9EC2ED480D888E
Die Datei 'C:\Users\popp_000\Downloads\Firefox Setup Stub 46.0.1.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = DA9E3AECD23E2A7C5DD41DD105AD8E980AD70BF239A0910C17DB126E7D353061
Die Datei 'C:\Users\popp_000\Downloads\irfanview_plugins_440_setup (1).exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = 34A30548F0D1EED4EF75D524A1E8D0BC480C9C21D074179C98898BBAEA527ADA
Die Datei wurde im Zwischenspeicher in 'C:\Users\popp_000\Downloads\irfanview_plugins_440_setup.exe' gefunden; der Scan Cloud-Sicherheit wurde übersprungen. SHA256 = 34A30548F0D1EED4EF75D524A1E8D0BC480C9C21D074179C98898BBAEA527ADA
FP-Server meldet Status "KEIN Fehlalarm" für Datei 'C:\Users\popp_000\Downloads\ViberSetup (1).exe'
Die Datei 'C:\Users\popp_000\Downloads\ViberSetup (1).exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = 23709AA5CA9A1A3B9461061AD60F5762856B09F6ECC6A3AFD70F93E94297CF14
C:\Users\popp_000\Downloads\ViberSetup (1).exe
  [FUND]      Enthält Muster der Software PUA/iLivid
FP-Server meldet Status "KEIN Fehlalarm" für Datei 'C:\Users\popp_000\Downloads\ViberSetup.exe'
Die Datei 'C:\Users\popp_000\Downloads\ViberSetup.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = 23709AA5CA9A1A3B9461061AD60F5762856B09F6ECC6A3AFD70F93E94297CF14
C:\Users\popp_000\Downloads\ViberSetup.exe
  [FUND]      Enthält Muster der Software PUA/iLivid
FP-Server meldet Status "KEIN Fehlalarm" für Datei 'C:\Users\Rolls\AppData\Local\Viber\Uninstall.exe'
Die Datei 'C:\Users\Rolls\AppData\Local\Viber\Uninstall.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = 0CF4CDE078B88D4315CF943FCF296CAA983A0E5415AE86A28A65E4B569D9B792
C:\Users\Rolls\AppData\Local\Viber\Uninstall.exe
  [FUND]      Enthält Muster der Software PUA/SeaSuite
FP-Server meldet Status "KEIN Fehlalarm" für Datei 'C:\Windows\Temp\WAX290B.tmp'
Die Datei 'C:\Windows\Temp\WAX290B.tmp' wurde zur Cloud-Sicherheit hochgeladen und analysiert. SHA256 = 357B9AAE25FAD2758451BEEB6728DC81993C8F40FF491156158933C02E419314
C:\Windows\Temp\WAX290B.tmp (SHA-256: 0000000000000000000000000000000000000000000000000000000000000000)
  [FUND]      Enthält verdächtigen Code HEUR/APC
  [INFO]      Die Datei 'C:\Windows\Temp\WAX290B.tmp' wurde zur Cloud-Sicherheit hochgeladen und analysiert.
Beginne mit der Suche in 'D:\' <LENOVO>

Beginne mit der Desinfektion:
C:\Windows\Temp\WAX290B.tmp (SHA-256: 0000000000000000000000000000000000000000000000000000000000000000)
  [FUND]      Enthält verdächtigen Code HEUR/APC
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d5972cf.qua' verschoben!
C:\Users\Rolls\AppData\Local\Viber\Uninstall.exe
  [FUND]      Enthält Muster der Software PUA/SeaSuite
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '45bd5ea8.qua' verschoben!
C:\Users\popp_000\Downloads\ViberSetup.exe
  [FUND]      Enthält Muster der Software PUA/iLivid
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '17eb3b80.qua' verschoben!
C:\Users\popp_000\Downloads\ViberSetup (1).exe
  [FUND]      Enthält Muster der Software PUA/iLivid
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '71dc74fe.qua' verschoben!


Ende des Suchlaufs: Samstag, 4. August 2018  19:19
Benötigte Zeit:  6:05:37 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  91341 Verzeichnisse wurden überprüft
 1627983 Dateien wurden geprüft
      4 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      4 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1627979 Dateien ohne Befall
  44658 Archive wurden durchsucht
      0 Warnungen
      4 Hinweise
   2268 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
__________________


Alt 05.08.2018, 20:39   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Zitat:
Ran by popp_000 (ATTENTION: The user is not administrator) on ROLLS_PC (04-08-2018 12:12:23)
Running from C:\Users\popp_000\Downloads
So wird das nix. Der betroffene User muss Adminrechte haben. Gib diesem User Adminrechte und erstelle die Logs neu. Außerdem sollte Google Chrome runter:

Lesestoff:
Google Chrome

Offensichtlich nutzt du den Browser Chrome von Google. Von der Verwendung dieses Browsers muss man aus Datenschutzgründen dringend abraten. Siehe auch Google: Chrome-Browser scannt lokale Dateien auf Windows-PCs

Installiere Mozilla Firefox, damit lassen sich auch Profildaten aus Chrome importieren, anschließend Google Chrome deinstallieren.
__________________
__________________

Alt 05.08.2018, 20:51   #4
Rolls
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Danke für Deine Antwort und sorry für die nutzlosen logs. Die Chrome-Geschichte kannte ich nicht, überrascht mich aber dann doch, reichlich invasiv. Ich werde das mal recherchieren. Wa waäre eine sichere(re) Alternative?

Auf ein Neues:

FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by popp_000 (ATTENTION: The user is not administrator) on ROLLS_PC (05-08-2018 20:43:47)
Running from C:\Users\popp_000\Downloads
Loaded Profiles: Rolls & popp_000 (Available Profiles: Rolls & popp_000)
Platform: Windows 8.1 (Update) (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> avguard.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> OfficeClickToRun.exe
Failed to access process -> svchost.exe
Failed to access process -> dasHost.exe
Failed to access process -> EvtEng.exe
Failed to access process -> FCUpdateService.exe
Failed to access process -> HuaweiHiSuiteService64.exe
Failed to access process -> HeciServer.exe
Failed to access process -> ibtrksrv.exe
Failed to access process -> iSCTAgent.exe
Failed to access process -> PGService.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> RichVideo64.exe
Failed to access process -> svchost.exe
Failed to access process -> VfConnectorService.exe
Failed to access process -> ZeroConfigService.exe
Failed to access process -> Avira.ServiceHost.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> avshadow.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Failed to access process -> SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
Failed to access process -> devmonsrv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
Failed to access process -> obexsrv.exe
(Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> GoogleCrashHandler64.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> jhi_service.exe
Failed to access process -> LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
Failed to access process -> wmpnetwk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> dllhost.exe
Failed to access process -> SearchProtocolHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-01-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-01-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [1775464 2011-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [1771368 2011-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Create 7-reminder] => "C:\Program Files (x86)\Nuance\PDFCreate\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Create 7\Ereg\Ereg.ini"
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6574-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6629-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-20]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Tcpip\..\Interfaces\{4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}: [DhcpNameServer] 129.132.98.12 129.132.250.2
Tcpip\..\Interfaces\{A18FC3BF-B907-4373-9D7F-2A14F0C58609}: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Tcpip\..\Interfaces\{E9525CEC-B32C-409E-B026-B233ABEF911C}: [DhcpNameServer] 129.132.98.12 129.132.250.2

Internet Explorer:
==================
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: [S-1-5-21-419436004-3641650613-4044294934-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
SearchScopes: HKU\.DEFAULT -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-01] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF DefaultProfile: o2okhndp.default
FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Zotero\Zotero\Profiles\tco359nz.default [2016-06-17]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-06-07] [Legacy] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-06-07] [Legacy] [not signed]
FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Mozilla\Firefox\Profiles\o2okhndp.default [2018-05-16]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-419436004-3641650613-4044294934-1004: pokki.com/PokkiDownloadHelper -> C:\Users\popp_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default [2018-08-05]
CHR Extension: (Docs) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (uBlock Origin) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-18]
CHR Extension: (Google-Suche) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Session Buddy) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30]
CHR Extension: (Zotero Connector) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Google Mail) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [880040 2018-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164808 2018-07-11] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 lmhosts; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 lmhosts; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 NlaSvc; C:\windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 NlaSvc; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-08] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-08] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-01-20] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [179376 2018-07-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-07-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-22] (Avira Operations GmbH & Co. KG)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation)
R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated)
S1 vflt; C:\windows\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\windows\system32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-05 18:36 - 2018-08-05 18:36 - 001138176 _____ C:\Users\popp_000\Desktop\Arbeitsbemühungen Juli.msg
2018-08-05 18:18 - 2018-08-05 18:18 - 000845448 _____ C:\Users\popp_000\Downloads\SCLiteFix_299026.exe
2018-08-05 18:18 - 2018-08-05 18:18 - 000000000 ____D C:\Users\Rolls\Documents\HpReg_Backup
2018-08-05 18:01 - 2018-08-05 18:01 - 000002231 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2018-08-05 18:01 - 2018-08-05 18:01 - 000001183 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
2018-08-05 18:01 - 2018-08-05 18:01 - 000000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\ProgramData\HP
2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\Program Files (x86)\HP
2018-08-05 18:01 - 2012-10-17 04:31 - 000741480 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPM5912.dll
2018-08-05 18:00 - 2018-08-05 18:00 - 000000000 ____D C:\Users\Rolls\AppData\Local\HP
2018-08-05 17:55 - 2018-08-05 17:57 - 140667048 _____ C:\Users\Rolls\Downloads\OJ8600_Full_WebPack_28.0.1315_2.exe
2018-08-04 12:15 - 2018-08-04 12:17 - 000033981 _____ C:\Users\popp_000\Downloads\Addition.txt
2018-08-04 12:12 - 2018-08-05 20:44 - 000026482 _____ C:\Users\popp_000\Downloads\FRST.txt
2018-08-04 12:12 - 2018-08-05 20:43 - 000000000 ____D C:\FRST
2018-08-04 12:11 - 2018-08-04 12:11 - 002412544 _____ (Farbar) C:\Users\popp_000\Downloads\FRST64.exe
2018-08-03 11:44 - 2018-08-03 11:44 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2 (1).exe
2018-08-03 11:28 - 2018-08-03 11:32 - 000000000 ____D C:\AdwCleaner
2018-08-03 11:28 - 2018-08-03 11:28 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2.exe
2018-08-03 11:01 - 2018-08-03 11:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-03 11:01 - 2018-08-03 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-08-03 10:35 - 2018-08-03 10:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 10:35 - 2018-08-03 10:35 - 000002237 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-02 12:05 - 2018-08-02 12:05 - 001318374 _____ C:\Users\popp_000\Downloads\foreignpolicy.com-Why I Didnt Sign Up to Defend the International Order.pdf
2018-08-02 11:33 - 2018-08-02 11:33 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-31 13:47 - 2018-03-27 01:24 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2018-07-31 13:47 - 2018-03-27 01:24 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2018-07-31 13:47 - 2018-03-27 01:17 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2018-07-31 13:47 - 2018-03-27 01:17 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2018-07-30 13:38 - 2018-07-30 13:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-30 13:22 - 2018-07-30 13:22 - 001540104 _____ (CHIP Digital GmbH) C:\Users\popp_000\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe
2018-07-25 17:19 - 2018-07-25 17:19 - 000158109 _____ C:\Users\popp_000\Desktop\Bell_QuestioningGlobalTurn_2014.pdf
2018-07-25 17:19 - 2018-07-25 17:19 - 000065607 _____ C:\Users\popp_000\Desktop\Burton_MethodScaleWH_2007.pdf
2018-07-25 17:17 - 2018-07-25 17:17 - 000131170 _____ C:\Users\popp_000\Desktop\Tsing_EconomyAppearances_2000.pdf
2018-07-24 20:33 - 2018-07-24 20:33 - 002092858 _____ C:\Users\popp_000\Desktop\Tsing_GlobalSituation_2000.pdf
2018-07-23 19:48 - 2018-07-23 19:48 - 000055476 _____ C:\Users\popp_000\Desktop\GoodeRevonCollier_2018.pdf
2018-07-23 19:45 - 2018-07-23 19:45 - 001227292 _____ C:\Users\popp_000\Desktop\Rovner_LongWarEast_2018.pdf
2018-07-23 19:44 - 2018-07-23 19:44 - 000985481 _____ C:\Users\popp_000\Desktop\Kroenig_D&STRT_NucleNonprolif_2018.pdf
2018-07-23 19:22 - 2018-07-23 19:22 - 000282576 _____ C:\Users\popp_000\Desktop\Porter_HabitUSGrandStrategy_2018.pdf
2018-07-23 19:19 - 2018-07-23 19:19 - 000176411 _____ C:\Users\popp_000\Desktop\VielhaberBleek_ShadoiwwarsReview_2012.pdf
2018-07-23 19:06 - 2018-07-23 19:06 - 000527232 _____ C:\Users\popp_000\Desktop\MillerVolpe_SaudiNukes_2018.pdf
2018-07-23 19:06 - 2018-07-23 19:06 - 000417636 _____ C:\Users\popp_000\Desktop\Nephew_SanctionsRelief_2018.pdf
2018-07-23 19:04 - 2018-07-23 19:04 - 000501283 _____ C:\Users\popp_000\Desktop\Glaser_IllusionofAmericDecline_2018.pdf
2018-07-22 11:57 - 2018-07-22 11:57 - 000001333 _____ C:\Users\Public\Desktop\Skype.lnk
2018-07-22 11:57 - 2018-07-22 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-07-16 19:25 - 2018-07-16 19:25 - 000060349 _____ C:\Users\popp_000\Downloads\CAE17-09 Additional Information.pdf
2018-07-16 10:41 - 2018-07-16 10:41 - 000041845 _____ C:\Users\popp_000\Downloads\Buchungsdetail 20180716104127.pdf
2018-07-15 13:07 - 2018-06-29 00:07 - 000835064 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-07-15 13:07 - 2018-06-29 00:07 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-14 06:45 - 2018-07-14 06:52 - 000385911 _____ C:\Users\popp_000\Desktop\Passport.pdf
2018-07-12 11:17 - 2018-07-12 11:17 - 000001147 _____ C:\Users\Public\Desktop\Avira.lnk
2018-07-12 10:19 - 2018-06-20 22:01 - 007398232 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-07-12 10:19 - 2018-06-20 21:44 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-07-12 10:19 - 2018-06-20 21:44 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-07-12 10:19 - 2018-06-20 20:48 - 000095744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2018-07-12 10:19 - 2018-06-20 20:48 - 000027136 ____C (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys
2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2018-07-12 10:19 - 2018-06-20 18:58 - 000092672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2018-07-12 10:19 - 2018-06-15 05:01 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-07-12 10:19 - 2018-06-12 10:00 - 022374248 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2018-07-12 10:19 - 2018-06-12 09:57 - 019790760 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2018-07-12 10:19 - 2018-06-11 18:55 - 025744896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-07-12 10:19 - 2018-06-11 18:36 - 003119616 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2018-07-12 10:19 - 2018-06-11 18:14 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-07-12 10:19 - 2018-06-11 18:06 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-07-12 10:19 - 2018-06-11 18:04 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-07-12 10:19 - 2018-06-11 17:39 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-07-12 10:19 - 2018-06-11 17:36 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-07-12 10:19 - 2018-06-11 17:31 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-07-12 10:19 - 2018-06-11 17:22 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-07-12 10:19 - 2018-06-11 17:11 - 001545216 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-07-12 10:19 - 2018-06-11 16:59 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-07-12 10:19 - 2018-06-09 18:40 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-07-12 10:19 - 2018-06-09 18:26 - 002712064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2018-07-12 10:19 - 2018-06-09 18:09 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-07-12 10:19 - 2018-06-09 17:59 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-07-12 10:19 - 2018-06-09 17:37 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-07-12 10:19 - 2018-06-09 17:37 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-07-12 10:19 - 2018-06-09 17:36 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-07-12 10:19 - 2018-06-09 17:32 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-07-12 10:19 - 2018-06-09 17:11 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-07-12 10:19 - 2018-06-09 17:08 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-07-12 10:19 - 2018-06-09 17:06 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-07-12 10:19 - 2018-06-09 04:47 - 002176072 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2018-07-12 10:19 - 2018-06-09 03:44 - 001565528 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2018-07-12 10:19 - 2018-06-08 20:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll
2018-07-12 10:19 - 2018-06-08 19:54 - 000656384 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2018-07-12 10:19 - 2018-06-08 19:53 - 000252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2018-07-12 10:19 - 2018-06-08 19:07 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll
2018-07-12 10:19 - 2018-06-08 18:44 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2018-07-12 10:19 - 2018-06-07 20:51 - 000074240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2018-07-12 10:19 - 2018-05-24 23:29 - 002449752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-07-12 10:19 - 2018-05-24 23:29 - 000428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2018-07-12 10:19 - 2018-05-15 10:42 - 000590680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2018-07-12 10:19 - 2018-05-04 01:02 - 000439640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2018-07-12 10:19 - 2018-05-04 01:02 - 000325456 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2018-07-12 10:19 - 2018-05-04 01:02 - 000187728 ____C (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2018-07-12 10:19 - 2018-04-26 15:43 - 000918296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000065880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000021848 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000018776 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000015704 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000015192 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000013152 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000063832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000020824 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000019288 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000016216 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000015704 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000013656 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012632 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-12 10:19 - 2018-04-25 19:38 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2018-07-12 10:02 - 2018-06-12 21:01 - 000149632 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-07-12 10:02 - 2018-06-08 15:15 - 002860032 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-07-12 10:02 - 2018-06-08 15:15 - 001602048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000783872 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000612352 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000470016 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000443392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000246272 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-07-11 13:58 - 2018-07-11 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-09 17:51 - 2018-07-09 17:51 - 000111660 _____ C:\Users\popp_000\Downloads\RAC 15-148.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-05 20:12 - 2015-06-19 15:42 - 000001254 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job
2018-08-05 18:22 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-08-05 18:17 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\Packages
2018-08-05 18:10 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-05 18:08 - 2014-03-04 14:59 - 000000000 ___DO C:\Users\popp_000\SkyDrive
2018-08-05 18:04 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-05 18:04 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-08-05 18:03 - 2014-01-20 08:43 - 000027136 _____ C:\windows\system32\VfService.trf
2018-08-05 18:00 - 2014-02-24 22:06 - 000000000 ____D C:\Users\Rolls\AppData\Local\Google
2018-08-05 17:53 - 2014-01-20 08:43 - 000000000 ____D C:\Program Files\Lenovo
2018-08-05 17:53 - 2014-01-20 08:13 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-04 19:17 - 2014-03-26 05:20 - 000000000 ____D C:\Users\Rolls\AppData\Local\Viber
2018-08-04 18:28 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-08-04 12:12 - 2015-06-19 15:42 - 000001202 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job
2018-08-04 11:30 - 2017-09-16 11:44 - 000007594 _____ C:\Users\Rolls\AppData\Local\Resmon.ResmonCfg
2018-08-04 11:30 - 2014-02-24 22:06 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-04 11:30 - 2014-02-24 22:06 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-03 11:05 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-03 11:01 - 2017-05-02 11:20 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-08-03 10:59 - 2014-01-20 08:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-03 10:54 - 2013-08-22 17:36 - 000000000 ____D C:\windows\tracing
2018-08-03 10:34 - 2014-02-24 22:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-02 11:34 - 2014-03-04 15:59 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Dropbox
2018-08-01 11:33 - 2014-01-20 08:31 - 000157476 _____ C:\windows\system32\perfc00C.dat
2018-08-01 11:33 - 2014-01-20 08:31 - 000081754 _____ C:\windows\system32\perfh00C.dat
2018-08-01 11:33 - 2014-01-20 08:26 - 000761160 _____ C:\windows\system32\perfh007.dat
2018-08-01 11:33 - 2014-01-20 08:26 - 000157652 _____ C:\windows\system32\perfc007.dat
2018-08-01 11:33 - 2013-10-07 20:27 - 002015868 _____ C:\windows\system32\PerfStringBackup.INI
2018-07-31 13:59 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-07-30 17:51 - 2014-03-04 16:03 - 000000000 ___RD C:\Users\popp_000\Dropbox
2018-07-30 11:39 - 2013-08-22 17:36 - 000000000 ____D C:\windows\LiveKernelReports
2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\ProgramData\Garmin
2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-07-25 17:59 - 2014-03-04 22:53 - 000000000 ____D C:\Users\popp_000\AppData\Local\CrashDumps
2018-07-24 21:31 - 2017-11-17 11:34 - 000000000 ____D C:\Users\popp_000\Desktop\LATER
2018-07-24 16:36 - 2018-05-07 11:13 - 001091675 _____ C:\Users\popp_000\Desktop\Kennedy_WoodrowWWI_2018.pdf
2018-07-22 11:57 - 2016-01-24 17:30 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-07-22 11:57 - 2014-03-25 21:31 - 000000000 ____D C:\ProgramData\Skype
2018-07-22 11:55 - 2014-03-25 21:31 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Skype
2018-07-18 22:51 - 2017-05-02 11:26 - 000002377 _____ C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-07-15 13:23 - 2014-01-20 08:44 - 000000000 ____D C:\ProgramData\Energy Manager
2018-07-15 13:04 - 2013-08-22 16:44 - 000500816 _____ C:\windows\system32\FNTCACHE.DAT
2018-07-15 12:58 - 2015-04-18 18:10 - 000000000 ____D C:\windows\system32\appraiser
2018-07-15 12:58 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-07-15 12:57 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\NDF
2018-07-12 15:38 - 2014-03-04 15:58 - 000000000 ____D C:\windows\system32\MRT
2018-07-12 15:31 - 2014-03-04 15:58 - 134675576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-07-12 09:52 - 2018-05-09 10:30 - 000685568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2018-07-11 13:55 - 2014-02-24 22:16 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2018-07-11 13:55 - 2014-02-24 22:16 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2018-07-10 17:05 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\VirtualStore
2018-07-09 16:52 - 2015-11-09 17:52 - 000000424 _____ C:\windows\Tasks\DriverEasy Scheduled Scan.job

Some files in TEMP:
====================
2018-08-05 17:38 - 2016-12-06 21:39 - 000050720 _____ (HP Inc.) C:\Users\popp_000\AppData\Local\Temp\ACLMInstaller.exe
2014-03-04 14:58 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\popp_000\AppData\Local\Temp\avgnt.exe
2014-02-24 22:16 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\Rolls\AppData\Local\Temp\avgnt.exe
2015-11-09 17:47 - 2015-11-09 17:47 - 064809432 _____ (SweetLabs,Inc.) C:\Users\Rolls\AppData\Local\Temp\oct5CEE.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================
         
--- --- ---

Alt 05.08.2018, 20:52   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Lesestoff bitte richtig lesen. Und die anderen Instruktionen auch mal richtig umsetzen!

Zitat:
Ran by popp_000 (ATTENTION: The user is not administrator) on ROLLS_PC (05-08-2018 20:43:47)
Running from C:\Users\popp_000\Downloads
Der User hat immer noch keine Adminrechte!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.08.2018, 20:53   #6
Rolls
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Und Addition.txt.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by popp_000 (05-08-2018 20:46:09)
Running from C:\Users\popp_000\Downloads
Windows 8.1 (Update) (X64) (2014-02-24 19:54:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled)
Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled)
popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Administrator - Enabled) => C:\Users\popp_000
Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions)
GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version:  - )
GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{77d93eea-f5c2-4db5-9c2d-25bc5a2e0ec9}) (Version: 28.0.1316.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => 
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-08-04 11:30 - 2018-07-31 01:32 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libglesv2.dll
2018-08-04 11:30 - 2018-07-31 01:32 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libegl.dll
2014-03-04 22:09 - 2014-06-25 17:57 - 037318720 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 62.2.17.60 - 62.2.24.162
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe
FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{58B67CA2-55C1-4E7C-A94C-E5EE6356A156}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{482ACE75-C913-4551-9331-C71867CD1F66}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{51BDC310-D994-4A47-8101-79384BB345A0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{C86843FA-327B-4DE6-90BE-74CCD769C022}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{38384A8F-9AE9-4016-BC0A-47E96E1FDBC9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{C1248B25-D45A-4C8E-916C-9BA0E641D10A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2018 05:36:21 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ROLLS_PC)
Description: Die Anwendung oder der Dienst "ScanToPCActivationApp" konnte nicht heruntergefahren werden.

Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15222516

Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15222516

Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/05/2018 10:43:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74821703


System errors:
=============
Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten.

Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet.


Windows Defender:
===================================
Date: 2017-05-04 16:39:21.013
Description: 
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Aktuell
Fehlercode: 0x80073aba
Fehlerbeschreibung: The resource is too old to be compatible. 
Signaturversion: 1.155.266.0;1.155.266.0
Modulversion: 1.1.9700.0

CodeIntegrity:
===================================

Date: 2018-08-05 18:04:32.203
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-05 17:49:44.141
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-05 17:10:27.313
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-03 11:42:33.517
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:42:31.189
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:42:26.634
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:37:39.892
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-03 11:22:59.575
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 52%
Total physical RAM: 8104.27 MB
Available physical RAM: 3873.05 MB
Total Virtual: 13480.27 MB
Available Virtual: 8181.57 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:148.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS

\\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS
\\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================
         

Alt 05.08.2018, 21:06   #7
Rolls
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Sorry. Merkwürdig, hatte ich ja umgestellt, dachte ich?

Also weiterer Versuch. FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by popp_000 (administrator) on ROLLS_PC (05-08-2018 21:01:02)
Running from C:\Users\popp_000\Downloads
Loaded Profiles: popp_000 (Available Profiles: Rolls & popp_000)
Platform: Windows 8.1 (Update) (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-01-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-01-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [1775464 2011-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [1771368 2011-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Create 7-reminder] => "C:\Program Files (x86)\Nuance\PDFCreate\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Create 7\Ereg\Ereg.ini"
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6574-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6629-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-20]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Tcpip\..\Interfaces\{4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}: [DhcpNameServer] 129.132.98.12 129.132.250.2
Tcpip\..\Interfaces\{A18FC3BF-B907-4373-9D7F-2A14F0C58609}: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Tcpip\..\Interfaces\{E9525CEC-B32C-409E-B026-B233ABEF911C}: [DhcpNameServer] 129.132.98.12 129.132.250.2

Internet Explorer:
==================
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
SearchScopes: HKU\.DEFAULT -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-01] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF DefaultProfile: o2okhndp.default
FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Zotero\Zotero\Profiles\tco359nz.default [2016-06-17]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-06-07] [Legacy] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-06-07] [Legacy] [not signed]
FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Mozilla\Firefox\Profiles\o2okhndp.default [2018-05-16]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-419436004-3641650613-4044294934-1004: pokki.com/PokkiDownloadHelper -> C:\Users\popp_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default [2018-08-05]
CHR Extension: (Docs) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (uBlock Origin) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-18]
CHR Extension: (Google-Suche) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Session Buddy) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30]
CHR Extension: (Zotero Connector) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Google Mail) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [880040 2018-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164808 2018-07-11] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-08] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-08] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-01-20] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [179376 2018-07-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-07-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-22] (Avira Operations GmbH & Co. KG)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation)
R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated)
S1 vflt; C:\windows\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\windows\system32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-05 18:18 - 2018-08-05 18:18 - 000845448 _____ C:\Users\popp_000\Downloads\SCLiteFix_299026.exe
2018-08-05 18:18 - 2018-08-05 18:18 - 000000000 ____D C:\Users\Rolls\Documents\HpReg_Backup
2018-08-05 18:02 - 2018-08-05 18:02 - 000002900 _____ C:\windows\System32\Tasks\Toolbox.exe_{7CE34131-9F3C-48E6-A2A7-95C2FD7A9928}
2018-08-05 18:01 - 2018-08-05 18:01 - 000002231 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2018-08-05 18:01 - 2018-08-05 18:01 - 000001183 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
2018-08-05 18:01 - 2018-08-05 18:01 - 000000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\ProgramData\HP
2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\Program Files (x86)\HP
2018-08-05 18:01 - 2012-10-17 04:31 - 000741480 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPM5912.dll
2018-08-05 18:00 - 2018-08-05 18:00 - 000000000 ____D C:\Users\Rolls\AppData\Local\HP
2018-08-05 17:55 - 2018-08-05 17:57 - 140667048 _____ C:\Users\Rolls\Downloads\OJ8600_Full_WebPack_28.0.1315_2.exe
2018-08-04 12:15 - 2018-08-05 20:47 - 000032726 _____ C:\Users\popp_000\Downloads\Addition.txt
2018-08-04 12:12 - 2018-08-05 21:01 - 000025443 _____ C:\Users\popp_000\Downloads\FRST.txt
2018-08-04 12:12 - 2018-08-05 21:01 - 000000000 ____D C:\FRST
2018-08-04 12:11 - 2018-08-04 12:11 - 002412544 _____ (Farbar) C:\Users\popp_000\Downloads\FRST64.exe
2018-08-03 11:44 - 2018-08-03 11:44 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2 (1).exe
2018-08-03 11:28 - 2018-08-03 11:32 - 000000000 ____D C:\AdwCleaner
2018-08-03 11:28 - 2018-08-03 11:28 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2.exe
2018-08-03 11:01 - 2018-08-03 11:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-03 11:01 - 2018-08-03 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-08-03 10:35 - 2018-08-03 10:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 10:35 - 2018-08-03 10:35 - 000002237 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-02 12:05 - 2018-08-02 12:05 - 001318374 _____ C:\Users\popp_000\Downloads\foreignpolicy.com-Why I Didnt Sign Up to Defend the International Order.pdf
2018-08-02 11:33 - 2018-08-02 11:33 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-31 13:47 - 2018-03-27 01:24 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2018-07-31 13:47 - 2018-03-27 01:24 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2018-07-31 13:47 - 2018-03-27 01:17 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2018-07-31 13:47 - 2018-03-27 01:17 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2018-07-30 13:38 - 2018-07-30 13:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-30 13:22 - 2018-07-30 13:22 - 001540104 _____ (CHIP Digital GmbH) C:\Users\popp_000\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe
2018-07-25 17:19 - 2018-07-25 17:19 - 000158109 _____ C:\Users\popp_000\Desktop\Bell_QuestioningGlobalTurn_2014.pdf
2018-07-25 17:19 - 2018-07-25 17:19 - 000065607 _____ C:\Users\popp_000\Desktop\Burton_MethodScaleWH_2007.pdf
2018-07-25 17:17 - 2018-07-25 17:17 - 000131170 _____ C:\Users\popp_000\Desktop\Tsing_EconomyAppearances_2000.pdf
2018-07-24 20:33 - 2018-07-24 20:33 - 002092858 _____ C:\Users\popp_000\Desktop\Tsing_GlobalSituation_2000.pdf
2018-07-23 19:48 - 2018-07-23 19:48 - 000055476 _____ C:\Users\popp_000\Desktop\GoodeRevonCollier_2018.pdf
2018-07-23 19:45 - 2018-07-23 19:45 - 001227292 _____ C:\Users\popp_000\Desktop\Rovner_LongWarEast_2018.pdf
2018-07-23 19:44 - 2018-07-23 19:44 - 000985481 _____ C:\Users\popp_000\Desktop\Kroenig_D&STRT_NucleNonprolif_2018.pdf
2018-07-23 19:22 - 2018-07-23 19:22 - 000282576 _____ C:\Users\popp_000\Desktop\Porter_HabitUSGrandStrategy_2018.pdf
2018-07-23 19:19 - 2018-07-23 19:19 - 000176411 _____ C:\Users\popp_000\Desktop\VielhaberBleek_ShadoiwwarsReview_2012.pdf
2018-07-23 19:06 - 2018-07-23 19:06 - 000527232 _____ C:\Users\popp_000\Desktop\MillerVolpe_SaudiNukes_2018.pdf
2018-07-23 19:06 - 2018-07-23 19:06 - 000417636 _____ C:\Users\popp_000\Desktop\Nephew_SanctionsRelief_2018.pdf
2018-07-23 19:04 - 2018-07-23 19:04 - 000501283 _____ C:\Users\popp_000\Desktop\Glaser_IllusionofAmericDecline_2018.pdf
2018-07-22 11:57 - 2018-07-22 11:57 - 000001333 _____ C:\Users\Public\Desktop\Skype.lnk
2018-07-22 11:57 - 2018-07-22 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-07-16 19:25 - 2018-07-16 19:25 - 000060349 _____ C:\Users\popp_000\Downloads\CAE17-09 Additional Information.pdf
2018-07-16 10:41 - 2018-07-16 10:41 - 000041845 _____ C:\Users\popp_000\Downloads\Buchungsdetail 20180716104127.pdf
2018-07-15 13:07 - 2018-06-29 00:07 - 000835064 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-07-15 13:07 - 2018-06-29 00:07 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-14 06:45 - 2018-07-14 06:52 - 000385911 _____ C:\Users\popp_000\Desktop\Passport.pdf
2018-07-12 11:17 - 2018-07-12 11:17 - 000001147 _____ C:\Users\Public\Desktop\Avira.lnk
2018-07-12 10:19 - 2018-06-20 22:01 - 007398232 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-07-12 10:19 - 2018-06-20 21:44 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-07-12 10:19 - 2018-06-20 21:44 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-07-12 10:19 - 2018-06-20 20:48 - 000095744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2018-07-12 10:19 - 2018-06-20 20:48 - 000027136 ____C (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys
2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2018-07-12 10:19 - 2018-06-20 18:58 - 000092672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2018-07-12 10:19 - 2018-06-15 05:01 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-07-12 10:19 - 2018-06-12 10:00 - 022374248 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2018-07-12 10:19 - 2018-06-12 09:57 - 019790760 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2018-07-12 10:19 - 2018-06-11 18:55 - 025744896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-07-12 10:19 - 2018-06-11 18:36 - 003119616 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2018-07-12 10:19 - 2018-06-11 18:14 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-07-12 10:19 - 2018-06-11 18:06 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-07-12 10:19 - 2018-06-11 18:04 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-07-12 10:19 - 2018-06-11 17:39 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-07-12 10:19 - 2018-06-11 17:36 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-07-12 10:19 - 2018-06-11 17:31 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-07-12 10:19 - 2018-06-11 17:22 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-07-12 10:19 - 2018-06-11 17:11 - 001545216 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-07-12 10:19 - 2018-06-11 16:59 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-07-12 10:19 - 2018-06-09 18:40 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-07-12 10:19 - 2018-06-09 18:26 - 002712064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2018-07-12 10:19 - 2018-06-09 18:09 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-07-12 10:19 - 2018-06-09 17:59 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-07-12 10:19 - 2018-06-09 17:37 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-07-12 10:19 - 2018-06-09 17:37 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-07-12 10:19 - 2018-06-09 17:36 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-07-12 10:19 - 2018-06-09 17:32 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-07-12 10:19 - 2018-06-09 17:11 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-07-12 10:19 - 2018-06-09 17:08 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-07-12 10:19 - 2018-06-09 17:06 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-07-12 10:19 - 2018-06-09 04:47 - 002176072 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2018-07-12 10:19 - 2018-06-09 03:44 - 001565528 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2018-07-12 10:19 - 2018-06-08 20:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll
2018-07-12 10:19 - 2018-06-08 19:54 - 000656384 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2018-07-12 10:19 - 2018-06-08 19:53 - 000252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2018-07-12 10:19 - 2018-06-08 19:07 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll
2018-07-12 10:19 - 2018-06-08 18:44 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2018-07-12 10:19 - 2018-06-07 20:51 - 000074240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2018-07-12 10:19 - 2018-05-24 23:29 - 002449752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-07-12 10:19 - 2018-05-24 23:29 - 000428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2018-07-12 10:19 - 2018-05-15 10:42 - 000590680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2018-07-12 10:19 - 2018-05-04 01:02 - 000439640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2018-07-12 10:19 - 2018-05-04 01:02 - 000325456 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2018-07-12 10:19 - 2018-05-04 01:02 - 000187728 ____C (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2018-07-12 10:19 - 2018-04-26 15:43 - 000918296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000065880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000021848 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000018776 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000015704 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000015192 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000013152 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000063832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000020824 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000019288 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000016216 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000015704 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000013656 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012632 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-12 10:19 - 2018-04-25 19:38 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2018-07-12 10:02 - 2018-06-12 21:01 - 000149632 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-07-12 10:02 - 2018-06-08 15:15 - 002860032 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-07-12 10:02 - 2018-06-08 15:15 - 001602048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000783872 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000612352 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000470016 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000443392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-07-12 10:02 - 2018-06-08 15:15 - 000246272 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-07-11 13:58 - 2018-07-11 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-09 17:51 - 2018-07-09 17:51 - 000111660 _____ C:\Users\popp_000\Downloads\RAC 15-148.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-05 20:58 - 2014-03-04 14:59 - 000000000 ___DO C:\Users\popp_000\SkyDrive
2018-08-05 20:56 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-05 20:55 - 2014-01-20 08:43 - 000027136 _____ C:\windows\system32\VfService.trf
2018-08-05 20:12 - 2015-06-19 15:42 - 000001254 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job
2018-08-05 18:42 - 2014-03-04 15:03 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-419436004-3641650613-4044294934-1004
2018-08-05 18:22 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-08-05 18:17 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\Packages
2018-08-05 18:10 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-05 18:04 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-08-05 18:03 - 2013-08-22 15:25 - 000524288 ___SH C:\windows\system32\config\BBI
2018-08-05 18:00 - 2014-02-24 22:06 - 000000000 ____D C:\Users\Rolls\AppData\Local\Google
2018-08-05 17:57 - 2014-02-24 22:01 - 000003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-419436004-3641650613-4044294934-1001
2018-08-05 17:53 - 2014-02-24 22:05 - 000003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A46B4F47-A843-440D-8F40-7D4F461E4A56}
2018-08-05 17:53 - 2014-01-20 08:44 - 000000000 ____D C:\windows\System32\Tasks\Lenovo
2018-08-05 17:53 - 2014-01-20 08:43 - 000000000 ____D C:\Program Files\Lenovo
2018-08-05 17:53 - 2014-01-20 08:13 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-05 16:51 - 2014-04-19 16:02 - 000003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{54A7945E-525E-4DB2-8A31-5A7A5A8E8137}
2018-08-04 19:17 - 2014-03-26 05:20 - 000000000 ____D C:\Users\Rolls\AppData\Local\Viber
2018-08-04 18:28 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-08-04 12:12 - 2015-06-19 15:42 - 000001202 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job
2018-08-04 11:30 - 2017-09-16 11:44 - 000007594 _____ C:\Users\Rolls\AppData\Local\Resmon.ResmonCfg
2018-08-04 11:30 - 2014-02-24 22:06 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-04 11:30 - 2014-02-24 22:06 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-03 11:05 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-03 11:01 - 2017-05-02 11:20 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-08-03 11:01 - 2017-05-02 11:20 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-08-03 10:59 - 2014-01-20 08:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-03 10:54 - 2013-08-22 17:36 - 000000000 ____D C:\windows\tracing
2018-08-03 10:34 - 2014-02-24 22:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-02 11:34 - 2014-03-04 15:59 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Dropbox
2018-08-01 11:33 - 2014-01-20 08:31 - 000157476 _____ C:\windows\system32\perfc00C.dat
2018-08-01 11:33 - 2014-01-20 08:31 - 000081754 _____ C:\windows\system32\perfh00C.dat
2018-08-01 11:33 - 2014-01-20 08:26 - 000761160 _____ C:\windows\system32\perfh007.dat
2018-08-01 11:33 - 2014-01-20 08:26 - 000157652 _____ C:\windows\system32\perfc007.dat
2018-08-01 11:33 - 2013-10-07 20:27 - 002015868 _____ C:\windows\system32\PerfStringBackup.INI
2018-07-31 13:59 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-07-30 17:51 - 2014-03-04 16:03 - 000000000 ___RD C:\Users\popp_000\Dropbox
2018-07-30 11:39 - 2013-08-22 17:36 - 000000000 ____D C:\windows\LiveKernelReports
2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\ProgramData\Garmin
2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-07-25 17:59 - 2014-03-04 22:53 - 000000000 ____D C:\Users\popp_000\AppData\Local\CrashDumps
2018-07-24 21:31 - 2017-11-17 11:34 - 000000000 ____D C:\Users\popp_000\Desktop\LATER
2018-07-24 16:36 - 2018-05-07 11:13 - 001091675 _____ C:\Users\popp_000\Desktop\Kennedy_WoodrowWWI_2018.pdf
2018-07-22 11:57 - 2016-01-24 17:30 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-07-22 11:57 - 2014-03-25 21:31 - 000000000 ____D C:\ProgramData\Skype
2018-07-22 11:55 - 2014-03-25 21:31 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Skype
2018-07-18 22:51 - 2017-07-29 11:49 - 000003178 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-419436004-3641650613-4044294934-1004
2018-07-18 22:51 - 2017-05-02 11:26 - 000002377 _____ C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-07-15 13:23 - 2014-01-20 08:44 - 000000000 ____D C:\ProgramData\Energy Manager
2018-07-15 13:04 - 2013-08-22 16:44 - 000500816 _____ C:\windows\system32\FNTCACHE.DAT
2018-07-15 12:58 - 2015-04-18 18:10 - 000000000 ____D C:\windows\system32\appraiser
2018-07-15 12:58 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-07-15 12:57 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\NDF
2018-07-12 15:38 - 2014-03-04 15:58 - 000000000 ____D C:\windows\system32\MRT
2018-07-12 15:31 - 2014-03-04 15:58 - 134675576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-07-12 09:52 - 2018-05-09 10:30 - 000685568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2018-07-11 13:55 - 2014-02-24 22:16 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2018-07-11 13:55 - 2014-02-24 22:16 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2018-07-10 17:05 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\VirtualStore
2018-07-09 16:52 - 2015-11-09 17:52 - 000000424 _____ C:\windows\Tasks\DriverEasy Scheduled Scan.job

Some files in TEMP:
====================
2018-08-05 17:38 - 2016-12-06 21:39 - 000050720 _____ (HP Inc.) C:\Users\popp_000\AppData\Local\Temp\ACLMInstaller.exe
2014-03-04 14:58 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\popp_000\AppData\Local\Temp\avgnt.exe
2014-02-24 22:16 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\Rolls\AppData\Local\Temp\avgnt.exe
2015-11-09 17:47 - 2015-11-09 17:47 - 064809432 _____ (SweetLabs,Inc.) C:\Users\Rolls\AppData\Local\Temp\oct5CEE.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-31 13:45

==================== End of FRST.txt ============================
         
--- --- ---


Und Addition:

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by popp_000 (05-08-2018 21:03:29)
Running from C:\Users\popp_000\Downloads
Windows 8.1 (Update) (X64) (2014-02-24 19:54:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled)
Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled)
popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Administrator - Enabled) => C:\Users\popp_000
Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions)
GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version:  - )
GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{77d93eea-f5c2-4db5-9c2d-25bc5a2e0ec9}) (Version: 28.0.1316.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\popp_000\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F4CE79-06CA-4303-A37C-26CA69BE3F22} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-01] (Microsoft Corporation)
Task: {068104A3-5675-4238-9026-045B63E0D3D3} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2015-10-27] (Easeware)
Task: {10897403-78B3-453F-8453-EAAE728CA5E1} - System32\Tasks\hpUtility.exe_{1FD8EFFC-18DD-488E-9CDF-EC604B6F653F} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1E4AC7AD-ADB7-4DCA-A270-CFA07CD9A84B} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-08-01] (Microsoft Corporation)
Task: {2B08E8BB-4DE4-4513-8075-F9B3C496CFAA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-15] (Synaptics Incorporated)
Task: {41671B78-33B2-4C59-8810-8634BD91284F} - System32\Tasks\Toolbox.exe_{7CE34131-9F3C-48E6-A2A7-95C2FD7A9928} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\Toolbox.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4628405A-5EC5-4F87-957D-EF91998BCCD7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {5A3BC59F-04FF-4C84-B674-6425C0E1B186} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {5DDEF067-DF8C-400C-A61B-62987371BC65} - System32\Tasks\{4C60E858-8717-427F-A063-A9F37A05AE0C} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/de/go/help.faq.installer?LastError=1618
Task: {61D5C79C-9035-49A2-8EE3-17C071B74E61} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-08-01] (Microsoft Corporation)
Task: {908145CB-C602-4BA9-B3EE-9E2F18FF97B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {A818AF8D-5DF5-46CD-B00B-93683AE6326F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BF48C6F6-1196-4BFE-9C08-5941B148C9C1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-01] (Microsoft Corporation)
Task: {C702572B-4429-46B6-8280-73D782C1AF5E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {E6A819D5-CD25-4DFB-BEC9-00A7FC3B875E} - System32\Tasks\hpUtility.exe_{2ACCD369-2718-4BF0-A782-E60BACC6BC4E} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {EDFD66DD-A2E0-4AFC-A93A-0307666E24AD} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2018-07-11] (Avira Operations GmbH & Co. KG)
Task: {FCB9F069-DED1-4964-A9F9-CB798A52F837} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FE80D603-E2B5-408F-8636-46A3C4992485} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-04-11 04:17 - 2017-04-11 04:17 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2013-08-02 03:31 - 2013-08-02 03:31 - 000198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-02 03:31 - 2013-08-02 03:31 - 000054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-02 03:31 - 2013-08-02 03:31 - 000034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-01-20 08:41 - 2012-04-25 04:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-01-20 08:43 - 2014-01-20 08:43 - 000068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-01-20 08:43 - 2014-01-20 08:43 - 000669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2018-08-04 11:30 - 2018-07-31 01:32 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libglesv2.dll
2018-08-04 11:30 - 2018-07-31 01:32 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libegl.dll
2018-08-02 11:33 - 2018-07-31 03:25 - 001108672 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-08-02 11:33 - 2018-07-31 03:25 - 002247872 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-08-02 11:33 - 2018-07-31 03:28 - 000021704 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 000022752 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000135840 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 001881816 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 000023768 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000111760 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\pywintypes35.dll
2018-08-02 11:33 - 2018-07-31 03:25 - 000103576 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000069320 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 000080064 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000400016 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\pythoncom35.dll
2018-08-02 11:33 - 2018-07-31 03:25 - 000024728 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000043680 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000021656 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000125080 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000114848 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000392392 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000030432 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000024736 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000175768 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000024728 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000026264 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000048800 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000058016 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000024784 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 000022728 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000026336 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000070360 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 000025296 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000029904 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 003866304 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000089272 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 001800896 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 001960640 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000028824 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000155856 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000521920 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000051400 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000043720 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000131264 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000220872 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000205512 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000061080 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000056536 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000024224 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000025304 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000023776 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000022752 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000023768 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 000028392 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000348312 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000102088 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:28 - 000024800 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 000026840 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:25 - 000036496 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\librsync.dll
2018-08-02 11:33 - 2018-07-31 03:28 - 000023776 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 000181432 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-08-02 11:33 - 2018-07-31 03:28 - 000031952 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:26 - 000024752 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-08-02 11:33 - 2018-07-31 03:26 - 001638576 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-08-02 11:33 - 2018-07-31 03:28 - 000027352 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000547008 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd
2018-08-02 11:33 - 2018-07-31 03:27 - 000360128 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd
2014-01-20 08:11 - 2013-09-04 17:53 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-08-18 09:15 - 2018-06-01 09:47 - 000302256 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\IEAWSDC.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 62.2.17.60 - 62.2.24.162
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe
FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{58B67CA2-55C1-4E7C-A94C-E5EE6356A156}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{482ACE75-C913-4551-9331-C71867CD1F66}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{51BDC310-D994-4A47-8101-79384BB345A0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{C86843FA-327B-4DE6-90BE-74CCD769C022}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{38384A8F-9AE9-4016-BC0A-47E96E1FDBC9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{C1248B25-D45A-4C8E-916C-9BA0E641D10A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

19-07-2018 16:27:24 Scheduled Checkpoint
28-07-2018 20:19:37 Scheduled Checkpoint
05-08-2018 17:15:42 Removed Free JPG to PDF Converter

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2018 05:36:21 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ROLLS_PC)
Description: Die Anwendung oder der Dienst "ScanToPCActivationApp" konnte nicht heruntergefahren werden.

Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15222516

Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15222516

Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/05/2018 10:43:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703

Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74821703


System errors:
=============
Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC)
Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten.

Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet.


Windows Defender:
===================================
Date: 2017-05-04 16:39:21.013
Description: 
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Aktuell
Fehlercode: 0x80073aba
Fehlerbeschreibung: The resource is too old to be compatible. 
Signaturversion: 1.155.266.0;1.155.266.0
Modulversion: 1.1.9700.0

CodeIntegrity:
===================================

Date: 2018-08-05 20:56:36.953
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-05 18:04:32.203
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-05 17:49:44.141
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-05 17:10:27.313
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-03 11:42:33.517
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:42:31.189
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:42:26.634
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 11:37:39.892
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 44%
Total physical RAM: 8104.27 MB
Available physical RAM: 4487.81 MB
Total Virtual: 13480.27 MB
Available Virtual: 9092.87 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:148.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS

\\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS
\\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 22404104)

Partition: GPT.

==================== End of Addition.txt ============================
         
--- --- ---

Alt 05.08.2018, 21:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Avira bitte komplett deinstallieren

Von Avira wird hier schon lange abgeraten, außerdem will ich für eine Analyse und Bereinigung so wenig Störquellen wie nur möglich. Zum Abschluss gibt es Hinweise zur Absicherung deines Windows-Systems.

Wir deinstallieren dann am besten auch gleich weiteren unnötigen oder veralteten Krempel. Google Chrome ist auch immer noch drauf. Weg damit.

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:


    7-Zip 9.20

    Avira

    Avira Antivirus

    Google Chrome

    Java 8 Update 60

    VLC media player 2.1.3


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Gib Bescheid wenn das weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.08.2018, 11:54   #9
Rolls
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Erledigt



Alles weg. Chrome mit Herzblut wegen Gewöhnung. Eigene Daten scannen über Browser aber aus Datenschutzperspektive inakzeptabel, da hast Du schon recht. Ich denke allerdings, dass Google da doch vorsichtig ist, sonst droht eine Jahrhundertstrafe aus Brüssel. Trotzdem ist es richtig, deren Produkte zu boykottieren, das sehe ich schon ein.

Firefox hatte ich damals aufgegeben, da völlig überfettet und langsam. Sehe aber, dass es sich verbessert hat. Allerdings funzt erfahrungsmässig meine Literaturverwaltung über Zotero überhaupt nicht mehr. Werde aber da schon eine Lösung finden.

Danke soweit. Ich bin bereit für die nächsten Schritte.

Alt 06.08.2018, 12:29   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Überfettet und langsam, solche Aussagen verstehe ich einfach nicht. Hab das auch öfter im heise-forum gelesen, dass sich ein paar über einen angeblich verfetteten und langsamen Firefox beschwert hatten, konnte das nie nachvollziehen. Der Firefox läuft bei mir immer schnell. Und von der Größe her tun sich Chrome und Firefox überhaupt nichts.

Wieso bist du noch bei Windows 8.1??
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.08.2018, 12:34   #11
Rolls
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Verglichen mit jetziger Version war das wirklich vor ein paar Jahren so. Chrome war damals drei mal so schnell, warum auch immer. Interessant ist ja, wie so zwischenzeitliche Unterschiede lange wirksame Pfadabhängigkeiten erzeugen. Insofern gut, dass Du mich ermuntert hast, endlich Google Adieu zu sagen. Politisch ist das sicherlich richtig, die Sicherheitsaspekte kann ich ehrlich gesagt nur bedingt einschätzen.

8.1? Bin ich überfragt, Updates immer automatisch eingestellt. Ist das ein Problem?

Alt 06.08.2018, 12:36   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Nein aber du hättest schon längst auf Windows 10 upgraden können. Kostenlos. Das kannst du aber immer noch.

Schädlinge suchen mit Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.08.2018, 12:44   #13
Rolls
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Gut, sollte ich wohl mal langsam auf 10 upgraden.

Hier der Report vom TDSSKiller, No Threats found:

Code:
ATTFilter
12:38:13.0307 0x2094  TDSS rootkit removing tool 3.1.0.17 Apr 20 2018 12:12:17
12:38:13.0307 0x2094  UEFI system
12:38:19.0716 0x2094  ============================================================
12:38:19.0716 0x2094  Current date / time: 2018/08/06 12:38:19.0716
12:38:19.0716 0x2094  SystemInfo:
12:38:19.0716 0x2094  
12:38:19.0716 0x2094  OS Version: 6.3.9600 ServicePack: 0.0
12:38:19.0716 0x2094  Product type: Workstation
12:38:19.0716 0x2094  ComputerName: ROLLS_PC
12:38:19.0716 0x2094  UserName: popp_000
12:38:19.0716 0x2094  Windows directory: C:\windows
12:38:19.0716 0x2094  System windows directory: C:\windows
12:38:19.0716 0x2094  Running under WOW64
12:38:19.0716 0x2094  Processor architecture: Intel x64
12:38:19.0716 0x2094  Number of processors: 4
12:38:19.0716 0x2094  Page size: 0x1000
12:38:19.0716 0x2094  Boot type: Normal boot
12:38:19.0716 0x2094  CodeIntegrityOptions = 0x00000001
12:38:19.0716 0x2094  ============================================================
12:38:20.0045 0x2094  KLMD registered as C:\windows\system32\drivers\41979790.sys
12:38:20.0045 0x2094  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.19067, osProperties = 0x19
12:38:20.0499 0x2094  System UUID: {AECEE970-ED09-C2E7-A0FF-4E7BA1693CFA}
12:38:22.0545 0x2094  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:38:22.0577 0x2094  ============================================================
12:38:22.0577 0x2094  \Device\Harddisk0\DR0:
12:38:22.0577 0x2094  GPT partitions:
12:38:22.0577 0x2094  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {544D8D37-33B0-411C-BCB9-194636F9170A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
12:38:22.0577 0x2094  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {822AD2B7-227A-4836-8702-7A0CBC2BF660}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
12:38:22.0577 0x2094  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {022779F5-46B7-4B93-B629-DFD552C8742C}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
12:38:22.0577 0x2094  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {05F3EBB1-D218-467F-BB0F-F89120926B00}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
12:38:22.0577 0x2094  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7FBFF22A-5792-4AB6-8655-A52A21474E34}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x23775800
12:38:22.0577 0x2094  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {40EAACD2-9E1E-48F0-9F3F-87481D9BADC2}, Name: Basic data partition, StartLBA 0x23C20000, BlocksNum 0x148B9000
12:38:22.0577 0x2094  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F521DA69-FEC1-4E43-A83F-AC8CA729B84C}, Name: Basic data partition, StartLBA 0x384D9000, BlocksNum 0x1EAD000
12:38:22.0577 0x2094  MBR partitions:
12:38:22.0577 0x2094  ============================================================
12:38:22.0577 0x2094  C: <-> \Device\Harddisk0\DR0\Partition5
12:38:22.0624 0x2094  D: <-> \Device\Harddisk0\DR0\Partition6
12:38:22.0624 0x2094  ============================================================
12:38:22.0624 0x2094  Initialize success
12:38:22.0624 0x2094  ============================================================
12:40:55.0909 0x1d08  ============================================================
12:40:55.0909 0x1d08  Scan started
12:40:55.0909 0x1d08  Mode: Manual; SigCheck; TDLFS; 
12:40:55.0909 0x1d08  ============================================================
12:40:55.0909 0x1d08  KSN ping started
12:40:56.0050 0x1d08  KSN ping finished: true
12:41:07.0303 0x1d08  ================ Scan system memory ========================
12:41:07.0303 0x1d08  System memory - ok
12:41:07.0303 0x1d08  ================ Scan services =============================
12:41:07.0522 0x1d08  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\windows\System32\drivers\1394ohci.sys
12:41:07.0709 0x1d08  1394ohci - ok
12:41:07.0756 0x1d08  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\windows\system32\drivers\3ware.sys
12:41:07.0787 0x1d08  3ware - ok
12:41:07.0850 0x1d08  [ 508526EB2308D259DB8542FF50E9112C, DBF657F5D8890E2F58D3EE47B5F5A98DFB838CDD2871CE580B3FC1BDDC2A590E ] ACPI            C:\windows\system32\drivers\ACPI.sys
12:41:07.0928 0x1d08  ACPI - ok
12:41:07.0975 0x1d08  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\windows\system32\Drivers\acpiex.sys
12:41:08.0006 0x1d08  acpiex - ok
12:41:08.0037 0x1d08  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\windows\System32\drivers\acpipagr.sys
12:41:08.0131 0x1d08  acpipagr - ok
12:41:08.0147 0x1d08  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\windows\System32\drivers\acpipmi.sys
12:41:08.0272 0x1d08  AcpiPmi - ok
12:41:08.0287 0x1d08  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\windows\System32\drivers\acpitime.sys
12:41:08.0365 0x1d08  acpitime - ok
12:41:08.0397 0x1d08  [ AF7A18603B0B82DFA5B420456FAF2201, 64AD831433778BB0B0B1615EEA7682960ED5815A091A9EFEE95A862EFBDE6D69 ] ACPIVPC         C:\windows\System32\drivers\AcpiVpc.sys
12:41:08.0834 0x1d08  ACPIVPC - ok
12:41:08.0912 0x1d08  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\windows\system32\drivers\ADP80XX.SYS
12:41:09.0006 0x1d08  ADP80XX - ok
12:41:09.0053 0x1d08  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
12:41:09.0115 0x1d08  AeLookupSvc - ok
12:41:09.0194 0x1d08  [ B246BEE99740A2A357E21D863A18774D, CE000059C157101D6C429594E76A69C4E863A9E752015D542E4F308E8D515386 ] AFD             C:\windows\system32\drivers\afd.sys
12:41:09.0320 0x1d08  AFD - ok
12:41:09.0366 0x1d08  [ 20FFFCA6E9870E358DBE402F7DBD3E6C, 8F964219C777C86ECC572E8B340C814CA09A0B88E4F1CF3DE4D5F1FD115D73ED ] agp440          C:\windows\system32\drivers\agp440.sys
12:41:09.0398 0x1d08  agp440 - ok
12:41:09.0429 0x1d08  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\windows\system32\DRIVERS\ahcache.sys
12:41:09.0554 0x1d08  ahcache - ok
12:41:09.0585 0x1d08  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\windows\System32\alg.exe
12:41:09.0648 0x1d08  ALG - ok
12:41:09.0695 0x1d08  [ 4A3FAD94DC163A7C145EB7609D38925C, 81F4745EDC3267412016EE5FF954D9AAD60122421B5D3D9AA814DB2E464397A0 ] AmdK8           C:\windows\System32\drivers\amdk8.sys
12:41:09.0804 0x1d08  AmdK8 - ok
12:41:09.0835 0x1d08  [ 466133F035543C450C6AC00B8860FDA4, 417F259B97E5AFD405ED9235551E31860A66D84868306AF90E94A46BAA0F6D75 ] AmdPPM          C:\windows\System32\drivers\amdppm.sys
12:41:09.0945 0x1d08  AmdPPM - ok
12:41:09.0976 0x1d08  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\windows\system32\drivers\amdsata.sys
12:41:10.0023 0x1d08  amdsata - ok
12:41:10.0054 0x1d08  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
12:41:10.0132 0x1d08  amdsbs - ok
12:41:10.0148 0x1d08  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\windows\system32\drivers\amdxata.sys
12:41:10.0195 0x1d08  amdxata - ok
12:41:10.0241 0x1d08  [ 29A3E5D36112A738B354E4DF2691CE41, 135028B4ECB9C31B57CEA68B898B265EC379FF738FF924B6F412D7E5EB61C2A6 ] AppID           C:\windows\system32\drivers\appid.sys
12:41:10.0398 0x1d08  AppID - ok
12:41:10.0413 0x1d08  [ 942C8297400FCFB13CEE3F3CD89C5CE5, AFD9EC35F6C44D86DD5943A2AB0B99B0C1B1783D70FD966F6467F97F0831403F ] AppIDSvc        C:\windows\System32\appidsvc.dll
12:41:10.0460 0x1d08  AppIDSvc - ok
12:41:10.0507 0x1d08  [ 54ACF58A59A5FD3AD29EABBECA5B5BA4, B3B7572E93ACFF3CCB08968F33B796A6FC6DDCF75F48038A0626E46997AAD2D1 ] Appinfo         C:\windows\System32\appinfo.dll
12:41:10.0554 0x1d08  Appinfo - ok
12:41:10.0616 0x1d08  [ D3B143E07D282D3FB88BCAB0C91D0BDB, 4B7E4C3AF44ED9B3807076FC63C4596AF4FF8647E8E84A681BBA94B6BC7246F6 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:41:10.0648 0x1d08  Apple Mobile Device Service - ok
12:41:10.0741 0x1d08  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\windows\system32\AppReadiness.dll
12:41:10.0913 0x1d08  AppReadiness - ok
12:41:11.0070 0x1d08  [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc         C:\windows\system32\appxdeploymentserver.dll
12:41:11.0276 0x1d08  AppXSvc - ok
12:41:11.0291 0x1d08  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\windows\system32\drivers\arcsas.sys
12:41:11.0338 0x1d08  arcsas - ok
12:41:11.0369 0x1d08  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
12:41:11.0588 0x1d08  AsyncMac - ok
12:41:11.0604 0x1d08  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\windows\system32\drivers\atapi.sys
12:41:11.0651 0x1d08  atapi - ok
12:41:11.0713 0x1d08  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
12:41:11.0791 0x1d08  AudioEndpointBuilder - ok
12:41:11.0885 0x1d08  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\windows\System32\Audiosrv.dll
12:41:11.0994 0x1d08  Audiosrv - ok
12:41:12.0026 0x1d08  avkmgr - ok
12:41:12.0073 0x1d08  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\windows\System32\AxInstSV.dll
12:41:12.0166 0x1d08  AxInstSV - ok
12:41:12.0229 0x1d08  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
12:41:12.0291 0x1d08  b06bdrv - ok
12:41:12.0338 0x1d08  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\windows\System32\drivers\BasicDisplay.sys
12:41:12.0432 0x1d08  BasicDisplay - ok
12:41:12.0448 0x1d08  [ BF002CF6CA41491665F7D3DCA51B7EFB, 4925B7689B47C583901CD75E7AB9160100838D5E33B829EB3CA4F71F7514958B ] BasicRender     C:\windows\System32\drivers\BasicRender.sys
12:41:12.0557 0x1d08  BasicRender - ok
12:41:12.0573 0x1d08  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\windows\System32\drivers\bcmfn2.sys
12:41:12.0604 0x1d08  bcmfn2 - ok
12:41:12.0651 0x1d08  [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC          C:\windows\System32\bdesvc.dll
12:41:12.0823 0x1d08  BDESVC - ok
12:41:12.0869 0x1d08  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\windows\system32\drivers\Beep.sys
12:41:13.0041 0x1d08  Beep - ok
12:41:13.0119 0x1d08  [ 4BA5C192E77375B62D603B38B9D99128, E1BF8646DA927EF81A9B940D0FAE7E49116A713F335625C5E18224BBB79F165E ] BFE             C:\windows\System32\bfe.dll
12:41:13.0261 0x1d08  BFE - ok
12:41:13.0339 0x1d08  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\windows\System32\qmgr.dll
12:41:13.0448 0x1d08  BITS - ok
12:41:13.0573 0x1d08  [ 4D87518BA68C308299441337C55F5427, AE46F847EE605213A3AE9BEFE5EB0B7B8D877340EA1A6CF9EF5683A02ECFE399 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
12:41:13.0683 0x1d08  Bluetooth Device Monitor - ok
12:41:13.0792 0x1d08  [ 19786E2114E2FCB4EAA30808E9D4FB9A, FCBD15EA7CB0B22DA9ABFACF95DE877042201C85EBC219F5204E12F76E8DBC09 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
12:41:13.0870 0x1d08  Bluetooth OBEX Service - ok
12:41:13.0964 0x1d08  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:41:14.0011 0x1d08  Bonjour Service - ok
12:41:14.0042 0x1d08  [ 4938A9236300A356F97E378491EE4844, 60D892960D48EEF48F8EC4DE4F174EBD0BC0E7B28B6D8723D554CD1979EB55B4 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
12:41:14.0167 0x1d08  bowser - ok
12:41:14.0214 0x1d08  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
12:41:14.0276 0x1d08  BrokerInfrastructure - ok
12:41:14.0308 0x1d08  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\windows\System32\browser.dll
12:41:14.0370 0x1d08  Browser - ok
12:41:14.0401 0x1d08  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\windows\System32\drivers\BthAvrcpTg.sys
12:41:14.0495 0x1d08  BthAvrcpTg - ok
12:41:14.0542 0x1d08  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\windows\System32\drivers\BthEnum.sys
12:41:14.0667 0x1d08  BthEnum - ok
12:41:14.0698 0x1d08  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\windows\System32\drivers\bthhfenum.sys
12:41:14.0808 0x1d08  BthHFEnum - ok
12:41:14.0839 0x1d08  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\windows\System32\drivers\BthHFHid.sys
12:41:14.0933 0x1d08  bthhfhid - ok
12:41:14.0995 0x1d08  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\windows\System32\BthHFSrv.dll
12:41:15.0120 0x1d08  BthHFSrv - ok
12:41:15.0151 0x1d08  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\windows\System32\drivers\BthLEEnum.sys
12:41:15.0309 0x1d08  BthLEEnum - ok
12:41:15.0340 0x1d08  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\windows\System32\drivers\bthmodem.sys
12:41:15.0418 0x1d08  BTHMODEM - ok
12:41:15.0465 0x1d08  [ D0AF91AF656E25AD8617EFA5B52EF457, FD723D99A0B8466BD991648DEED1831D32FD3A5995DD0E0837390746B8A7B439 ] BthPan          C:\windows\System32\drivers\bthpan.sys
12:41:15.0574 0x1d08  BthPan - ok
12:41:15.0684 0x1d08  [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
12:41:15.0918 0x1d08  BTHPORT - ok
12:41:15.0949 0x1d08  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\windows\system32\bthserv.dll
12:41:15.0996 0x1d08  bthserv - ok
12:41:16.0027 0x1d08  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
12:41:16.0105 0x1d08  BTHUSB - ok
12:41:16.0137 0x1d08  [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux          C:\windows\system32\DRIVERS\btmaux.sys
12:41:16.0152 0x1d08  btmaux - ok
12:41:16.0277 0x1d08  [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf          C:\windows\system32\DRIVERS\btmhsf.sys
12:41:16.0387 0x1d08  btmhsf - ok
12:41:16.0449 0x1d08  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
12:41:16.0574 0x1d08  cdfs - ok
12:41:16.0621 0x1d08  [ D61EDE3D49B04E703AEC3B111C763F42, A07780B7AAA982B1971C1FE3B597840541BF9FCE9D8322807C9C12300F9D2987 ] cdrom           C:\windows\System32\drivers\cdrom.sys
12:41:16.0746 0x1d08  cdrom - ok
12:41:16.0793 0x1d08  [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] CertPropSvc     C:\windows\System32\certprop.dll
12:41:16.0918 0x1d08  CertPropSvc - ok
12:41:16.0949 0x1d08  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\windows\System32\drivers\circlass.sys
12:41:17.0043 0x1d08  circlass - ok
12:41:17.0105 0x1d08  [ 83798256E1662C64991267FB95E1149F, F94E103CF66988B8235FCA0293C5F44C1A30D6D910ADBB05A9D638E0B0F64EE8 ] CLFS            C:\windows\system32\drivers\CLFS.sys
12:41:17.0152 0x1d08  CLFS - ok
12:41:17.0778 0x1d08  [ 321AB8521860BBB0C3D19D2F13A26828, 9024D57F7847D64DA585337D29229B75955FC836095735E3E98AB11A30933C5A ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
12:41:18.0497 0x1d08  ClickToRunSvc - ok
12:41:18.0575 0x1d08  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\windows\System32\drivers\CmBatt.sys
12:41:18.0700 0x1d08  CmBatt - ok
12:41:18.0747 0x1d08  [ 6B3BFBC8A93CA85851CAF9C5ACF89824, 6921D52AFCCDF3B712E5192C7278B5CE141CF37D90BA9932A12F218209CE2829 ] CNG             C:\windows\system32\Drivers\cng.sys
12:41:18.0825 0x1d08  CNG - ok
12:41:18.0841 0x1d08  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\windows\System32\drivers\CompositeBus.sys
12:41:18.0935 0x1d08  CompositeBus - ok
12:41:18.0950 0x1d08  COMSysApp - ok
12:41:18.0966 0x1d08  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\windows\system32\drivers\condrv.sys
12:41:19.0075 0x1d08  condrv - ok
12:41:19.0169 0x1d08  [ B29ECF69A102B2793EF290EFDBFE3FB5, 01F752B9F45733CF36FB2918D264B4E3DB945279C800CA690B4A81E3A39BAB26 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
12:41:19.0216 0x1d08  cphs - ok
12:41:19.0263 0x1d08  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\windows\system32\cryptsvc.dll
12:41:19.0294 0x1d08  CryptSvc - ok
12:41:19.0310 0x1d08  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\windows\system32\drivers\dam.sys
12:41:19.0341 0x1d08  dam - ok
12:41:19.0419 0x1d08  [ 2928249E4DD39C2ADD3E74F02427AB8B, E331028A55FFFD753BC09163F25765AA67B1FE55BD0EB2803CC50D841E14BDA6 ] DcomLaunch      C:\windows\system32\rpcss.dll
12:41:19.0560 0x1d08  DcomLaunch - ok
12:41:19.0653 0x1d08  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\windows\System32\defragsvc.dll
12:41:19.0763 0x1d08  defragsvc - ok
12:41:19.0810 0x1d08  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\windows\system32\das.dll
12:41:19.0888 0x1d08  DeviceAssociationService - ok
12:41:19.0935 0x1d08  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\windows\system32\umpnpmgr.dll
12:41:20.0013 0x1d08  DeviceInstall - ok
12:41:20.0044 0x1d08  [ D1049D4D1311D43F6FCF180CAA5BF78B, E32D3B0FB3CFE2E9C243E7540B9A534B6B5B53759A3883A231EB69F4A8C823C1 ] Dfsc            C:\windows\system32\Drivers\dfsc.sys
12:41:20.0122 0x1d08  Dfsc - ok
12:41:20.0185 0x1d08  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\windows\system32\dhcpcore.dll
12:41:20.0247 0x1d08  Dhcp - ok
12:41:20.0372 0x1d08  [ 0AC9F83A5508935DE89C447473085EEA, 223782B17BACEFB0A663EB13514B68B919C95EF641CDDA7AC30CB239BC4307EC ] DiagTrack       C:\windows\system32\diagtrack.dll
12:41:20.0575 0x1d08  DiagTrack - ok
12:41:20.0607 0x1d08  [ BF6D8575DDF30384939B2D5251F27C1F, 1605530BC61FB726F1095C5B5C8E27B18C06BCE01948550988E9EDCEBBCC0B3D ] disk            C:\windows\system32\drivers\disk.sys
12:41:20.0654 0x1d08  disk - ok
12:41:20.0669 0x1d08  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\windows\System32\drivers\dmvsc.sys
12:41:20.0810 0x1d08  dmvsc - ok
12:41:20.0857 0x1d08  [ 2777CAC4B6E23C95A7C6E11701F4ED62, 0B6E2D46FD66BFB1AACF80A4E42B31470A6335FE484F469E478BFCDBA9B84F66 ] Dnscache        C:\windows\System32\dnsrslvr.dll
12:41:20.0904 0x1d08  Dnscache - ok
12:41:20.0935 0x1d08  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\windows\System32\dot3svc.dll
12:41:20.0982 0x1d08  dot3svc - ok
12:41:21.0013 0x1d08  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\windows\system32\dps.dll
12:41:21.0075 0x1d08  DPS - ok
12:41:21.0107 0x1d08  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
12:41:21.0138 0x1d08  drmkaud - ok
12:41:21.0169 0x1d08  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\windows\System32\DeviceSetupManager.dll
12:41:21.0247 0x1d08  DsmSvc - ok
12:41:21.0404 0x1d08  [ C8104980940704E2F86A6448C601FD06, 0EBA7901DB97AE6D09A12B7A82FF56587E7BA2772B59BE711CF1F216EAC4D3AE ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
12:41:21.0591 0x1d08  DXGKrnl - ok
12:41:21.0654 0x1d08  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\windows\system32\DRIVERS\e1i63x64.sys
12:41:21.0763 0x1d08  e1iexpress - ok
12:41:21.0779 0x1d08  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\windows\System32\eapsvc.dll
12:41:21.0872 0x1d08  Eaphost - ok
12:41:22.0295 0x1d08  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\windows\system32\drivers\evbda.sys
12:41:22.0702 0x1d08  ebdrv - ok
12:41:22.0842 0x1d08  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\windows\System32\lsass.exe
12:41:22.0889 0x1d08  EFS - ok
12:41:22.0920 0x1d08  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\windows\system32\drivers\EhStorClass.sys
12:41:22.0967 0x1d08  EhStorClass - ok
12:41:23.0014 0x1d08  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\windows\system32\drivers\EhStorTcgDrv.sys
12:41:23.0061 0x1d08  EhStorTcgDrv - ok
12:41:23.0092 0x1d08  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\windows\System32\drivers\errdev.sys
12:41:23.0155 0x1d08  ErrDev - ok
12:41:23.0293 0x1d08  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\windows\system32\es.dll
12:41:23.0387 0x1d08  EventSystem - ok
12:41:23.0527 0x1d08  [ 55588867D59BADA2F62E58618CE32B03, F7FAF420103272151194A475D6C8EF4449AFCED787AA3DF7C461370D828E522F ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:41:23.0606 0x1d08  EvtEng - ok
12:41:23.0652 0x1d08  [ 0BF32186C3EC11315C33CC29EA8DD86C, 82B43762A5BC9C0AB7B5D1F96DC47B34700924B598070A7CCB30C92EB5EE1599 ] ew_usbccgpfilter C:\windows\System32\drivers\ew_usbccgpfilter.sys
12:41:23.0793 0x1d08  ew_usbccgpfilter - ok
12:41:23.0809 0x1d08  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\windows\system32\drivers\exfat.sys
12:41:23.0949 0x1d08  exfat - ok
12:41:23.0981 0x1d08  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\windows\system32\drivers\fastfat.sys
12:41:24.0027 0x1d08  fastfat - ok
12:41:24.0106 0x1d08  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\windows\system32\fxssvc.exe
12:41:24.0231 0x1d08  Fax - ok
12:41:24.0262 0x1d08  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\windows\System32\drivers\fdc.sys
12:41:24.0434 0x1d08  fdc - ok
12:41:24.0481 0x1d08  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\windows\system32\fdPHost.dll
12:41:24.0543 0x1d08  fdPHost - ok
12:41:24.0590 0x1d08  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\windows\system32\fdrespub.dll
12:41:24.0652 0x1d08  FDResPub - ok
12:41:24.0699 0x1d08  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\windows\system32\fhsvc.dll
12:41:24.0809 0x1d08  fhsvc - ok
12:41:24.0840 0x1d08  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
12:41:24.0871 0x1d08  FileInfo - ok
12:41:24.0918 0x1d08  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\windows\system32\drivers\filetrace.sys
12:41:25.0027 0x1d08  Filetrace - ok
12:41:25.0074 0x1d08  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\windows\System32\drivers\flpydisk.sys
12:41:25.0152 0x1d08  flpydisk - ok
12:41:25.0231 0x1d08  [ E8F02B7A595B9E7F0A38BDB1C40C60A5, 64E64BA029B798739C38E524E24530EE570897E327B72854A8CBCE4FAD7AD1E5 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
12:41:25.0340 0x1d08  FltMgr - ok
12:41:25.0512 0x1d08  [ 223CD19D2F84B7B42081F4FB530B658F, 4A9D1A6688C3C8F0B866B0FE2715C9FBA62BE66D4ADCC327A8CABF9EA876A664 ] FontCache       C:\windows\system32\FntCache.dll
12:41:25.0715 0x1d08  FontCache - ok
12:41:25.0778 0x1d08  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:41:25.0809 0x1d08  FontCache3.0.0.0 - ok
12:41:25.0903 0x1d08  [ 26EABEEA7F30DCF21DA0577C4EE26FAA, 20C3CD2579ED6853249B1EAEF23DF2904779BA2E806D00C30F81EA9A1612AE0F ] FoxitCloudUpdateService C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
12:41:26.0389 0x1d08  FoxitCloudUpdateService - ok
12:41:26.0421 0x1d08  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
12:41:26.0452 0x1d08  FsDepends - ok
12:41:26.0467 0x1d08  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
12:41:26.0530 0x1d08  Fs_Rec - ok
12:41:26.0608 0x1d08  [ 2C8D12C3C6E6FA87795B3328BDA85EB0, 042885D56D56BF43BE9C67721F2095FF896A91BE8C958058765D5191B6375A5F ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
12:41:26.0702 0x1d08  fvevol - ok
12:41:26.0733 0x1d08  [ 49E44F7804BD7575639A833ADC89A1B4, D89605DF3284A92623A42C906EABFAED4A206B089C76869D232F6AD711FEF6DB ] FxPPM           C:\windows\System32\drivers\fxppm.sys
12:41:26.0843 0x1d08  FxPPM - ok
12:41:26.0874 0x1d08  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
12:41:26.0921 0x1d08  gagp30kx - ok
12:41:26.0936 0x1d08  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\windows\System32\drivers\vmgencounter.sys
12:41:26.0999 0x1d08  gencounter - ok
12:41:27.0046 0x1d08  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\windows\system32\Drivers\msgpioclx.sys
12:41:27.0093 0x1d08  GPIOClx0101 - ok
12:41:27.0202 0x1d08  [ 2DAFF4F76A90E3C523C2FE50338537E9, 625745E538208B50E8F5A9A2C09C6CD03D51E424BB16BC6C5B156CBC25373B6D ] gpsvc           C:\windows\System32\gpsvc.dll
12:41:27.0343 0x1d08  gpsvc - ok
12:41:27.0374 0x1d08  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\windows\system32\drivers\grmnusb.sys
12:41:27.0389 0x1d08  grmnusb - ok
12:41:27.0436 0x1d08  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:41:27.0468 0x1d08  gupdate - ok
12:41:27.0483 0x1d08  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:41:27.0514 0x1d08  gupdatem - ok
12:41:27.0577 0x1d08  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:41:27.0702 0x1d08  HdAudAddService - ok
12:41:27.0733 0x1d08  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\windows\System32\drivers\HDAudBus.sys
12:41:27.0843 0x1d08  HDAudBus - ok
12:41:27.0858 0x1d08  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\windows\System32\drivers\HidBatt.sys
12:41:27.0968 0x1d08  HidBatt - ok
12:41:27.0983 0x1d08  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\windows\System32\drivers\hidbth.sys
12:41:28.0061 0x1d08  HidBth - ok
12:41:28.0093 0x1d08  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\windows\System32\drivers\hidi2c.sys
12:41:28.0186 0x1d08  hidi2c - ok
12:41:28.0233 0x1d08  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\windows\System32\drivers\hidir.sys
12:41:28.0280 0x1d08  HidIr - ok
12:41:28.0312 0x1d08  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\windows\system32\hidserv.dll
12:41:28.0343 0x1d08  hidserv - ok
12:41:28.0374 0x1d08  [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb          C:\windows\System32\drivers\hidusb.sys
12:41:28.0483 0x1d08  HidUsb - ok
12:41:28.0515 0x1d08  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\windows\system32\kmsvc.dll
12:41:28.0546 0x1d08  hkmsvc - ok
12:41:28.0593 0x1d08  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:41:28.0671 0x1d08  HomeGroupListener - ok
12:41:28.0765 0x1d08  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:41:28.0874 0x1d08  HomeGroupProvider - ok
12:41:28.0905 0x1d08  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
12:41:28.0937 0x1d08  HpSAMD - ok
12:41:29.0015 0x1d08  [ E45EB7AE6C890F2C8DE8F160AC641C8A, 3637D1FCE42A5600BD7FCC1F602C926968B327097CB36EE5FAC9140DD99EEC2D ] HTTP            C:\windows\system32\drivers\HTTP.sys
12:41:29.0124 0x1d08  HTTP - ok
12:41:29.0171 0x1d08  [ E548929868BDFD3FC13B46D99605B764, 737C8A1210442533735F10BD80AFBB3E890D0CC9068F2406CA5C577C7C58B97C ] HuaweiHiSuiteService64.exe C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
12:41:30.0470 0x1d08  HuaweiHiSuiteService64.exe - detected UnsignedFile.Multi.Generic ( 1 )
12:41:30.0579 0x1d08  Detect skipped due to KSN trusted
12:41:30.0579 0x1d08  HuaweiHiSuiteService64.exe - ok
12:41:30.0610 0x1d08  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
12:41:30.0642 0x1d08  hwpolicy - ok
12:41:30.0673 0x1d08  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\windows\System32\drivers\hyperkbd.sys
12:41:30.0751 0x1d08  hyperkbd - ok
12:41:30.0767 0x1d08  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\windows\system32\DRIVERS\HyperVideo.sys
12:41:30.0845 0x1d08  HyperVideo - ok
12:41:30.0876 0x1d08  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\windows\System32\drivers\i8042prt.sys
12:41:31.0017 0x1d08  i8042prt - ok
12:41:31.0048 0x1d08  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\windows\System32\drivers\iaLPSSi_GPIO.sys
12:41:31.0063 0x1d08  iaLPSSi_GPIO - ok
12:41:31.0095 0x1d08  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\windows\System32\drivers\iaLPSSi_I2C.sys
12:41:31.0126 0x1d08  iaLPSSi_I2C - ok
12:41:31.0173 0x1d08  [ 60F6526DB3297C7324957EF3143F88FF, F0D4AF7E66CD42793C5137B4F5E66AFCE13253C3FF8D397921EA23CD04D49763 ] iaStorA         C:\windows\system32\drivers\iaStorA.sys
12:41:31.0235 0x1d08  iaStorA - ok
12:41:31.0313 0x1d08  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\windows\system32\drivers\iaStorAV.sys
12:41:31.0376 0x1d08  iaStorAV - ok
12:41:31.0407 0x1d08  [ 9D7AFC77C928460336642D6EFDB5BDEA, 9CF555B94A21D7A518B9228B6BE86679200FEC4219156D7D2183CDC906BA4548 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:41:31.0423 0x1d08  IAStorDataMgrSvc - ok
12:41:31.0470 0x1d08  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
12:41:31.0532 0x1d08  iaStorV - ok
12:41:31.0579 0x1d08  [ CAAC69A001E1A5878D2F050F57F93DA4, 0A4263501F2C1C9E4B3764A2EF27607DF07810A10A2F23F3E389EA3E1E1ACA8A ] ibtusb          C:\windows\system32\DRIVERS\ibtusb.sys
12:41:31.0610 0x1d08  ibtusb - ok
12:41:31.0642 0x1d08  [ C1010ADD3DDAE1196ED21057AF7B2AAE, 68196851855AD395008D7F29FCEB28BA4BEB1F062B1844A60813E7DD102ACB1C ] ICCWDT          C:\windows\System32\drivers\ICCWDT.sys
12:41:31.0657 0x1d08  ICCWDT - ok
12:41:31.0657 0x1d08  IEEtwCollectorService - ok
12:41:31.0985 0x1d08  [ FFDCE455DA8BD9344494993897237AAF, 0CAB5926FE0F16F717858484DCD81F184108F1C6D8530280BC982E4C0CC24D0B ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
12:41:32.0472 0x1d08  igfx - ok
12:41:32.0519 0x1d08  [ 39F3C7E218CE9118106D166F09AE1352, B78ADFC87AACF868D62A7FB0971B8786C1315A9B4D34D3E3159AD3F24D78AD62 ] ikbevent        C:\windows\system32\DRIVERS\ikbevent.sys
12:41:32.0535 0x1d08  ikbevent - ok
12:41:32.0628 0x1d08  [ 3B6E74B3BE0CA74525A37B5C8E510084, BEA54067BAA524A13A2F67EB76C6B206546BA06567446725CF8BA0D7F6A30311 ] IKEEXT          C:\windows\System32\ikeext.dll
12:41:32.0753 0x1d08  IKEEXT - ok
12:41:32.0785 0x1d08  [ 404906005D768E48BF16218B420249C7, 78409A077F244FCAC806180384C240F3BB1FF7ECF02EDB5E5D3188F458AB23D1 ] imsevent        C:\windows\system32\DRIVERS\imsevent.sys
12:41:32.0800 0x1d08  imsevent - ok
12:41:32.0816 0x1d08  [ 3F2BB021CB280880F8C1B7A6FEF9B447, CEC0BF9D6C9CF6E6A9F9B4E656BD47208AC977EDDC11C1C3BCD07EB50BABC017 ] INETMON         C:\windows\System32\Drivers\INETMON.sys
12:41:32.0847 0x1d08  INETMON - ok
12:41:32.0847 0x1d08  [ DB65573521AB51941F4FA799D0968136, 418F5E3FE725B7B114F3DAEBDCEBCE7F4AD8ECAAFF572C02BA9ACCE86D55BFD8 ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
12:41:32.0878 0x1d08  intaud_WaveExtensible - ok
12:41:33.0113 0x1d08  [ E39307AB89491751020D5FBD9E080926, A78A0ECF3DA005A76B0895FA0EEE3EC66AA9518307E1FFC59162D2E5308189E2 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
12:41:33.0425 0x1d08  IntcAzAudAddService - ok
12:41:33.0488 0x1d08  [ 56BF61A0F2CB461DFC78AC5260739D5C, DE6C0B6B614BE4BFEB7A2D992C4881BD720278247A0053B9154B453311B7E510 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
12:41:33.0550 0x1d08  IntcDAud - ok
12:41:33.0644 0x1d08  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:41:33.0707 0x1d08  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
12:41:33.0879 0x1d08  Detect skipped due to KSN trusted
12:41:33.0894 0x1d08  Intel(R) Capability Licensing Service Interface - ok
12:41:34.0019 0x1d08  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
12:41:34.0113 0x1d08  Intel(R) Capability Licensing Service TCP IP Interface - ok
12:41:34.0160 0x1d08  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
12:41:34.0191 0x1d08  Intel(R) ME Service - ok
12:41:34.0222 0x1d08  [ 441D5FAF24CC2EC115B654A55C52F0AF, 5BF5299DAD9A7076C43D68C70E02AEC8DBFD89C1AFDF7CD6AB95550EE25EEB36 ] Intel(R) Wireless Bluetooth(R) 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
12:41:34.0255 0x1d08  Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - ok
12:41:34.0270 0x1d08  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\windows\system32\drivers\intelide.sys
12:41:34.0301 0x1d08  intelide - ok
12:41:34.0317 0x1d08  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\windows\system32\drivers\intelpep.sys
12:41:34.0348 0x1d08  intelpep - ok
12:41:34.0380 0x1d08  [ 24FF99B76037E1449E4E2E6DDF03F417, D001CFF6CF40B47E8D235378A563DAE22D32B4AE1D50755436567B6B2BB188A3 ] intelppm        C:\windows\System32\drivers\intelppm.sys
12:41:34.0473 0x1d08  intelppm - ok
12:41:34.0536 0x1d08  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
12:41:34.0755 0x1d08  IpFilterDriver - ok
12:41:34.0864 0x1d08  [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
12:41:35.0005 0x1d08  iphlpsvc - ok
12:41:35.0036 0x1d08  [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV         C:\windows\System32\drivers\IPMIDrv.sys
12:41:35.0223 0x1d08  IPMIDRV - ok
12:41:35.0301 0x1d08  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
12:41:35.0458 0x1d08  IPNAT - ok
12:41:35.0567 0x1d08  [ 1D91D4B53167405C0595A66662D21E04, 79BBCC69088A3D2573A7AE2F68E29BC5D6A070C30AC825E442611FD3AFBFC52B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:41:35.0645 0x1d08  iPod Service - ok
12:41:35.0676 0x1d08  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\windows\system32\drivers\irenum.sys
12:41:35.0755 0x1d08  IRENUM - ok
12:41:35.0786 0x1d08  [ 00AD710037F4A4F00CDDD94CBA7BABEA, 234FD60D659D9338C9FA0A54D176840BFDDEEB358DAF67A8B13F7699D442CAC0 ] isapnp          C:\windows\system32\drivers\isapnp.sys
12:41:35.0817 0x1d08  isapnp - ok
12:41:35.0880 0x1d08  [ 6205F494094FC3DB755CB1139917D058, EFD5CBE86D4523F9693E26F78292A52B211B25451B47B26B8C3CBC00B3C86C25 ] iScsiPrt        C:\windows\System32\drivers\msiscsi.sys
12:41:35.0942 0x1d08  iScsiPrt - ok
12:41:35.0973 0x1d08  [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT            C:\windows\System32\drivers\ISCTD64.sys
12:41:35.0989 0x1d08  ISCT - ok
12:41:36.0020 0x1d08  [ 5215D12B13FC2BC7717AA4884846D34F, B97B8FFC6FB212398BF772C08B318411EA70B683B816906F30EF35DEB5B1C130 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
12:41:36.0067 0x1d08  ISCTAgent - ok
12:41:36.0083 0x1d08  [ 2C04ACF9070282AC9AA837C52CA3C128, 2C68FE2E876E5089F27021038E868E21288F694F3ED0390AED5B4712CC7567EC ] iwdbus          C:\windows\System32\drivers\iwdbus.sys
12:41:36.0114 0x1d08  iwdbus - ok
12:41:36.0161 0x1d08  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
12:41:36.0192 0x1d08  jhi_service - ok
12:41:36.0208 0x1d08  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\windows\System32\drivers\kbdclass.sys
12:41:36.0240 0x1d08  kbdclass - ok
12:41:36.0271 0x1d08  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\windows\System32\drivers\kbdhid.sys
12:41:36.0381 0x1d08  kbdhid - ok
12:41:36.0396 0x1d08  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\windows\system32\DRIVERS\kdnic.sys
12:41:36.0506 0x1d08  kdnic - ok
12:41:36.0537 0x1d08  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\windows\system32\lsass.exe
12:41:36.0568 0x1d08  KeyIso - ok
12:41:36.0599 0x1d08  [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
12:41:36.0631 0x1d08  KSecDD - ok
12:41:36.0662 0x1d08  [ A9C617281ECE2711C02F3B7C951A1882, AD871D3C2A9EA9F4D1809C93093EC314DFFFF8CBCD176E96941F26AF9DB7AF4E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
12:41:36.0693 0x1d08  KSecPkg - ok
12:41:36.0709 0x1d08  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
12:41:36.0787 0x1d08  ksthunk - ok
12:41:36.0834 0x1d08  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\windows\system32\msdtckrm.dll
12:41:36.0896 0x1d08  KtmRm - ok
12:41:36.0974 0x1d08  [ B75ADC97905F43C7C946F1465A8697BD, AF50E3F5DBF222DB095B40FD4896650B5F8DD47153CB9A1ADE54D17FCE85C529 ] LanmanServer    C:\windows\system32\srvsvc.dll
12:41:37.0037 0x1d08  LanmanServer - ok
12:41:37.0084 0x1d08  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:41:37.0177 0x1d08  LanmanWorkstation - ok
12:41:37.0302 0x1d08  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\windows\System32\GeofenceMonitorService.dll
12:41:37.0412 0x1d08  lfsvc - ok
12:41:37.0443 0x1d08  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
12:41:37.0584 0x1d08  lltdio - ok
12:41:37.0615 0x1d08  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\windows\System32\lltdsvc.dll
12:41:37.0693 0x1d08  lltdsvc - ok
12:41:37.0724 0x1d08  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\windows\System32\lmhsvc.dll
12:41:37.0771 0x1d08  lmhosts - ok
12:41:37.0849 0x1d08  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:41:37.0896 0x1d08  LMS - ok
12:41:37.0974 0x1d08  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
12:41:38.0037 0x1d08  LSI_SAS - ok
12:41:38.0052 0x1d08  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
12:41:38.0099 0x1d08  LSI_SAS2 - ok
12:41:38.0131 0x1d08  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\windows\system32\drivers\lsi_sas3.sys
12:41:38.0177 0x1d08  LSI_SAS3 - ok
12:41:38.0193 0x1d08  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\windows\system32\drivers\lsi_sss.sys
12:41:38.0249 0x1d08  LSI_SSS - ok
12:41:38.0313 0x1d08  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\windows\System32\lsm.dll
12:41:38.0454 0x1d08  LSM - ok
12:41:38.0485 0x1d08  [ B0AF753AF28303BB69C67BD85F06FFC9, 6B6805C17BC39F972BB7FF52BDF798B0B57EC5D5F3CE1C97415E86110235C603 ] luafv           C:\windows\system32\drivers\luafv.sys
12:41:38.0642 0x1d08  luafv - ok
12:41:38.0657 0x1d08  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\windows\system32\drivers\megasas.sys
12:41:38.0688 0x1d08  megasas - ok
12:41:38.0751 0x1d08  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\windows\system32\drivers\megasr.sys
12:41:38.0829 0x1d08  megasr - ok
12:41:38.0860 0x1d08  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\windows\system32\DRIVERS\TeeDriverx64.sys
12:41:38.0892 0x1d08  MEIx64 - ok
12:41:38.0923 0x1d08  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\windows\system32\mmcss.dll
12:41:38.0954 0x1d08  MMCSS - ok
12:41:38.0970 0x1d08  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\windows\system32\drivers\modem.sys
12:41:39.0048 0x1d08  Modem - ok
12:41:39.0063 0x1d08  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\windows\System32\drivers\monitor.sys
12:41:39.0220 0x1d08  monitor - ok
12:41:39.0251 0x1d08  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\windows\System32\drivers\mouclass.sys
12:41:39.0282 0x1d08  mouclass - ok
12:41:39.0298 0x1d08  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\windows\System32\drivers\mouhid.sys
12:41:39.0392 0x1d08  mouhid - ok
12:41:39.0423 0x1d08  [ E5E8665272EBCD87A0A632314F0D221D, 37FDC4CEB8E5FC39C10DE875676863D090CFEA708AC3A8415114DCDD94BD7A1D ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
12:41:39.0454 0x1d08  mountmgr - ok
12:41:39.0517 0x1d08  [ 2EDD920BD669C571E3EEFCAAE4FD4C37, D029269D17BC2D2D4B98F331D9F69A973813FBBEF433E260858309D43C09AC09 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:41:39.0595 0x1d08  MozillaMaintenance - ok
12:41:39.0658 0x1d08  [ BF2513029E231BE96D82F7C3ABFF87F4, F6DB64112CC50EEE495E2D7C61B8BDBE757A31B03144B0396615FD38C312824E ] MpKsl31aab2c5   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{79D31205-2F6D-4B70-BFC1-D5318EFAC7DE}\MpKsl31aab2c5.sys
12:41:39.0704 0x1d08  MpKsl31aab2c5 - ok
12:41:39.0720 0x1d08  [ 2C8149371222053B82349A6E250900EB, CC6FE69C7B1F9D9EBCCD8568364CD062940962EF42903715CA7F8B877C6B40F7 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
12:41:39.0861 0x1d08  mpsdrv - ok
12:41:39.0939 0x1d08  [ 4D33C8B6159B61C7F13984ED10EA2A82, 2E6B8C104F34BFED3C521062F0F12B8D9B4A602221256C41791932771EB79B2C ] MpsSvc          C:\windows\system32\mpssvc.dll
12:41:40.0079 0x1d08  MpsSvc - ok
12:41:40.0142 0x1d08  [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
12:41:40.0267 0x1d08  MRxDAV - ok
12:41:40.0314 0x1d08  [ CF49856813FFDF2EB251762BB8B675C8, 5976D21C6B0A1FF489B406108DBE6ACDB22D706F437B12F58552A6EAA9D3BFD7 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
12:41:40.0407 0x1d08  mrxsmb - ok
12:41:40.0470 0x1d08  [ AFE6DC2E57E876175BA074AD2CB5594F, 004873302BA0BF1B1359A90A5399915BE00A9ED800F60E477A5AE4682C70A708 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
12:41:40.0595 0x1d08  mrxsmb10 - ok
12:41:40.0626 0x1d08  [ B37B58F9F80A51098C42663D5FA5F2BA, 996E2D8344F0095C136D1670D63A476E6B6F6BBA9DD773EEE5F0FD580562B000 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
12:41:40.0704 0x1d08  mrxsmb20 - ok
12:41:40.0736 0x1d08  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\windows\system32\DRIVERS\bridge.sys
12:41:40.0814 0x1d08  MsBridge - ok
12:41:40.0845 0x1d08  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\windows\System32\msdtc.exe
12:41:40.0892 0x1d08  MSDTC - ok
12:41:40.0923 0x1d08  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\windows\system32\drivers\Msfs.sys
12:41:41.0001 0x1d08  Msfs - ok
12:41:41.0033 0x1d08  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\windows\System32\drivers\msgpiowin32.sys
12:41:41.0064 0x1d08  msgpiowin32 - ok
12:41:41.0079 0x1d08  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
12:41:41.0157 0x1d08  mshidkmdf - ok
12:41:41.0189 0x1d08  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\windows\System32\drivers\mshidumdf.sys
12:41:41.0253 0x1d08  mshidumdf - ok
12:41:41.0284 0x1d08  [ 15552CD43BD9DA6C00659167403D19E6, B93BAE0FB5A132FA3F0218B07284117D424175DB0A69C4FB3E3C2E33F122207F ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
12:41:41.0300 0x1d08  msisadrv - ok
12:41:41.0331 0x1d08  [ A06142B3850B06972F1C89748FAA2C02, B1CCC5C8D100FEB384FCC85FED2A77F47DA4C9BA5F6889A130F4D73E30ACAA78 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
12:41:41.0409 0x1d08  MSiSCSI - ok
12:41:41.0409 0x1d08  msiserver - ok
12:41:41.0440 0x1d08  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
12:41:41.0503 0x1d08  MSKSSRV - ok
12:41:41.0518 0x1d08  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\windows\system32\DRIVERS\mslldp.sys
12:41:41.0706 0x1d08  MsLldp - ok
12:41:41.0722 0x1d08  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
12:41:41.0768 0x1d08  MSPCLOCK - ok
12:41:41.0815 0x1d08  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
12:41:41.0878 0x1d08  MSPQM - ok
12:41:41.0925 0x1d08  [ 493AA78266AA041593DB24155556B8BF, CBAF7FAD5215957D8B8C5956DB423249BB630FCFD03A10B9734E889D594F8EBD ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
12:41:41.0987 0x1d08  MsRPC - ok
12:41:42.0003 0x1d08  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\windows\System32\drivers\mssmbios.sys
12:41:42.0034 0x1d08  mssmbios - ok
12:41:42.0050 0x1d08  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
12:41:42.0112 0x1d08  MSTEE - ok
12:41:42.0144 0x1d08  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\windows\System32\drivers\MTConfig.sys
12:41:42.0206 0x1d08  MTConfig - ok
12:41:42.0237 0x1d08  [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup             C:\windows\system32\Drivers\mup.sys
12:41:42.0268 0x1d08  Mup - ok
12:41:42.0300 0x1d08  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\windows\system32\drivers\mvumis.sys
12:41:42.0331 0x1d08  mvumis - ok
12:41:42.0362 0x1d08  [ FCDCFEDAF3C1D61DE11FA0DE9453699C, 4E79F1040E62B0DEE00F3035DBFE5241A459FE4C1A46337FF13A25FF8C5A64A5 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:41:42.0393 0x1d08  MyWiFiDHCPDNS - ok
12:41:42.0440 0x1d08  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\windows\system32\qagentRT.dll
12:41:42.0518 0x1d08  napagent - ok
12:41:42.0581 0x1d08  [ F3A70F2C79D91B7C95F78E959DEDAD0E, CB1826614D1EEC1C2E8E6F8D2B8DE486CE7AF628DAC6969655E57EC4BAF70C9D ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
12:41:42.0675 0x1d08  NativeWifiP - ok
12:41:42.0737 0x1d08  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\windows\System32\ncasvc.dll
12:41:42.0800 0x1d08  NcaSvc - ok
12:41:42.0862 0x1d08  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\windows\System32\ncbservice.dll
12:41:42.0925 0x1d08  NcbService - ok
12:41:42.0956 0x1d08  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\windows\System32\NcdAutoSetup.dll
12:41:43.0018 0x1d08  NcdAutoSetup - ok
12:41:43.0128 0x1d08  [ FFAA6C6E798FBA448FA7628A1B277F5C, 9E1F2C848A019CE6397F652A21AE43B76149EF95452BB8353249BD9E28D98083 ] NDIS            C:\windows\system32\drivers\ndis.sys
12:41:43.0253 0x1d08  NDIS - ok
12:41:43.0300 0x1d08  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
12:41:43.0378 0x1d08  NdisCap - ok
12:41:43.0409 0x1d08  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\windows\system32\DRIVERS\NdisImPlatform.sys
12:41:43.0534 0x1d08  NdisImPlatform - ok
12:41:43.0550 0x1d08  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
12:41:43.0675 0x1d08  NdisTapi - ok
12:41:43.0690 0x1d08  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
12:41:43.0768 0x1d08  Ndisuio - ok
12:41:43.0800 0x1d08  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\windows\System32\drivers\NdisVirtualBus.sys
12:41:43.0909 0x1d08  NdisVirtualBus - ok
12:41:43.0956 0x1d08  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
12:41:44.0112 0x1d08  NdisWan - ok
12:41:44.0128 0x1d08  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy   C:\windows\system32\DRIVERS\ndiswan.sys
12:41:44.0175 0x1d08  NdisWanLegacy - ok
12:41:44.0206 0x1d08  [ 4F5178EEF4CC259F0A8CF56C2F16ADDB, 1940275E4AB0A863B146736A189F797EE06841DD74376AF6E09033FB1EEB6643 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
12:41:44.0316 0x1d08  NDProxy - ok
12:41:44.0347 0x1d08  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\windows\system32\drivers\Ndu.sys
12:41:44.0456 0x1d08  Ndu - ok
12:41:44.0472 0x1d08  [ AD6A78E25BBC916354753A500C4E73C8, 52D10B07CA52B90E6934EC8916715B1BA78711A12600980A3A7A16EA5408F99A ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
12:41:44.0581 0x1d08  NetBIOS - ok
12:41:44.0613 0x1d08  [ 0FE750800DEEE91D22399D081371BA79, 7E1E01A5D5BAE68F975070D1676BD830ADF010E42A8046D4074D17B710230CD9 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
12:41:44.0753 0x1d08  NetBT - ok
12:41:44.0769 0x1d08  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\windows\system32\lsass.exe
12:41:44.0800 0x1d08  Netlogon - ok
12:41:44.0831 0x1d08  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\windows\System32\netman.dll
12:41:44.0894 0x1d08  Netman - ok
12:41:44.0972 0x1d08  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\windows\System32\netprofmsvc.dll
12:41:45.0066 0x1d08  netprofm - ok
12:41:45.0113 0x1d08  [ C986B84B68DDA3EECB65F4C330175522, 8F40D3F90BC61FC57BEA66280FF30DEFB1F37F53636992B1C61D01465684BB39 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:45.0160 0x1d08  NetTcpPortSharing - ok
12:41:45.0191 0x1d08  [ 39935F3D3582A8B3387E9A2ED4C85413, 4B0629CA22B9AEF90425991BC800043DBE18007AC90445809A8D5D122B41218D ] netvsc          C:\windows\System32\drivers\netvsc63.sys
12:41:45.0332 0x1d08  netvsc - ok
12:41:45.0692 0x1d08  [ B6EDB4D2BA55CA06FF679FA4B885B1F4, 3A5E509B52216DEFBEDE2CA35C77A2AB8114E41D702765F6712DD8D24B394826 ] NETwNb64        C:\windows\system32\DRIVERS\NETwbw02.sys
12:41:46.0161 0x1d08  NETwNb64 - ok
12:41:46.0646 0x1d08  [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64        C:\windows\system32\DRIVERS\NETwew02.sys
12:41:47.0161 0x1d08  NETwNe64 - ok
12:41:47.0255 0x1d08  [ A0D7A655BC61C2421CB33F3A1CD97B8A, EF87D3CDB01789195E83FB629B0871ED03211C624BCF814260D86DDA57BD9B33 ] NlaSvc          C:\windows\System32\nlasvc.dll
12:41:47.0333 0x1d08  NlaSvc - ok
12:41:47.0364 0x1d08  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\windows\system32\drivers\Npfs.sys
12:41:47.0458 0x1d08  Npfs - ok
12:41:47.0474 0x1d08  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\windows\System32\drivers\npsvctrig.sys
12:41:47.0583 0x1d08  npsvctrig - ok
12:41:47.0599 0x1d08  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\windows\system32\nsisvc.dll
12:41:47.0646 0x1d08  nsi - ok
12:41:47.0677 0x1d08  [ 018510D88536798852DAE12F9BA6E138, C0D89C36F8737FD139CEA80BED65D1DB4248E667804645FF71C39BA92FEC4109 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
12:41:47.0786 0x1d08  nsiproxy - ok
12:41:48.0036 0x1d08  [ 9E60AD04B25D39986599D4397FD96FF8, F4004443A7982EDE01F6069F0601BBAB452B62F1D1F954AFFDA2FE8DA13BFCE5 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
12:41:48.0259 0x1d08  Ntfs - ok
12:41:48.0306 0x1d08  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\windows\system32\drivers\Null.sys
12:41:48.0384 0x1d08  Null - ok
12:41:48.0447 0x1d08  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\windows\system32\drivers\nvraid.sys
12:41:48.0478 0x1d08  nvraid - ok
12:41:48.0509 0x1d08  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
12:41:48.0541 0x1d08  nvstor - ok
12:41:48.0572 0x1d08  [ 9D1D5F4A66790A6B6B83B49497DB7A9F, CEFB57674BB681A0F446307E6D10D141DC2F5C5650A481FCF4D7FA877F421D0B ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
12:41:48.0603 0x1d08  nv_agp - ok
12:41:48.0697 0x1d08  [ 0EEC96B0A5E87A5A4A9D37F8C1CEC929, E46C6B4C0E9ADBF4CB3F837C1AAE21BE574A14E1C1422AECB81A6571E5B68D5A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:41:48.0900 0x1d08  ose - ok
12:41:48.0963 0x1d08  [ B0D4F47A4D74F6E6A3FF6B2D109D6734, B34F0AF0EAE3A39FCE8BF3871310A7308E2C0BEF3E2F4CAB5852F8D2B2A8B457 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
12:41:49.0072 0x1d08  p2pimsvc - ok
12:41:49.0119 0x1d08  [ 0B100C336809C1D7DBD108A75DAFFEF5, F8E5B7EBB5F751FD5BBBD0A5CE5CD60F2EE32CC75EFA68DAAD17E2B26B71AF4E ] p2psvc          C:\windows\system32\p2psvc.dll
12:41:49.0228 0x1d08  p2psvc - ok
12:41:49.0291 0x1d08  [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport         C:\windows\System32\drivers\parport.sys
12:41:49.0509 0x1d08  Parport - ok
12:41:49.0541 0x1d08  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\windows\system32\drivers\partmgr.sys
12:41:49.0572 0x1d08  partmgr - ok
12:41:49.0666 0x1d08  [ 10D35971E29936AE422A9C728014E761, 7B1547312663D50D72B76A7C13A01E532F41132A8E108AF5C6C086B456C86ACA ] PcaSvc          C:\windows\System32\pcasvc.dll
12:41:49.0775 0x1d08  PcaSvc - ok
12:41:49.0822 0x1d08  [ 9C1015B033ABDFC59584F480207AECDD, 288011A1F5A6C6D530122210EF3CAD09DF0BDA15E490CD5C52209037B3A0714F ] pci             C:\windows\system32\drivers\pci.sys
12:41:49.0884 0x1d08  pci - ok
12:41:49.0916 0x1d08  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\windows\system32\drivers\pciide.sys
12:41:49.0931 0x1d08  pciide - ok
12:41:49.0978 0x1d08  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
12:41:50.0009 0x1d08  pcmcia - ok
12:41:50.0041 0x1d08  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\windows\system32\drivers\pcw.sys
12:41:50.0072 0x1d08  pcw - ok
12:41:50.0103 0x1d08  [ E6B3ACBA06BAF48594557FCCBFA66FD2, 44A0FAC6169D9130870456DEFBFFE563FCCC4AD7A9754B455D5A1C1A77F0699D ] pdc             C:\windows\system32\drivers\pdc.sys
12:41:50.0134 0x1d08  pdc - ok
12:41:50.0197 0x1d08  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
12:41:50.0400 0x1d08  PEAUTH - ok
12:41:50.0478 0x1d08  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\windows\SysWow64\perfhost.exe
12:41:50.0728 0x1d08  PerfHost - ok
12:41:50.0838 0x1d08  [ 64351455DF585673FECA37136BC8CBAC, 41376D69CD5F241F27E4F1B2FF06056DB5551C62393DD5FC357B38CC61677EFE ] PGService       C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
12:41:50.0869 0x1d08  PGService - ok
12:41:50.0916 0x1d08  [ 29D2ADBA0F22B82D7B1C502A26558C7B, C0280D99614DE2490413ED6DB06CFBD0480766D0F7173DEEBCA6AE8D2CB111F7 ] PG_Service_Launcher C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
12:41:50.0963 0x1d08  PG_Service_Launcher - ok
12:41:51.0103 0x1d08  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\windows\system32\pla.dll
12:41:51.0261 0x1d08  pla - ok
12:41:51.0308 0x1d08  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\windows\system32\umpnpmgr.dll
12:41:51.0354 0x1d08  PlugPlay - ok
12:41:51.0386 0x1d08  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
12:41:51.0464 0x1d08  PNRPAutoReg - ok
12:41:51.0511 0x1d08  [ B0D4F47A4D74F6E6A3FF6B2D109D6734, B34F0AF0EAE3A39FCE8BF3871310A7308E2C0BEF3E2F4CAB5852F8D2B2A8B457 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
12:41:51.0573 0x1d08  PNRPsvc - ok
12:41:51.0636 0x1d08  [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
12:41:51.0745 0x1d08  PolicyAgent - ok
12:41:51.0761 0x1d08  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\windows\system32\umpo.dll
12:41:51.0808 0x1d08  Power - ok
12:41:51.0854 0x1d08  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
12:41:51.0995 0x1d08  PptpMiniport - ok
12:41:52.0294 0x1d08  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll
12:41:52.0825 0x1d08  PrintNotify - ok
12:41:52.0872 0x1d08  [ 400E95F70BC0336D206139C930C3F7F6, 50D40C9E4B4BAEC25067B0A4E55A8FE0CEF6C6B66BDBAE62BBDB5A02C62DDF7E ] Processor       C:\windows\System32\drivers\processr.sys
12:41:52.0966 0x1d08  Processor - ok
12:41:52.0997 0x1d08  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\windows\system32\profsvc.dll
12:41:53.0091 0x1d08  ProfSvc - ok
12:41:53.0122 0x1d08  [ DEF4D00D1E55B1E29138A1541D0B82D3, CB042B49BA34F501CAD5AE1277EBFC34BD7BC01C1251811733901566880FF280 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
12:41:53.0231 0x1d08  Psched - ok
12:41:53.0263 0x1d08  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio         C:\windows\system32\pwdrvio.sys
12:41:53.0294 0x1d08  pwdrvio - ok
12:41:53.0310 0x1d08  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio         C:\windows\system32\pwdspio.sys
12:41:53.0341 0x1d08  pwdspio - ok
12:41:53.0388 0x1d08  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\windows\system32\qwave.dll
12:41:53.0466 0x1d08  QWAVE - ok
12:41:53.0497 0x1d08  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
12:41:53.0575 0x1d08  QWAVEdrv - ok
12:41:53.0591 0x1d08  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
12:41:53.0685 0x1d08  RasAcd - ok
12:41:53.0732 0x1d08  [ D5ECE7E7F349EB3C4B152AFF3577280D, 3A5D3E440D1ED72D654BBFE30A73667F055C0AD04375C22C202F21BF75B612B2 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
12:41:53.0857 0x1d08  RasAgileVpn - ok
12:41:53.0904 0x1d08  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\windows\System32\rasauto.dll
12:41:53.0966 0x1d08  RasAuto - ok
12:41:54.0013 0x1d08  [ 235624C147E3CB4C288D5D3D8E8D64A2, B3F182019DBAD9C761FE9F62EAED34AD5902B41A13A766D814FC3E2EA29D8D92 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
12:41:54.0138 0x1d08  Rasl2tp - ok
12:41:54.0216 0x1d08  [ 0A655DD285E4E1E2975CEAB8FDE75295, 023B73A71CB48578702548F8F1096BDF72BE09D836F2D324DDA869E4F0354133 ] RasMan          C:\windows\System32\rasmans.dll
12:41:54.0310 0x1d08  RasMan - ok
12:41:54.0341 0x1d08  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
12:41:54.0419 0x1d08  RasPppoe - ok
12:41:54.0451 0x1d08  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
12:41:54.0591 0x1d08  RasSstp - ok
12:41:54.0638 0x1d08  [ 3560C2D5A5DAC09BF81F5C5CD0029192, BF07AE75CAC322304024AF2385034847F18615439894306CC96D3F6F3C088CB5 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
12:41:54.0747 0x1d08  rdbss - ok
12:41:54.0779 0x1d08  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\windows\System32\drivers\rdpbus.sys
12:41:54.0904 0x1d08  rdpbus - ok
12:41:54.0935 0x1d08  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
12:41:55.0154 0x1d08  RDPDR - ok
12:41:55.0216 0x1d08  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
12:41:55.0232 0x1d08  RdpVideoMiniport - ok
12:41:55.0279 0x1d08  [ 468F9F3886DD3320357ECDBFF838DBBF, B8A8198A3D7CF19D662718AC9D33AD3722D179DA88D9F3FCFFB67AAA3F95C153 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
12:41:55.0326 0x1d08  rdyboost - ok
12:41:55.0404 0x1d08  [ D6B1EC83A1C6B7E49074429F0E0B3A6A, A1D61E8AAFE731EECD78865102707F65C62CF1B5A45F811C877EBC72939C8202 ] ReFS            C:\windows\system32\drivers\ReFS.sys
12:41:55.0529 0x1d08  ReFS - ok
12:41:55.0607 0x1d08  [ 5B1F724CBCA8E08DC9D4C158C9BC1C1C, D5B170CF4B5420213130E151AFBBD9B84C5F7E710F5F67066E07095DEC1BD4B9 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:41:55.0623 0x1d08  RegSrvc - ok
12:41:55.0685 0x1d08  [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess    C:\windows\System32\mprdim.dll
12:41:55.0748 0x1d08  RemoteAccess - ok
12:41:55.0779 0x1d08  [ 7594FEFBAD6BA4645CE7AA175C19BAD0, 32625BA39B905576F0465E261F15D222ED228A19071E3A1BC4286B5FECA0F948 ] RemoteRegistry  C:\windows\system32\regsvc.dll
12:41:55.0857 0x1d08  RemoteRegistry - ok
12:41:55.0888 0x1d08  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\windows\System32\drivers\rfcomm.sys
12:41:55.0998 0x1d08  RFCOMM - ok
12:41:56.0045 0x1d08  [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
12:41:56.0107 0x1d08  RichVideo64 - ok
12:41:56.0123 0x1d08  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
12:41:56.0201 0x1d08  RpcEptMapper - ok
12:41:56.0201 0x1d08  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\windows\system32\locator.exe
12:41:56.0279 0x1d08  RpcLocator - ok
12:41:56.0357 0x1d08  [ 2928249E4DD39C2ADD3E74F02427AB8B, E331028A55FFFD753BC09163F25765AA67B1FE55BD0EB2803CC50D841E14BDA6 ] RpcSs           C:\windows\system32\rpcss.dll
12:41:56.0451 0x1d08  RpcSs - ok
12:41:56.0467 0x1d08  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
12:41:56.0561 0x1d08  rspndr - ok
12:41:56.0639 0x1d08  [ 948D5E71CF9DB59961353A355EA45139, A23D012B07A92CC217C67C904CDFBA2BCCDCC2BD49B24FB694BD230D000F2B7B ] RTL8168         C:\windows\system32\DRIVERS\Rt630x64.sys
12:41:56.0717 0x1d08  RTL8168 - ok
12:41:56.0779 0x1d08  [ D1255851605A6FBFC5D740152D7FEEA3, 3780D3CD521176850E080A0541201C43ED9E84E2EC7D355DA317CCA491913194 ] RTSPER          C:\windows\system32\DRIVERS\RtsPer.sys
12:41:56.0826 0x1d08  RTSPER - ok
12:41:57.0639 0x1d08  [ D72F22971F0F492BE045EBAB0C79177D, 984B161880226440B5BF09478C783543C242CA995E56074229385E88FF87399A ] rtsuvc          C:\windows\system32\DRIVERS\rtsuvc.sys
12:41:58.0483 0x1d08  rtsuvc - ok
12:41:58.0530 0x1d08  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\windows\System32\drivers\vms3cap.sys
12:41:58.0608 0x1d08  s3cap - ok
12:41:58.0655 0x1d08  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\windows\system32\lsass.exe
12:41:58.0686 0x1d08  SamSs - ok
12:41:58.0717 0x1d08  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
12:41:58.0749 0x1d08  sbp2port - ok
12:41:58.0795 0x1d08  [ 305B725E3FC1936162FE84A0BB526F22, 341E311BAF071F630E277BA41629883D5F8DB76E820425AB898BAC13D09971DC ] SCardSvr        C:\windows\System32\SCardSvr.dll
12:41:58.0842 0x1d08  SCardSvr - ok
12:41:58.0905 0x1d08  [ 92D2FA1870F4EB4A9BA767DB6E0DEF6F, AB019E17D5F330CBB7F7CAF8CEB01F3F3DBBB181CDE19E4C2354AF51E66C8291 ] ScDeviceEnum    C:\windows\System32\ScDeviceEnum.dll
12:41:58.0952 0x1d08  ScDeviceEnum - ok
12:41:58.0967 0x1d08  [ DEA731D96816F1F67C32F49E4EF248DD, 6A977D80164616A85BDAE437A3D50E055720E3163941259F19E8719F54BE267D ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
12:41:59.0045 0x1d08  scfilter - ok
12:41:59.0170 0x1d08  [ F5523FFAFFCE7937D076E4FE6F5BD9AD, 42B08D5B54C07331D3754688878122F9CD9C7C9253C5ED8C3185C4BF6F68D847 ] Schedule        C:\windows\system32\schedsvc.dll
12:41:59.0295 0x1d08  Schedule - ok
12:41:59.0342 0x1d08  [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] SCPolicySvc     C:\windows\System32\certprop.dll
12:41:59.0374 0x1d08  SCPolicySvc - ok
12:41:59.0420 0x1d08  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\windows\System32\drivers\sdbus.sys
12:41:59.0467 0x1d08  sdbus - ok
12:41:59.0514 0x1d08  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\windows\System32\drivers\sdstor.sys
12:41:59.0545 0x1d08  sdstor - ok
12:41:59.0561 0x1d08  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
12:41:59.0717 0x1d08  secdrv - ok
12:41:59.0749 0x1d08  [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon        C:\windows\system32\seclogon.dll
12:41:59.0858 0x1d08  seclogon - ok
12:41:59.0920 0x1d08  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\windows\System32\sens.dll
12:42:00.0045 0x1d08  SENS - ok
12:42:00.0108 0x1d08  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
12:42:00.0233 0x1d08  SensrSvc - ok
12:42:00.0249 0x1d08  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\windows\system32\drivers\SerCx.sys
12:42:00.0281 0x1d08  SerCx - ok
12:42:00.0312 0x1d08  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\windows\system32\drivers\SerCx2.sys
12:42:00.0359 0x1d08  SerCx2 - ok
12:42:00.0375 0x1d08  [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum         C:\windows\System32\drivers\serenum.sys
12:42:00.0484 0x1d08  Serenum - ok
12:42:00.0531 0x1d08  [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial          C:\windows\System32\drivers\serial.sys
12:42:00.0609 0x1d08  Serial - ok
12:42:00.0640 0x1d08  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\windows\System32\drivers\sermouse.sys
12:42:00.0703 0x1d08  sermouse - ok
12:42:00.0781 0x1d08  [ 624BB76941938B9F5776DEA56004D33E, D4EE7A23665D71646622D477CA962335B4C17BAC931A728122DF8C112CD5A560 ] SessionEnv      C:\windows\system32\sessenv.dll
12:42:00.0890 0x1d08  SessionEnv - ok
12:42:00.0922 0x1d08  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\windows\System32\drivers\sfloppy.sys
12:42:01.0000 0x1d08  sfloppy - ok
12:42:01.0109 0x1d08  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\windows\System32\ipnathlp.dll
12:42:01.0172 0x1d08  SharedAccess - ok
12:42:01.0265 0x1d08  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:42:01.0375 0x1d08  ShellHWDetection - ok
12:42:01.0406 0x1d08  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
12:42:01.0437 0x1d08  SiSRaid2 - ok
12:42:01.0453 0x1d08  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
12:42:01.0484 0x1d08  SiSRaid4 - ok
12:42:01.0515 0x1d08  [ 2458D9FA17F51A458463CF0A4D3FC238, 9CB160C391C24229FF068A56E6B0AD7869FBDAF254B9B30497FAE3443AC19FC3 ] SmbDrvI         C:\windows\system32\DRIVERS\Smb_driver_Intel.sys
12:42:01.0531 0x1d08  SmbDrvI - ok
12:42:01.0547 0x1d08  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\windows\System32\smphost.dll
12:42:01.0656 0x1d08  smphost - ok
12:42:01.0750 0x1d08  [ 961507DB02D7AC0B7A7828D457143B8E, F423BE6287C65960A955EBB3BFBAC047313BEB2F54920A6E57E51FCCE855F5E0 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
12:42:01.0843 0x1d08  SNMPTRAP - ok
12:42:01.0937 0x1d08  [ F6AF6499C3788105EA7AF1DA27769A77, F847789B0AD498CC9C985F334F7BA0906ACB41FB356CC2EF2A00C62C75D94A79 ] spaceport       C:\windows\system32\drivers\spaceport.sys
12:42:02.0031 0x1d08  spaceport - ok
12:42:02.0062 0x1d08  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\windows\system32\drivers\SpbCx.sys
12:42:02.0093 0x1d08  SpbCx - ok
12:42:02.0234 0x1d08  [ 851F06253BED584E39F5126EB5C2D6DD, 5144AA4C45598B0749D4F2CF477BB8E9B75DFB858385888E31E703B7C8FB6463 ] Spooler         C:\windows\System32\spoolsv.exe
12:42:02.0359 0x1d08  Spooler - ok
12:42:02.0843 0x1d08  [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc          C:\windows\system32\sppsvc.exe
12:42:03.0659 0x1d08  sppsvc - ok
12:42:03.0722 0x1d08  [ CA62440584866C8435AF39E70C8CDDDD, 8B4C6AF1CFD628632D20C17D4D64C70BA6609382E416007DE28E542C5E5C8798 ] srv             C:\windows\system32\DRIVERS\srv.sys
12:42:03.0847 0x1d08  srv - ok
12:42:03.0925 0x1d08  [ C62A74CAF963057C3A98083D1177DA50, DCA30352D472F6DF4AB2F0BE30D321060584F58CB043B7EBF223538CF0C48BEA ] srv2            C:\windows\system32\DRIVERS\srv2.sys
12:42:04.0097 0x1d08  srv2 - ok
12:42:04.0128 0x1d08  [ 09F76E4F5B3B37474A2F49CC6F94B39A, D0ADDF3E5BBF7D6CB6B01430FA4D8C7E15CFE7356877604B40AAA944CB35970C ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
12:42:04.0269 0x1d08  srvnet - ok
12:42:04.0316 0x1d08  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
12:42:04.0362 0x1d08  SSDPSRV - ok
12:42:04.0409 0x1d08  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\windows\system32\sstpsvc.dll
12:42:04.0456 0x1d08  SstpSvc - ok
12:42:04.0472 0x1d08  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\windows\system32\drivers\stexstor.sys
12:42:04.0503 0x1d08  stexstor - ok
12:42:04.0534 0x1d08  [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
12:42:04.0612 0x1d08  StillCam - ok
12:42:04.0675 0x1d08  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\windows\System32\wiaservc.dll
12:42:04.0784 0x1d08  stisvc - ok
12:42:04.0816 0x1d08  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\windows\system32\drivers\storahci.sys
12:42:04.0862 0x1d08  storahci - ok
12:42:04.0878 0x1d08  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
12:42:04.0909 0x1d08  storflt - ok
12:42:04.0941 0x1d08  [ 1D5A045F59D216448FCDE3A8D69970E2, CEDEB0843D93339D10FE4BC209CCFCB6E12C6064FD62694DA7675082E8B8C915 ] stornvme        C:\windows\system32\drivers\stornvme.sys
12:42:04.0972 0x1d08  stornvme - ok
12:42:05.0003 0x1d08  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\windows\system32\storsvc.dll
12:42:05.0097 0x1d08  StorSvc - ok
12:42:05.0097 0x1d08  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\windows\system32\drivers\storvsc.sys
12:42:05.0128 0x1d08  storvsc - ok
12:42:05.0144 0x1d08  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\windows\system32\svsvc.dll
12:42:05.0191 0x1d08  svsvc - ok
12:42:05.0206 0x1d08  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\windows\System32\drivers\swenum.sys
12:42:05.0237 0x1d08  swenum - ok
12:42:05.0331 0x1d08  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\windows\System32\swprv.dll
12:42:05.0409 0x1d08  swprv - ok
12:42:05.0472 0x1d08  [ ECC3E50A419EABCE700D3E956495E08C, FBC8E365BE88D37553E0C670984CAE0F3FE0A51B5EDBF627315F6FEBF23BBFC1 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
12:42:05.0534 0x1d08  SynTP - ok
12:42:05.0644 0x1d08  [ 0404A539EC3D731EE42632AAFFF0666A, 5558B96C9A425ADEC69A020E0FEDB6D7562A60E403A2ECDCE58CAF2CA155549F ] SysMain         C:\windows\system32\sysmain.dll
12:42:05.0769 0x1d08  SysMain - ok
12:42:05.0800 0x1d08  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
12:42:05.0878 0x1d08  SystemEventsBroker - ok
12:42:05.0956 0x1d08  [ 54A1F83B166F1062000A0D816CB3B43A, 8A104B2141546984CFB988CC178EB1910F6B42A19CB75A30F4E74D5EE67901EB ] TabletInputService C:\windows\System32\TabSvc.dll
12:42:06.0050 0x1d08  TabletInputService - ok
12:42:06.0081 0x1d08  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\windows\System32\tapisrv.dll
12:42:06.0159 0x1d08  TapiSrv - ok
12:42:06.0331 0x1d08  [ CB10F295128E551C0631C1459752BEDB, EFD2BC496D4F78C301DFCBA5210BB9BF99B6124AD519E4DED366023EA59EB950 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
12:42:06.0581 0x1d08  Tcpip - ok
12:42:06.0769 0x1d08  [ CB10F295128E551C0631C1459752BEDB, EFD2BC496D4F78C301DFCBA5210BB9BF99B6124AD519E4DED366023EA59EB950 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
12:42:06.0987 0x1d08  TCPIP6 - ok
12:42:07.0034 0x1d08  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
12:42:07.0112 0x1d08  tcpipreg - ok
12:42:07.0144 0x1d08  [ 576FA545FAB846B06E79B324160DE25C, 14F1FD2769E7F5362E6452CA061564EF3DEBFDF6BC8EFF0CD4E22068A460A727 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
12:42:07.0270 0x1d08  tdx - ok
12:42:07.0285 0x1d08  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\windows\System32\drivers\terminpt.sys
12:42:07.0317 0x1d08  terminpt - ok
12:42:07.0426 0x1d08  [ 680396E9E1FA365C80CA470BEB7CEECF, C51E5E5EAD08E2CED701464C4030DD161877F9A291BC8BF12AF7A0358DCA1886 ] TermService     C:\windows\System32\termsrv.dll
12:42:07.0535 0x1d08  TermService - ok
12:42:07.0567 0x1d08  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\windows\system32\themeservice.dll
12:42:07.0614 0x1d08  Themes - ok
12:42:07.0645 0x1d08  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\windows\system32\mmcss.dll
12:42:07.0692 0x1d08  THREADORDER - ok
12:42:07.0739 0x1d08  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\windows\System32\TimeBrokerServer.dll
12:42:07.0817 0x1d08  TimeBroker - ok
12:42:07.0864 0x1d08  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\windows\system32\drivers\tpm.sys
12:42:07.0895 0x1d08  TPM - ok
12:42:07.0926 0x1d08  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\windows\System32\trkwks.dll
12:42:07.0989 0x1d08  TrkWks - ok
12:42:08.0004 0x1d08  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:42:08.0051 0x1d08  TrustedInstaller - ok
12:42:08.0145 0x1d08  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
12:42:08.0348 0x1d08  TsUsbFlt - ok
12:42:08.0379 0x1d08  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\windows\System32\drivers\TsUsbGD.sys
12:42:08.0489 0x1d08  TsUsbGD - ok
12:42:08.0520 0x1d08  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
12:42:08.0723 0x1d08  tunnel - ok
12:42:08.0739 0x1d08  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\windows\system32\drivers\uagp35.sys
12:42:08.0785 0x1d08  uagp35 - ok
12:42:08.0832 0x1d08  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\windows\System32\drivers\uaspstor.sys
12:42:08.0879 0x1d08  UASPStor - ok
12:42:08.0910 0x1d08  [ 42FF91AAAFB5BFA7FE0F5A31E8D83AE3, 11D4EF275357BB69F9431F9B24A5524A631D65610F8128F68290C6E839009BE2 ] UCX01000        C:\windows\System32\drivers\ucx01000.sys
12:42:09.0004 0x1d08  UCX01000 - ok
12:42:09.0082 0x1d08  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\windows\system32\DRIVERS\udfs.sys
12:42:09.0239 0x1d08  udfs - ok
12:42:09.0274 0x1d08  [ 5DFA6081BE0AE39EA5B3A38CAC6A961F, D2EC133CF68E794225DE4FAB678F9FECD20D82EC7539A450769076BA57C1914F ] UEFI            C:\windows\System32\drivers\UEFI.sys
12:42:09.0305 0x1d08  UEFI - ok
12:42:09.0352 0x1d08  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\windows\system32\UI0Detect.exe
12:42:09.0445 0x1d08  UI0Detect - ok
12:42:09.0508 0x1d08  [ 4EF2D1DCFFC75ADFFFDD471BD9EBEDCC, 9B47DB34537B08D2F934C5FA0503B3441F718F0F8CEDF2483F77C684BD2D63E5 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
12:42:09.0539 0x1d08  uliagpkx - ok
12:42:09.0586 0x1d08  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\windows\System32\drivers\umbus.sys
12:42:09.0680 0x1d08  umbus - ok
12:42:09.0711 0x1d08  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\windows\System32\drivers\umpass.sys
12:42:09.0836 0x1d08  UmPass - ok
12:42:09.0899 0x1d08  [ 87743CF5FF2FB3F2B424F0D8DFF8FD8C, C14C979612426D4449274C109FCF25D3BE170DC5CD7EF8E230C7E8D5681904D3 ] UmRdpService    C:\windows\System32\umrdp.dll
12:42:10.0024 0x1d08  UmRdpService - ok
12:42:10.0102 0x1d08  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\windows\System32\upnphost.dll
12:42:10.0180 0x1d08  upnphost - ok
12:42:10.0227 0x1d08  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\windows\System32\Drivers\usbaapl64.sys
12:42:10.0445 0x1d08  USBAAPL64 - ok
12:42:10.0477 0x1d08  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
12:42:10.0602 0x1d08  usbaudio - ok
12:42:10.0664 0x1d08  [ 621317D14B93CBFBD5694767EFB6B40A, 84D3F4AA2CAFA11DF5EAD178889ACCAA2FF50D48AFE9518F63FBB862928630FB ] usbccgp         C:\windows\System32\drivers\usbccgp.sys
12:42:10.0758 0x1d08  usbccgp - ok
12:42:10.0789 0x1d08  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\windows\System32\drivers\usbcir.sys
12:42:10.0930 0x1d08  usbcir - ok
12:42:10.0977 0x1d08  [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci         C:\windows\System32\drivers\usbehci.sys
12:42:11.0008 0x1d08  usbehci - ok
12:42:11.0055 0x1d08  [ E30B159760053C5A1297D2CD08046CD7, E45472CEEC31616DBE2B38C4FD9B90179ED7FF29041F21FB124334B4A53AE48C ] usbhub          C:\windows\System32\drivers\usbhub.sys
12:42:11.0133 0x1d08  usbhub - ok
12:42:11.0295 0x1d08  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\windows\System32\drivers\UsbHub3.sys
12:42:11.0404 0x1d08  USBHUB3 - ok
12:42:11.0436 0x1d08  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\windows\System32\drivers\usbohci.sys
12:42:11.0592 0x1d08  usbohci - ok
12:42:11.0608 0x1d08  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\windows\System32\drivers\usbprint.sys
12:42:11.0795 0x1d08  usbprint - ok
12:42:11.0858 0x1d08  [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR         C:\windows\System32\drivers\USBSTOR.SYS
12:42:11.0920 0x1d08  USBSTOR - ok
12:42:11.0936 0x1d08  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\windows\System32\drivers\usbuhci.sys
12:42:12.0061 0x1d08  usbuhci - ok
12:42:12.0108 0x1d08  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
12:42:12.0342 0x1d08  usbvideo - ok
12:42:12.0404 0x1d08  [ 3413BCA17155F82614A3F18518923475, A3C8FAB425CDC088CE9CC33A23B242291469C17848B8BE8DDEAC276905F7BAA4 ] USBXHCI         C:\windows\System32\drivers\USBXHCI.SYS
12:42:12.0467 0x1d08  USBXHCI - ok
12:42:12.0498 0x1d08  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\windows\system32\lsass.exe
12:42:12.0545 0x1d08  VaultSvc - ok
12:42:12.0561 0x1d08  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
12:42:12.0592 0x1d08  vdrvroot - ok
12:42:12.0733 0x1d08  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\windows\System32\vds.exe
12:42:12.0904 0x1d08  vds - ok
12:42:12.0951 0x1d08  [ F7579733F4E8FF9B534C3F7D38F25C2C, 449FED49F2178D2A8000549B180606D050751762F53E600C13CFBEC91601DE87 ] VeriFaceSrv     C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
12:42:13.0045 0x1d08  VeriFaceSrv - ok
12:42:13.0061 0x1d08  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\windows\system32\drivers\VerifierExt.sys
12:42:13.0108 0x1d08  VerifierExt - ok
12:42:13.0139 0x1d08  [ E4DA1D85CCCB610DFF0C0E116900E17F, 874EB88B9E2743654094F04AB04C254BBDFBCDECBB200514E73F696098B847F3 ] vflt            C:\windows\system32\DRIVERS\vfilter.sys
12:42:13.0217 0x1d08  vflt - detected UnsignedFile.Multi.Generic ( 1 )
12:42:13.0359 0x1d08  Detect skipped due to KSN trusted
12:42:13.0359 0x1d08  vflt - ok
12:42:13.0452 0x1d08  [ 8ABB4BABF59F092DF0B43778D8FD1884, 94C2100CE86448543A8DD586AD4A128AB9EB37959238D70F33EF59202270AC6C ] vhdmp           C:\windows\System32\drivers\vhdmp.sys
12:42:13.0546 0x1d08  vhdmp - ok
12:42:13.0562 0x1d08  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\windows\system32\drivers\viaide.sys
12:42:13.0593 0x1d08  viaide - ok
12:42:13.0609 0x1d08  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\windows\system32\drivers\vmbus.sys
12:42:13.0640 0x1d08  vmbus - ok
12:42:13.0671 0x1d08  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\windows\System32\drivers\VMBusHID.sys
12:42:13.0749 0x1d08  VMBusHID - ok
12:42:13.0796 0x1d08  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\windows\System32\ICSvc.dll
12:42:13.0890 0x1d08  vmicguestinterface - ok
12:42:13.0921 0x1d08  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\windows\System32\ICSvc.dll
12:42:13.0983 0x1d08  vmicheartbeat - ok
12:42:14.0046 0x1d08  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\windows\System32\ICSvc.dll
12:42:14.0109 0x1d08  vmickvpexchange - ok
12:42:14.0171 0x1d08  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\windows\System32\ICSvc.dll
12:42:14.0234 0x1d08  vmicrdv - ok
12:42:14.0282 0x1d08  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\windows\System32\ICSvc.dll
12:42:14.0345 0x1d08  vmicshutdown - ok
12:42:14.0392 0x1d08  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\windows\System32\ICSvc.dll
12:42:14.0454 0x1d08  vmictimesync - ok
12:42:14.0485 0x1d08  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\windows\System32\ICSvc.dll
12:42:14.0548 0x1d08  vmicvss - ok
12:42:14.0579 0x1d08  [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet            C:\windows\system32\DRIVERS\virtualnet.sys
12:42:14.0626 0x1d08  vnet - detected UnsignedFile.Multi.Generic ( 1 )
12:42:14.0829 0x1d08  Detect skipped due to KSN trusted
12:42:14.0829 0x1d08  vnet - ok
12:42:14.0860 0x1d08  [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr          C:\windows\system32\drivers\volmgr.sys
12:42:14.0892 0x1d08  volmgr - ok
12:42:14.0970 0x1d08  [ 7DD4EAE2E680948D9AFF3E1B5234C1D3, 7B893CEF2B72458F5C716C811A24E4A8856E12E2AC9F551606A64B59C9DCF272 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
12:42:15.0032 0x1d08  volmgrx - ok
12:42:15.0095 0x1d08  [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap         C:\windows\system32\drivers\volsnap.sys
12:42:15.0157 0x1d08  volsnap - ok
12:42:15.0173 0x1d08  [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci            C:\windows\System32\drivers\vpci.sys
12:42:15.0204 0x1d08  vpci - ok
12:42:15.0220 0x1d08  vpnva - ok
12:42:15.0251 0x1d08  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
12:42:15.0282 0x1d08  vsmraid - ok
12:42:15.0407 0x1d08  [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS             C:\windows\system32\vssvc.exe
12:42:15.0579 0x1d08  VSS - ok
12:42:15.0610 0x1d08  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\windows\system32\drivers\vstxraid.sys
12:42:15.0673 0x1d08  VSTXRAID - ok
12:42:15.0688 0x1d08  [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
12:42:15.0751 0x1d08  vwifibus - ok
12:42:15.0782 0x1d08  [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
12:42:15.0860 0x1d08  vwififlt - ok
12:42:15.0876 0x1d08  [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
12:42:15.0938 0x1d08  vwifimp - ok
12:42:16.0001 0x1d08  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\windows\system32\w32time.dll
12:42:16.0079 0x1d08  W32Time - ok
12:42:16.0110 0x1d08  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\windows\System32\drivers\wacompen.sys
12:42:16.0220 0x1d08  WacomPen - ok
12:42:16.0251 0x1d08  [ FCAFB80B6BB215E908EA1E9F598FEBCB, 9DCF4EE49AAD1E23F904FECDCEECDE3879D61B648DCF675CB5C3B52B779BC802 ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
12:42:16.0360 0x1d08  Wanarp - ok
12:42:16.0376 0x1d08  [ FCAFB80B6BB215E908EA1E9F598FEBCB, 9DCF4EE49AAD1E23F904FECDCEECDE3879D61B648DCF675CB5C3B52B779BC802 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
12:42:16.0407 0x1d08  Wanarpv6 - ok
12:42:16.0532 0x1d08  [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine        C:\windows\system32\wbengine.exe
12:42:16.0720 0x1d08  wbengine - ok
12:42:16.0782 0x1d08  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
12:42:16.0876 0x1d08  WbioSrvc - ok
12:42:16.0923 0x1d08  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\windows\System32\wcmsvc.dll
12:42:16.0985 0x1d08  Wcmsvc - ok
12:42:17.0032 0x1d08  [ A7F2B008F038EFFED5A847029852BC27, EC6C6DEC559AA0DD4307F87880939A84A4CFB13C73C92C444E9B53EBBDE80F79 ] wcncsvc         C:\windows\System32\wcncsvc.dll
12:42:17.0095 0x1d08  wcncsvc - ok
12:42:17.0110 0x1d08  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:42:17.0173 0x1d08  WcsPlugInService - ok
12:42:17.0220 0x1d08  [ F2E08D1C067FEFC3A42D21FD4810F1D3, A8AD114094D9AE3BC6F76940EF873FD21CCF130DE7F8712950F1962DCE25F1B3 ] WdBoot          C:\windows\system32\drivers\WdBoot.sys
12:42:17.0314 0x1d08  WdBoot - ok
12:42:17.0392 0x1d08  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
12:42:17.0470 0x1d08  Wdf01000 - ok
12:42:17.0517 0x1d08  [ E234820E6B84ABA5E84E00227F505AE8, 645B809B883D8F678F2535B575AA1D595F27EBFCE0A16433E9A54CC266BD74F2 ] WdFilter        C:\windows\system32\drivers\WdFilter.sys
12:42:17.0564 0x1d08  WdFilter - ok
12:42:17.0580 0x1d08  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\windows\system32\wdi.dll
12:42:17.0642 0x1d08  WdiServiceHost - ok
12:42:17.0658 0x1d08  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\windows\system32\wdi.dll
12:42:17.0705 0x1d08  WdiSystemHost - ok
12:42:17.0736 0x1d08  [ A74AD6D80AC26E1B5DD276FC927F2BAC, F73F090D46BB2AAA6A8D148C658B2EA8C07B16201BB800A9283F4017DC249809 ] WdNisDrv        C:\windows\system32\Drivers\WdNisDrv.sys
12:42:17.0767 0x1d08  WdNisDrv - ok
12:42:17.0783 0x1d08  WdNisSvc - ok
12:42:17.0830 0x1d08  [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient       C:\windows\System32\webclnt.dll
12:42:17.0923 0x1d08  WebClient - ok
12:42:17.0955 0x1d08  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\windows\system32\wecsvc.dll
12:42:18.0002 0x1d08  Wecsvc - ok
12:42:18.0048 0x1d08  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\windows\system32\wephostsvc.dll
12:42:18.0080 0x1d08  WEPHOSTSVC - ok
12:42:18.0127 0x1d08  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\windows\System32\wercplsupport.dll
12:42:18.0220 0x1d08  wercplsupport - ok
12:42:18.0236 0x1d08  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\windows\System32\WerSvc.dll
12:42:18.0298 0x1d08  WerSvc - ok
12:42:18.0330 0x1d08  [ B3E08E32BD082100928C6BA18AE5E526, 1D93EB34B5A6DE9CEF3A0F41C346E2172CA43A3EEDD9230CB24DB1AC6F1974DF ] WFPLWFS         C:\windows\system32\DRIVERS\wfplwfs.sys
12:42:18.0377 0x1d08  WFPLWFS - ok
12:42:18.0423 0x1d08  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\windows\System32\wiarpc.dll
12:42:18.0470 0x1d08  WiaRpc - ok
12:42:18.0502 0x1d08  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
12:42:18.0533 0x1d08  WIMMount - ok
12:42:18.0533 0x1d08  WinDefend - ok
12:42:18.0627 0x1d08  [ A083D80E73C2186C63A973971BD6E76D, 921BF84860F75FBDC841789B88E7C2835ADAB3DDCE7E7A7E61DE23D3376CAF96 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
12:42:18.0720 0x1d08  WinHttpAutoProxySvc - ok
12:42:18.0783 0x1d08  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
12:42:18.0845 0x1d08  Winmgmt - ok
12:42:19.0017 0x1d08  [ F81B96E455847919D2382098157DC20A, EDB286730D4F3D535F1F0B738DB39230B05B133FAFDD2F4904AD5B57C2705106 ] WinRM           C:\windows\system32\WsmSvc.dll
12:42:19.0315 0x1d08  WinRM - ok
12:42:19.0377 0x1d08  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb          C:\windows\System32\drivers\WinUsb.sys
12:42:19.0471 0x1d08  WinUsb - ok
12:42:19.0596 0x1d08  [ 2A4A54CB5198AEF84DF56560C679EDD9, 829BED307F9E57EEC38CEF91978034CC6846493AE33E51E76A1AC36EB5B1F197 ] WlanSvc         C:\windows\System32\wlansvc.dll
12:42:19.0737 0x1d08  WlanSvc - ok
12:42:19.0877 0x1d08  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\windows\system32\wlidsvc.dll
12:42:20.0033 0x1d08  wlidsvc - ok
12:42:20.0049 0x1d08  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\windows\System32\drivers\wmiacpi.sys
12:42:20.0127 0x1d08  WmiAcpi - ok
12:42:20.0174 0x1d08  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
12:42:20.0221 0x1d08  wmiApSrv - ok
12:42:20.0221 0x1d08  WMPNetworkSvc - ok
12:42:20.0268 0x1d08  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\windows\system32\drivers\Wof.sys
12:42:20.0299 0x1d08  Wof - ok
12:42:20.0424 0x1d08  [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc  C:\windows\system32\workfolderssvc.dll
12:42:20.0612 0x1d08  workfolderssvc - ok
12:42:20.0643 0x1d08  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\windows\system32\DRIVERS\wpcfltr.sys
12:42:20.0674 0x1d08  wpcfltr - ok
12:42:20.0690 0x1d08  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\windows\System32\wpcsvc.dll
12:42:20.0721 0x1d08  WPCSvc - ok
12:42:20.0752 0x1d08  [ 25BE82B325AC22FE563A58A1AC29F4C1, 4247BAA9A44C964446F81ED44F18B28F1F730F46851EC2B756BAC57FB9D86700 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
12:42:20.0815 0x1d08  WPDBusEnum - ok
12:42:20.0830 0x1d08  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\windows\system32\drivers\WpdUpFltr.sys
12:42:20.0862 0x1d08  WpdUpFltr - ok
12:42:20.0877 0x1d08  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
12:42:20.0955 0x1d08  ws2ifsl - ok
12:42:21.0002 0x1d08  [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc          C:\windows\System32\wscsvc.dll
12:42:21.0065 0x1d08  wscsvc - ok
12:42:21.0096 0x1d08  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\windows\System32\drivers\WSDPrint.sys
12:42:21.0221 0x1d08  WSDPrintDevice - ok
12:42:21.0221 0x1d08  WSearch - ok
12:42:21.0489 0x1d08  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\windows\System32\WSService.dll
12:42:21.0833 0x1d08  WSService - ok
12:42:21.0911 0x1d08  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
12:42:21.0942 0x1d08  wsvd - ok
12:42:22.0208 0x1d08  [ D9FFD9E4DECC180ECFD85C44B5459D7B, 863BB388B855407BFE45A71EB64EF683C72332C6B948888BD9953D644C044F85 ] wuauserv        C:\windows\system32\wuaueng.dll
12:42:22.0521 0x1d08  wuauserv - ok
12:42:22.0567 0x1d08  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
12:42:22.0677 0x1d08  WudfPf - ok
12:42:22.0708 0x1d08  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\windows\System32\drivers\WUDFRd.sys
12:42:22.0802 0x1d08  WUDFRd - ok
12:42:22.0817 0x1d08  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\windows\System32\drivers\WUDFRd.sys
12:42:22.0864 0x1d08  WUDFSensorLP - ok
12:42:22.0896 0x1d08  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
12:42:22.0958 0x1d08  wudfsvc - ok
12:42:22.0989 0x1d08  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\windows\System32\drivers\WUDFRd.sys
12:42:23.0021 0x1d08  WUDFWpdFs - ok
12:42:23.0052 0x1d08  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\windows\System32\drivers\WUDFRd.sys
12:42:23.0083 0x1d08  WUDFWpdMtp - ok
12:42:23.0146 0x1d08  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\windows\System32\wwansvc.dll
12:42:23.0224 0x1d08  WwanSvc - ok
12:42:23.0522 0x1d08  [ C4C5C3198C3261BEC89E6C3631047BAF, 78E5604B4B2A184B328C0669781DF11A35AFC04E7375CAB4DB9A48D74929137D ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
12:42:23.0787 0x1d08  ZeroConfigService - ok
12:42:23.0850 0x1d08  ================ Scan global ===============================
12:42:23.0928 0x1d08  [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\windows\system32\basesrv.dll
12:42:23.0959 0x1d08  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\windows\system32\winsrv.dll
12:42:24.0022 0x1d08  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\windows\system32\sxssrv.dll
12:42:24.0069 0x1d08  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\windows\system32\services.exe
12:42:24.0100 0x1d08  [ Global ] - ok
12:42:24.0100 0x1d08  ================ Scan MBR ==================================
12:42:24.0115 0x1d08  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:42:24.0225 0x1d08  \Device\Harddisk0\DR0 - ok
12:42:24.0225 0x1d08  ================ Scan VBR ==================================
12:42:24.0240 0x1d08  [ CA453601F24B049C37BA8795FDEBA621 ] \Device\Harddisk0\DR0\Partition1
12:42:24.0240 0x1d08  \Device\Harddisk0\DR0\Partition1 - ok
12:42:24.0256 0x1d08  [ 8AF4F363F1C83DD00058CD2E1AD00CBE ] \Device\Harddisk0\DR0\Partition2
12:42:24.0256 0x1d08  \Device\Harddisk0\DR0\Partition2 - ok
12:42:24.0272 0x1d08  [ E5A61A19C767E5F0A2A18CE69B55795C ] \Device\Harddisk0\DR0\Partition3
12:42:24.0272 0x1d08  \Device\Harddisk0\DR0\Partition3 - ok
12:42:24.0303 0x1d08  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
12:42:24.0303 0x1d08  \Device\Harddisk0\DR0\Partition4 - ok
12:42:24.0303 0x1d08  [ 514B22A6AD07FEB6AE53401E8C0DA0D7 ] \Device\Harddisk0\DR0\Partition5
12:42:24.0303 0x1d08  \Device\Harddisk0\DR0\Partition5 - ok
12:42:24.0334 0x1d08  [ CCC3538F40E49C0474E6EAF8BFE081EB ] \Device\Harddisk0\DR0\Partition6
12:42:24.0334 0x1d08  \Device\Harddisk0\DR0\Partition6 - ok
12:42:24.0350 0x1d08  [ 1E8422257506063D217A3F77AA614542 ] \Device\Harddisk0\DR0\Partition7
12:42:24.0365 0x1d08  \Device\Harddisk0\DR0\Partition7 - ok
12:42:24.0365 0x1d08  ================ Scan generic autorun ======================
12:42:24.0412 0x1d08  [ 0F0D72037DEA7CC6BDD78DBC26FCA7A3, FB8481906C61BA957D3FEF2E8D48606BCD86AFE6182BCD61C8D3C1A6629F994E ] C:\windows\system32\igfxtray.exe
12:42:24.0459 0x1d08  IgfxTray - ok
12:42:24.0537 0x1d08  [ CCEBA311C9791FDB7A9CBBE13C28D9CC, D39191D265AD196D4E8A0925157173A4AE488B79C969A839715DA53F00CB803F ] C:\windows\system32\igfxpers.exe
12:42:24.0600 0x1d08  Persistence - ok
12:42:25.0553 0x1d08  [ 66EB84DA5F31FDA757336444B8D1E3B2, FECAB747B321AD6ED2336C1FB2E756C39883275ED54A559CF7B6989DEA4DD7EB ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
12:42:26.0600 0x1d08  RtHDVCpl - ok
12:42:26.0756 0x1d08  [ D8AB6AC4A2D30641C9544021373B47EB, A0553AFB3B186D8EA28CF056139FA5AA150D6BD31E36E5EB9D5DD5940A90CA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
12:42:26.0865 0x1d08  RtHDVBg_Dolby - ok
12:42:27.0351 0x1d08  [ F7924502BDFBBD3AD2FAF913F159F0A2, 59217F1B6A3E7FB7BB4C806DB762282533C73A16845A3578DC93BCFA33867B5F ] C:\windows\RTFTrack.exe
12:42:27.0913 0x1d08  RtsFT - ok
12:42:29.0383 0x1d08  [ 64CA43FF218C71AB6EB709AD0341AF2B, 45C4FCCD9F5B12A54A6186F4C94CC55A80745B09A34D398C35FD48C9BF21E6A8 ] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
12:42:30.0414 0x1d08  Energy Manager - ok
12:42:30.0492 0x1d08  [ F0627CE818DA58BAE771DCD4669FA343, 070CE17C9DAC01CC5AE465DFA3FDD8A44ABF97AC8101ED238C96668027B6F10B ] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
12:42:30.0508 0x1d08  Lenovo Utility - ok
12:42:30.0601 0x1d08  [ 2F4FE254B5E7FC16A6C6545838EC2DE9, 7E3147B639E31B403C56DEA747B7104AFB3180A3B0803CC22D9E8A036CABBFC1 ] C:\Program Files\iTunes\iTunesHelper.exe
12:42:30.0633 0x1d08  iTunesHelper - ok
12:42:30.0633 0x1d08  WindowsDefender - ok
12:42:30.0789 0x1d08  [ 98A1C4637A509FE91A31791E99C55086, 7C1A7BF63B7B9538EFF031BFE1AE2A4B32E6BF45BACD0BB44B60726B52782871 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe
12:42:30.0914 0x1d08  PDFProHook - ok
12:42:31.0070 0x1d08  [ B199C0CDF11F7B27DF55FE32FF2BA7CA, 5F110B02BDAF96B92F6FD251D50DC4FC3F386ECB07CDAAFBE935BC7B8A714022 ] C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe
12:42:31.0195 0x1d08  PDFCreHook - ok
12:42:31.0226 0x1d08  [ FBB07C0E4D170B1015D0F7CA51809766, 1FD8B050EC07D7131F5EE7D9AF86E35E82398740352693CA984183B1B01D42B3 ] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe
12:42:31.0242 0x1d08  PDF7 Registry Controller - ok
12:42:31.0242 0x1d08  Nuance PDF Create 7-reminder - ok
12:42:31.0321 0x1d08  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
12:42:31.0336 0x1d08  HP Software Update - ok
12:42:31.0336 0x1d08  GarminExpressTrayApp - ok
12:42:31.0555 0x1d08  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
12:42:31.0742 0x1d08  HP Officejet Pro 8600 (NET) - ok
12:42:31.0758 0x1d08  Waiting for KSN requests completion. In queue: 8
12:42:32.0805 0x1d08  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.209.0 ), 0x61100 ( enabled : updated )
12:42:32.0805 0x1d08  Win FW state via NFP2: enabled ( trusted )
12:42:32.0946 0x1d08  ============================================================
12:42:32.0946 0x1d08  Scan finished
12:42:32.0946 0x1d08  ============================================================
12:42:32.0961 0x22d4  Detected object count: 0
12:42:32.0961 0x22d4  Actual detected object count: 0
         

Alt 06.08.2018, 12:59   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!




adwCleaner v7.x

Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Einstellungen, scrolle nach unten und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel löschen
    • Prefetch-Dateien löschen
    • Proxy wiederherstellen
    • IE-Policies wiederherstellen
    • Chrome-Policies wiederherstellen
    • Winsock wiederherstellen
  • Klicke nun auf Dashboard, dann auf Jetzt scannen und warte bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Bereinigen & Reparieren und bestätige mit Jetzt bereinigen.
  • WICHTIG:
    Sollte AdwCleaner nichts finden, klicke auf Grundlegende Reparatur ausführen und anschließend auf Jetzt bereinigen.
  • Nach dem Neustart öffnet sich AdwCleaner automatisch. Klicke auf Log-Datei ansehen.
  • Poste mir deren Inhalt der Log-Datei mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt. (xx = fortlaufende Nummer).
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.08.2018, 13:23   #15
Rolls
 
Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Standard

Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.



Und das Logfile des ADWCleaner:

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-25.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-06-2018
# Duration: 00:00:03
# OS:       Windows 8.1
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1238 octets] - [06/08/2018 13:16:26]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
         

Antwort

Themen zu Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.
adobe, antivir, browser, defender, desktop, explorer, geht nicht mehr, homepage, hängt, langsam, log, microsoft, mozilla, opera, pdf, prizemediayou, realtek, registry, router, scan, software, system, trojaner, updates, windows, wmp



Ähnliche Themen: Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.


  1. Weiterleitung von faz.net auf prizemediayou.com (Firefox)
    Mülltonne - 01.08.2018 (20)
  2. Win 10 Chrome Websiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 22.09.2016 (11)
  3. In Chrome werden Links umgeleitet, unseriöse Werbung erscheint
    Log-Analyse und Auswertung - 13.05.2015 (23)
  4. Google Suche in Chrome wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 22.10.2014 (23)
  5. Windows 7: Chrome: Webseiten werden auf Werbung umgeleitet und Pop-Ups
    Log-Analyse und Auswertung - 04.04.2014 (10)
  6. Startseiten im IE, Firefox und Chrome werden auf QV06 umgeleitet
    Log-Analyse und Auswertung - 02.10.2013 (9)
  7. Google-Suche wird umgeleitet
    Log-Analyse und Auswertung - 11.08.2013 (15)
  8. Onlinebanking wird umgeleitet
    Log-Analyse und Auswertung - 28.07.2013 (18)
  9. Domain wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (9)
  10. Google wird umgeleitet, Browser extrem langsam, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (7)
  11. Meine Domain wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (1)
  12. Pishing - Bankseite wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 31.08.2011 (17)
  13. Googlesuche wird woanders umgeleitet
    Log-Analyse und Auswertung - 20.02.2009 (0)
  14. url wird umgeleitet
    Log-Analyse und Auswertung - 20.11.2008 (0)
  15. Google wird umgeleitet
    Log-Analyse und Auswertung - 03.03.2006 (4)
  16. Mein Firefox wird als umgeleitet
    Log-Analyse und Auswertung - 09.11.2005 (4)
  17. IE wird umgeleitet- ( about blank)
    Log-Analyse und Auswertung - 06.01.2005 (2)

Zum Thema Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. - Trojaner eingefangen trotz aktuellem Avira. Auf populären News-Siten wird Chrome plötzlich umgeleitet auf https://prizemediayou.com. Zurück geht nicht mehr, man muss das Fenster schliessen. Rechner wird sehr sehr langsam, hängt teilweise - Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess....
Archiv
Du betrachtest: Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.