Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 31.01.2019, 00:26   #1
i-ren
 
Virus eingefangen - Standard

Virus eingefangen



Hallo,


bin ziemlicher Laie und sicher, mir irgendwas eingefangen zu haben.

Symptome:

Rechner läuft immer langsamer
Chrome erscheint manchmal vom Internet abgeschnitten (obwohl ich Verbindung habe)
Heute neu: Bei Neustart öffnen sich 2-3 cmd-Fenster, schließen von selbst#


Kann mir jemand helfen, meine FRST logs zu analysieren?

Vielen Dank!



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30.01.2019
Ran by Ai Ren (administrator) on DESKTOP-L4LOS3C (30-01-2019 18:09:05)
Running from C:\Users\Ai Ren\Downloads
Loaded Profiles: Ai Ren (Available Profiles: Ai Ren)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: Español (México)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BitTorrent Inc.) C:\Users\Ai Ren\AppData\Roaming\uTorrent\uTorrent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(BitTorrent Inc.) C:\Users\Ai Ren\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ai Ren\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2018-09-13] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-07] (AVAST Software)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-07] (AVAST Software)
HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\Run: [uTorrent] => C:\Users\Ai Ren\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-13] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2a98c20a-3c81-4049-89ba-f81513c743f4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1397950433-2231159717-305910240-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-1397950433-2231159717-305910240-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1397950433-2231159717-305910240-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1397950433-2231159717-305910240-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasafeweb&v=2_0&idate=2018-09-13&ent=ch_675&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1397950433-2231159717-305910240-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10440__181129&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2018-06-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 4uxgcavz.default
FF ProfilePath: C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default [2019-01-04]
FF Homepage: Mozilla\Firefox\Profiles\4uxgcavz.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__181129
FF NewTab: Mozilla\Firefox\Profiles\4uxgcavz.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__181129
FF Extension: (Avast SafePrice) - C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default\Extensions\sp@avast.com.xpi [2018-11-29]
FF Extension: (Avast Online Security) - C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default\Extensions\wrc@avast.com.xpi [2018-11-29]
FF Extension: (Telemetry coverage) - C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default\features\{27828ba4-03a2-4b03-a012-50b5f108d954}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-08] [Legacy]
FF SearchPlugin: C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default\searchplugins\securesearch.xml [2018-11-29]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR Profile: C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default [2019-01-30]
CHR Extension: (Presentaciones) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-13]
CHR Extension: (Documentos) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-13]
CHR Extension: (Google Drive) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-13]
CHR Extension: (Adobe Acrobat) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-19]
CHR Extension: (Panda Safe Web) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2018-09-19]
CHR Extension: (Panda Smart Shopping) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2018-09-19]
CHR Extension: (Hojas de cálculo) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-13]
CHR Extension: (Avast Online Security) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-11-29]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-13]
CHR Extension: (Gmail) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-08]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-07] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-01-07] (AVAST Software)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [246256 2016-11-22] (Visicom Media Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2018-09-13] (Realtek Semiconductor)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-21] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-09-13] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-09-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2017-11-16] (The OpenVPN Project)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [97672 2017-05-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-07] (AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-07] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [223056 2019-01-15] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-07] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-07] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-07] (AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-01-07] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239808 2019-01-07] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-07] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-01-19] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-07] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-07] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-07] (AVAST Software)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [954368 2018-09-13] (Realtek )
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [53864 2018-09-21] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46584 2018-09-13] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [340008 2018-09-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61992 2018-09-13] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [30392 2017-04-25] (HP)
U1 aswbdisk; no ImagePath
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-30 18:09 - 2019-01-30 18:10 - 000019131 _____ C:\Users\Ai Ren\Downloads\FRST.txt
2019-01-30 18:08 - 2019-01-30 18:09 - 000000000 ____D C:\FRST
2019-01-30 18:07 - 2019-01-30 18:08 - 002428928 _____ (Farbar) C:\Users\Ai Ren\Downloads\FRST64.exe
2019-01-30 18:05 - 2019-01-30 18:06 - 001725952 _____ (Farbar) C:\Users\Ai Ren\Downloads\FRST.exe
2019-01-30 17:50 - 2019-01-30 17:52 - 000000000 ____D C:\Users\Ai Ren\Desktop\HiJackThis
2019-01-30 17:40 - 2019-01-30 17:40 - 001546256 _____ (CHIP Digital GmbH) C:\Users\Ai Ren\Downloads\HijackThis - CHIP-Installer.exe
2019-01-30 16:44 - 2019-01-30 17:32 - 1466144964 _____ C:\Users\Ai Ren\Downloads\Suenos.de.Libertad.DVDrip.Xvid.Mp3.[AL].[www.SuBTorrents.com].avi
2019-01-30 16:44 - 2019-01-30 16:44 - 000014463 _____ C:\Users\Ai Ren\Downloads\suenos-de-libertad-1994-5-1-audio-latino-157275485b1f958e076475d454f4977a.torrent
2019-01-30 16:40 - 2019-01-30 17:41 - 000000000 ____D C:\Users\Ai Ren\Downloads\Forrest Gump (1994) [1080p]
2019-01-28 20:48 - 2019-01-28 20:48 - 000000000 ____D C:\Users\Ai Ren\Desktop\Aura
2019-01-28 18:00 - 2019-01-28 18:00 - 001585582 _____ C:\Users\Ai Ren\Downloads\Xilonen_26000_GringoChamp_druckreif.pdf
2019-01-28 18:00 - 2019-01-28 18:00 - 000359766 _____ C:\Users\Ai Ren\Downloads\5 Fragen an Aura Xilonen.pdf
2019-01-28 18:00 - 2019-01-28 18:00 - 000134953 _____ C:\Users\Ai Ren\Downloads\5 Fragen an die Übersetzerin Susanne Lange.pdf
2019-01-28 17:50 - 2019-01-28 17:53 - 139894908 _____ C:\Users\Ai Ren\Downloads\wetransfer-8469ea.zip
2019-01-23 19:26 - 2019-01-30 17:51 - 000000000 ____D C:\Users\Ai Ren\Desktop\Santa
2019-01-22 16:01 - 2019-01-22 16:03 - 057731028 _____ C:\Users\Ai Ren\Downloads\Sprachmemo 012.m4a
2019-01-22 15:58 - 2019-01-22 15:59 - 012048121 _____ C:\Users\Ai Ren\Downloads\Sprachmemo 013.m4a
2019-01-21 09:20 - 2019-01-30 17:36 - 000000000 ____D C:\Users\Ai Ren\AppData\LocalLow\uTorrent
2019-01-20 19:24 - 2018-09-19 22:12 - 001483576 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-01-19 20:42 - 2019-01-19 20:42 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\dvdcss
2019-01-17 15:34 - 2019-01-17 15:34 - 000071516 _____ C:\Users\Ai Ren\Downloads\190116 Rechnung Airen Mixology Filmriss (1).pdf
2019-01-17 14:59 - 2019-01-17 14:59 - 000114768 _____ C:\Users\Ai Ren\Downloads\La-historia-interminable-I-(ARCHIVO).torrent
2019-01-17 14:59 - 2019-01-17 14:59 - 000000000 ____D C:\Users\Ai Ren\Downloads\La Historia Interminable I
2019-01-17 14:57 - 2019-01-17 14:57 - 001142848 _____ C:\Users\Ai Ren\Downloads\La_historia_interminable_HDRip.torrent (1).zip
2019-01-17 14:46 - 2019-01-17 14:46 - 000020385 _____ C:\Users\Ai Ren\Downloads\1540908637-museo-camlatinowww.elitetorrent.biz_.torrent
2019-01-17 14:46 - 2019-01-17 14:46 - 000000000 ____D C:\Users\Ai Ren\Downloads\Museo [Cam][Latino][wWw.EliteTorrent.BiZ]
2019-01-16 17:56 - 2019-01-16 17:56 - 000077227 _____ C:\Users\Ai Ren\Downloads\190116 Rechnung Airen Mixology Filmriss.pdf
2019-01-16 13:41 - 2019-01-16 13:41 - 001149439 _____ C:\Users\Ai Ren\Downloads\La_historia_interminable_HDRip.torrent.zip
2019-01-16 13:40 - 2019-01-17 15:42 - 268417024 ____R C:\Users\Ai Ren\Downloads\La.Historia.Interminable.DVDR.[protos].ISO
2019-01-16 13:38 - 2019-01-16 13:38 - 000044166 _____ C:\Users\Ai Ren\Downloads\638b0f500763650ba2a010312c20ba9c-la-historia-interminable.torrent
2019-01-15 18:59 - 2019-01-15 18:59 - 000223056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-13 17:03 - 2019-01-14 12:04 - 000000000 ____D C:\Users\Ai Ren\Desktop\Erziehung
2019-01-12 07:54 - 2019-01-01 07:46 - 012710912 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-12 07:54 - 2019-01-01 07:20 - 011902976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-12 07:54 - 2019-01-01 01:14 - 001221432 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-01-12 07:54 - 2019-01-01 01:14 - 001029944 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-01-12 07:54 - 2019-01-01 01:14 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-01-12 07:54 - 2019-01-01 01:13 - 003292152 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-01-12 07:54 - 2019-01-01 01:13 - 001363536 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2019-01-12 07:54 - 2019-01-01 01:13 - 000709728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-01-12 07:54 - 2019-01-01 01:13 - 000170808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-12 07:54 - 2019-01-01 01:12 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-12 07:54 - 2019-01-01 01:12 - 007520104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-01-12 07:54 - 2019-01-01 01:12 - 002765344 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-12 07:54 - 2019-01-01 01:12 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-01-12 07:54 - 2019-01-01 01:12 - 002421288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-12 07:54 - 2019-01-01 01:12 - 000713272 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2019-01-12 07:54 - 2019-01-01 00:55 - 025856512 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-01-12 07:54 - 2019-01-01 00:50 - 022715392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-12 07:54 - 2019-01-01 00:50 - 004383744 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-01-12 07:54 - 2019-01-01 00:47 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-01-12 07:54 - 2019-01-01 00:46 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-01-12 07:54 - 2019-01-01 00:45 - 007573504 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-01-12 07:54 - 2019-01-01 00:45 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-01-12 07:54 - 2019-01-01 00:44 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2019-01-12 07:54 - 2019-01-01 00:44 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-12 07:54 - 2019-01-01 00:44 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-01-12 07:54 - 2019-01-01 00:43 - 001805312 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-12 07:54 - 2019-01-01 00:42 - 004939776 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-12 07:54 - 2019-01-01 00:42 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2019-01-12 07:54 - 2019-01-01 00:41 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-01-12 07:54 - 2019-01-01 00:41 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-01-12 07:54 - 2019-01-01 00:37 - 006571584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-12 07:54 - 2019-01-01 00:37 - 002478664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-01-12 07:54 - 2019-01-01 00:37 - 002253696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-12 07:54 - 2019-01-01 00:37 - 001989040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-01-12 07:54 - 2019-01-01 00:29 - 022016512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-01-12 07:54 - 2019-01-01 00:22 - 019405312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-12 07:54 - 2019-01-01 00:16 - 005775872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-01-12 07:54 - 2019-01-01 00:15 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2019-01-12 07:54 - 2019-01-01 00:15 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-01-12 07:54 - 2019-01-01 00:15 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-01-12 07:54 - 2019-01-01 00:14 - 004514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-12 07:54 - 2019-01-01 00:14 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-01-12 07:54 - 2019-01-01 00:13 - 001628160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-12 07:54 - 2019-01-01 00:13 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-01-12 07:53 - 2019-01-01 07:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-01-12 07:53 - 2019-01-01 07:47 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\windowslivelogin.dll
2019-01-12 07:53 - 2019-01-01 07:45 - 000714752 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2019-01-12 07:53 - 2019-01-01 07:45 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2019-01-12 07:53 - 2019-01-01 07:43 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-01-12 07:53 - 2019-01-01 07:20 - 000165888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowslivelogin.dll
2019-01-12 07:53 - 2019-01-01 07:18 - 000500736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2019-01-12 07:53 - 2019-01-01 07:17 - 000231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2019-01-12 07:53 - 2019-01-01 01:14 - 001063224 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-01-12 07:53 - 2019-01-01 01:14 - 000566568 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-01-12 07:53 - 2019-01-01 01:14 - 000076088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-01-12 07:53 - 2019-01-01 01:13 - 000436024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-12 07:53 - 2019-01-01 01:12 - 000268304 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-01-12 07:53 - 2019-01-01 01:12 - 000128824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-01-12 07:53 - 2019-01-01 01:12 - 000043536 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2019-01-12 07:53 - 2019-01-01 00:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\browserexport.exe
2019-01-12 07:53 - 2019-01-01 00:48 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-12 07:53 - 2019-01-01 00:48 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Print.Workflow.Source.dll
2019-01-12 07:53 - 2019-01-01 00:47 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-01-12 07:53 - 2019-01-01 00:46 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
2019-01-12 07:53 - 2019-01-01 00:46 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-01-12 07:53 - 2019-01-01 00:45 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-01-12 07:53 - 2019-01-01 00:44 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2019-01-12 07:53 - 2019-01-01 00:44 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-12 07:53 - 2019-01-01 00:42 - 002247680 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2019-01-12 07:53 - 2019-01-01 00:42 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2019-01-12 07:53 - 2019-01-01 00:41 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-12 07:53 - 2019-01-01 00:41 - 000895488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-12 07:53 - 2019-01-01 00:37 - 000880048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2019-01-12 07:53 - 2019-01-01 00:37 - 000581808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2019-01-12 07:53 - 2019-01-01 00:37 - 000381240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-12 07:53 - 2019-01-01 00:17 - 000153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-12 07:53 - 2019-01-01 00:16 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2019-01-12 07:53 - 2019-01-01 00:16 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2019-01-12 07:53 - 2019-01-01 00:15 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-01-12 07:53 - 2019-01-01 00:14 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-12 07:53 - 2019-01-01 00:13 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2019-01-12 07:53 - 2019-01-01 00:12 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2019-01-12 07:53 - 2019-01-01 00:12 - 000795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-12 07:53 - 2019-01-01 00:12 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-12 07:53 - 2019-01-01 00:12 - 000516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2019-01-12 07:53 - 2018-12-31 23:23 - 000001310 _____ C:\Windows\system32\tcbres.wim
2019-01-12 07:53 - 2018-12-18 22:49 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-01-08 13:59 - 2019-01-08 13:59 - 000001100 _____ C:\Users\Public\Desktop\SoulseekQt.lnk
2019-01-08 13:59 - 2019-01-08 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt
2019-01-07 13:34 - 2019-01-07 13:32 - 000320888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-07 13:34 - 2019-01-07 13:32 - 000196264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-07 13:34 - 2019-01-07 13:32 - 000058160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-07 13:34 - 2019-01-07 13:32 - 000037304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-07 13:33 - 2019-01-07 13:32 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-01-07 13:20 - 2019-01-07 13:20 - 000000000 ____D C:\Users\Ai Ren\Documents\VideoPad Projects
2019-01-07 13:15 - 2019-01-07 14:06 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2019-01-07 13:15 - 2019-01-07 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2019-01-07 13:14 - 2019-01-07 13:14 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\NCH Software
2019-01-07 13:14 - 2019-01-07 13:14 - 000000000 ____D C:\ProgramData\NCH Software
2019-01-07 13:13 - 2019-01-07 13:13 - 002705936 _____ (NCH Software) C:\Users\Ai Ren\Downloads\VideoPadVideoEditor.exe
2019-01-07 12:41 - 2019-01-07 12:41 - 007050026 _____ (Soulseek LLC ) C:\Users\Ai Ren\Downloads\SoulseekQt-2017-2-20 (1).exe
2019-01-04 08:58 - 2019-01-04 08:59 - 000000000 ____D C:\Users\Ai Ren\TuneFab Spotify Music Converter
2019-01-04 08:54 - 2019-01-04 08:54 - 020261520 _____ (TuneFab, Inc. ) C:\Users\Ai Ren\Downloads\spotify-music-converter.exe
2019-01-02 13:01 - 2019-01-30 17:51 - 000000000 ____D C:\Users\Ai Ren\AppData\Local\CrashDumps
2019-01-02 12:18 - 2019-01-03 13:27 - 2348745074 _____ C:\Users\Ai Ren\Downloads\Yoga Unveiled DivX.divx

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-30 18:10 - 2018-11-29 12:11 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\uTorrent
2019-01-30 18:10 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-30 18:04 - 2018-09-12 17:44 - 000000000 ____D C:\ProgramData\Packages
2019-01-30 18:04 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-30 18:04 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\AppReadiness
2019-01-30 17:37 - 2018-09-12 17:48 - 000853626 _____ C:\Windows\SysWOW64\rootpa.e2e
2019-01-30 17:34 - 2018-09-12 17:03 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-30 17:33 - 2018-09-12 17:23 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-01-30 17:33 - 2018-04-11 15:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-01-30 17:32 - 2018-12-22 18:46 - 000002856 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1397950433-2231159717-305910240-1001
2019-01-30 17:32 - 2018-11-29 12:19 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-01-30 17:32 - 2018-09-13 12:30 - 000003482 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-01-30 17:32 - 2018-09-13 12:09 - 000003484 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-30 17:32 - 2018-09-13 12:09 - 000003260 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-30 17:32 - 2018-09-12 17:25 - 000002146 _____ C:\Windows\System32\Tasks\StartCN
2019-01-30 17:32 - 2018-09-12 17:25 - 000000000 ____D C:\Users\Ai Ren
2019-01-30 16:31 - 2018-09-12 17:03 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-01-30 15:18 - 2018-11-29 12:18 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-01-30 00:10 - 2018-09-12 19:34 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\vlc
2019-01-29 23:56 - 2018-09-13 12:40 - 000000000 ____D C:\Program Files\Panda Security URL Filtering
2019-01-29 18:48 - 2018-09-12 17:30 - 000000000 ___RD C:\Users\Ai Ren\OneDrive
2019-01-29 18:48 - 2018-09-12 17:25 - 000002366 _____ C:\Users\Ai Ren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-29 12:52 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-01-26 19:16 - 2018-10-21 08:42 - 000000000 ____D C:\Users\Ai Ren\Desktop\Movie
2019-01-25 12:43 - 2018-09-18 19:14 - 000000000 ____D C:\Users\Ai Ren\Desktop\Misc
2019-01-25 09:55 - 2018-09-12 17:17 - 001673686 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-25 09:55 - 2018-04-12 10:18 - 000736008 _____ C:\Windows\system32\perfh00A.dat
2019-01-25 09:55 - 2018-04-12 10:18 - 000144308 _____ C:\Windows\system32\perfc00A.dat
2019-01-25 09:55 - 2018-04-11 17:36 - 000000000 ____D C:\Windows\INF
2019-01-23 13:06 - 2018-11-16 14:41 - 000000000 ____D C:\Program Files\rempl
2019-01-21 11:08 - 2018-09-13 18:13 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Schreiben
2019-01-20 19:37 - 2018-09-13 18:13 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Ebooks
2019-01-20 19:28 - 2018-04-11 17:30 - 000000000 ____D C:\Windows\CbsTemp
2019-01-19 13:02 - 2018-09-24 19:22 - 000000000 ____D C:\Users\Ai Ren\Desktop\Spiegel
2019-01-19 09:41 - 2018-11-29 12:17 - 000166792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-16 23:45 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\TextInput
2019-01-16 23:44 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\bcastdvr
2019-01-15 10:19 - 2018-09-13 12:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-14 11:00 - 2018-09-12 17:26 - 000000000 ____D C:\Users\Ai Ren\AppData\Local\Packages
2019-01-13 18:55 - 2018-09-13 18:13 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Gabriel
2019-01-13 18:54 - 2018-09-14 08:05 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Yoga
2019-01-13 18:52 - 2018-09-13 18:15 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Spirit
2019-01-13 14:38 - 2018-09-25 19:14 - 000000000 ____D C:\Users\Ai Ren\Desktop\Nueva carpeta
2019-01-12 07:47 - 2018-09-12 19:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-01-11 23:44 - 2018-09-13 12:38 - 000000000 ____D C:\Program Files (x86)\Panda Security
2019-01-11 23:44 - 2018-09-12 17:03 - 000416496 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-08 15:10 - 2018-09-12 18:03 - 000000000 ____D C:\Windows\system32\MRT
2019-01-08 15:05 - 2018-09-12 18:03 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-08 15:01 - 2018-04-11 17:38 - 000000167 _____ C:\Windows\win.ini
2019-01-08 13:59 - 2018-11-05 17:42 - 000000000 ____D C:\Program Files (x86)\SoulseekQt
2019-01-07 13:33 - 2018-11-29 12:17 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-07 13:33 - 2018-11-29 12:17 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-07 13:33 - 2018-11-29 12:17 - 000239808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-07 13:33 - 2018-11-29 12:17 - 000218056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-07 13:33 - 2018-11-29 12:17 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-07 13:33 - 2018-11-29 12:17 - 000111992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-07 13:33 - 2018-11-29 12:17 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-07 13:33 - 2018-11-29 12:17 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-07 13:33 - 2018-11-29 12:17 - 000015488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2019-01-07 13:33 - 2018-04-11 17:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-01-07 13:32 - 2018-11-29 12:17 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-07 13:32 - 2018-11-29 12:17 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-04 10:56 - 2018-09-13 12:17 - 000000000 ____D C:\ProgramData\Apple Computer
2019-01-04 10:43 - 2018-09-13 12:37 - 000000000 ____D C:\ProgramData\Panda Security
2019-01-04 10:40 - 2018-09-13 12:39 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\Panda Security
2019-01-03 13:30 - 2018-09-13 18:17 - 000000000 ____D C:\Users\Ai Ren\Desktop\Unter Elfen
2019-01-02 13:41 - 2018-04-11 17:41 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-02 13:41 - 2018-04-11 17:41 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2018-09-25 19:24 - 2018-09-25 19:30 - 000002437 _____ () C:\Users\Ai Ren\AppData\Roaming\vidiot.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-12 17:03

==================== End of FRST.txt ============================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by Ai Ren (30-01-2019 18:12:41)
Running from C:\Users\Ai Ren\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-09-12 23:15:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1397950433-2231159717-305910240-500 - Administrator - Disabled)
Ai Ren (S-1-5-21-1397950433-2231159717-305910240-1001 - Administrator - Enabled) => C:\Users\Ai Ren
DefaultAccount (S-1-5-21-1397950433-2231159717-305910240-503 - Limited - Disabled)
Invitado (S-1-5-21-1397950433-2231159717-305910240-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1397950433-2231159717-305910240-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
Apple Application Support (32 bits) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{71640766-157F-4DE8-B45F-69B76B0F5FCE}) (Version: 3.31.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{31CBAB2C-ED4B-403C-8933-192833FEB2C6}) (Version: 12.10.49.21 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{2EC9AB64-3ACA-460D-B309-0A7052B0C8C0}) (Version: 1.1.21.1 - HP)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - Deutsch (HKLM\...\{90150000-00BD-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 62.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 62.0 (x64 es-ES)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.3.6 - Panda Security)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.69 - REALTEK Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SoulseekQt Version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 7.00 - NCH Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-07] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-07] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-07] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-07] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07A6BB48-5FD0-4BBA-B7FA-ED1651E0974C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {0D235CCC-FDF6-423F-8B6D-8A31EEA94BBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {0D8D4254-00F1-4320-9A64-A301DA0E074F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2019-01-17] (HP Inc.)
Task: {23CA6A52-D869-4647-886E-A28C5322E767} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {317865A6-FDB6-4371-BE01-5D4B0F46763C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4E6F49F0-46BA-42A0-AA1C-997B1BC1B262} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-11-21] (HP Inc.)
Task: {5EADC56E-5790-4DB7-8979-093D4D1307E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {64F60534-A4A8-41B3-8EC6-641CDAD4DC9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {70F39B26-D31C-46D9-AD3C-95F53F3DDDE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {7976FA17-682E-4506-8111-1BE403154BDE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8092DD21-85E6-40A2-97A3-4D111CC4DEBC} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {8AC5DAB6-8A79-40FC-9D67-1D0EF3297800} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-07] (AVAST Software)
Task: {9C9F6791-7AD4-47DF-B4A1-C8DA5666E713} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {9E434953-9B5F-44D2-9E82-E971E7F1B1D3} - no filepath
Task: {BEEE6F26-28AA-4554-8106-A66CD52856D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-16] (AVAST Software)
Task: {C87AA8D4-E313-46B8-8E9D-5AC33A3FF841} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2019-01-17] (HP Inc.)
Task: {DA1F92F7-96B2-45B1-BA04-F06BD5D881EA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {E17244E0-B741-430A-B4AD-F2AD6221478E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {FBD4B5DB-E402-42E9-9615-005984AE5E06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-16 14:19 - 2018-03-16 14:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 14:19 - 2018-03-16 14:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-13 11:37 - 2018-11-08 20:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-12 07:54 - 2019-01-01 00:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-07 13:33 - 2019-01-07 13:33 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-07 13:32 - 2019-01-07 13:32 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 01:59 - 2016-09-14 01:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 01:59 - 2016-09-14 01:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-12-13 12:34 - 2018-12-11 23:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-13 12:34 - 2018-12-11 23:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-10-03 20:42 - 2018-10-03 20:43 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-30 17:56 - 2019-01-30 17:57 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 17:38 - 2019-01-10 22:16 - 000000845 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1397950433-2231159717-305910240-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ai Ren\Desktop\Misc\Wallpapers\209102.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D64CED02-A484-4D82-B3C9-F661D7BA01CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{586AE64D-49CF-4C54-8421-F6BC2E0A61EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{88AC7048-C079-4A63-9E2F-F46896921AF5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{0F53EBE2-A358-47E1-8DE9-9718DB239F3F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{38EF11F2-3CD7-4A89-921C-022A662BCD68}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{388280CE-3E3C-493E-B8DB-A3D58E9D5D55}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{C10AA53A-C9BA-4F0A-8C4C-F2738DC2A7E0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
FirewallRules: [{B5BBC23E-9BFD-404C-8615-3DF888428D92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{2A1AA347-6C3D-410F-B3E5-3EEBF17B7890}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{7EBCF8AB-752D-49D4-8F4E-86F073FB10BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{082DEECF-A6C1-41C6-AB1C-CB3EA82F115F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{0CF78A6C-D792-4FC5-AF7E-DD8EC7824532}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File
FirewallRules: [{BEACC639-ECC0-438A-8816-CB88A24FF6AE}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File
FirewallRules: [{00ECCF8C-7B26-4B7B-A231-82ECADDDA5A8}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File
FirewallRules: [{A6C0675E-2394-48E1-BDC3-7E4ABEA4C2D2}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File
FirewallRules: [TCP Query User{D6287A11-39D1-488E-9701-D5E40A73E8B0}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe ()
FirewallRules: [UDP Query User{CA6FF611-EC16-4521-A288-3F43A4F13805}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe ()
FirewallRules: [{8E4C19C9-2A7A-4E1E-9470-8A6FD3FEEE03}] => (Allow) C:\Users\Ai Ren\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{2D3A7E33-AE51-49EC-9AB3-9FF747757AA2}] => (Allow) C:\Users\Ai Ren\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [TCP Query User{9BC3B355-6997-4778-A7BC-8BA22437D461}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN)
FirewallRules: [UDP Query User{9684E459-2AA4-4B6B-8660-B3BCFADC0DFA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN)
FirewallRules: [{F39FAEF1-D936-4A58-9898-94D946B4EE4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{34F5581D-E09C-4DF0-B03F-5E355916BD4E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{6D686BCA-8C83-4EC0-9FF4-0AA0B5B9A4B4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)

==================== Restore Points =========================

12-01-2019 07:40:27 Windows Update
15-01-2019 19:04:04 Windows Update
20-01-2019 19:24:54 Windows Update
20-01-2019 19:26:35 Windows Update
28-01-2019 21:19:59 Punto de control programado

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2019 05:50:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: HiJackThis_v2.8.0.4.exe, versión: 2.8.0.4, marca de tiempo: 0x5a78ace1
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.471, marca de tiempo: 0xfe852bc4
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00043f31
Identificador del proceso con errores: 0x28a0
Hora de inicio de la aplicación con errores: 0x01d4b8f662f4e84f
Ruta de acceso de la aplicación con errores: C:\Users\Ai Ren\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\7b4e384f5b096b9656fee276ba88bb81\HiJackThis_v2.8.0.4.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Identificador del informe: 422584f4-e142-473d-b2b1-3c9fdfdfe121
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:

Error: (01/30/2019 05:32:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa MicrosoftEdgeCP.exe, versión 11.0.17134.523, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 2d8

Hora de inicio: 01d4b8f3ec1186eb

Hora de finalización: 0

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Identificador de informe: 0e155bd6-df11-42d2-863f-d319f8f510be

Nombre completo de paquete con errores: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe

Identificador de aplicación relativa del paquete con errores: ContentProcess

Error: (01/30/2019 04:31:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1161422

Error: (01/30/2019 04:31:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1161422

Error: (01/30/2019 04:31:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/30/2019 04:12:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1734

Error: (01/30/2019 04:12:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1734

Error: (01/30/2019 04:12:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/30/2019 05:54:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L4LOS3C)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
y APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
al usuario DESKTOP-L4LOS3C\Ai Ren con SID (S-1-5-21-1397950433-2231159717-305910240-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/30/2019 05:44:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Agente de supervisión en tiempo de ejecución de Protección del sistema no respondió después de iniciar.

Error: (01/30/2019 05:42:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Administrador de mapas descargado no respondió después de iniciar.

Error: (01/30/2019 05:41:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
y APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/30/2019 05:40:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio HP Support Solutions Framework Service no respondió después de iniciar.

Error: (01/30/2019 05:38:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Optimización de entrega no respondió después de iniciar.

Error: (01/30/2019 05:35:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L4LOS3C)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
y APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
al usuario DESKTOP-L4LOS3C\Ai Ren con SID (S-1-5-21-1397950433-2231159717-305910240-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/30/2019 05:32:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de usuario de notificaciones de inserción de Windows_4a57f terminó inesperadamente. Esto se ha repetido 3 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.


Windows Defender:
===================================
Date: 2019-01-11 23:48:11.980
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.275.1129.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual:
Versión de motor anterior: 1.1.15200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-01-11 23:48:11.980
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.275.1129.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual:
Versión de motor anterior: 1.1.15200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-01-11 23:48:11.979
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.275.1129.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual:
Versión de motor anterior: 1.1.15200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-01-11 23:48:11.962
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.275.1129.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual:
Versión de motor anterior: 1.1.15200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-01-11 23:48:11.961
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.275.1129.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual:
Versión de motor anterior: 1.1.15200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección

CodeIntegrity:
===================================

Date: 2019-01-30 18:04:45.122
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-30 18:04:45.111
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-30 18:04:30.815
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-30 18:04:30.810
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-30 18:04:28.979
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-30 18:04:28.976
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-30 18:01:51.155
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-30 18:01:51.151
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 67%
Total physical RAM: 3551.03 MB
Available physical RAM: 1163.63 MB
Total Virtual: 7263.03 MB
Available Virtual: 4619.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.16 GB) (Free:349.89 GB) NTFS

\\?\Volume{003d6b10-ffa6-4795-b309-27528671b725}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{a2302373-f448-4c21-97ab-56c108794233}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 045B4842)

Partition: GPT.

==================== End of Addition.txt ============================

Alt 31.01.2019, 00:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus eingefangen - Standard

Virus eingefangen



Zitat:
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics
Du hast den Schrott-CPU "Virus"

Nichts gegen AMD, aber diese CPU ist einfach totaler Müll siehe https://www.cpubenchmark.net/cpu.php...MD+A6-7310+APU

Average CPU Mark 2663
Single Thread Rating 901


Auf dieser Hardware kann noch nie etwas richtig schnell gelaufen sein v.a. Windows nicht.

Versuch erstmal das hier:

1. den schrottigen Virenscanner avast komplett deinstallieren und nur noch Windows Defender verwenden, sollte automatisch aktiviert werden wenn avast deinstalliert wurde

2. Google Chrome durch Mozilla Firefox ersetzen
__________________

__________________

Antwort

Themen zu Virus eingefangen
adobe, adware, antivirus, bonjour, browser, defender, frage, frst log, google, hijack, home, homepage, internet, malware, mozilla, realtek, registry, security, services.exe, software, svchost.exe, system, udp, updates, virus, windows



Ähnliche Themen: Virus eingefangen


  1. virus eingefangen
    Log-Analyse und Auswertung - 12.10.2014 (1)
  2. Virus eingefangen
    Log-Analyse und Auswertung - 26.02.2014 (3)
  3. Virus eingefangen ?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (1)
  4. Virus eingefangen..
    Plagegeister aller Art und deren Bekämpfung - 07.02.2013 (1)
  5. Virus eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (3)
  6. AKM-Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (4)
  7. AKM-Virus eingefangen
    Mülltonne - 25.09.2012 (1)
  8. BKA-Virus 1.13 eingefangen!
    Log-Analyse und Auswertung - 03.09.2012 (3)
  9. GVU Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (5)
  10. 50 € Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (29)
  11. BKA-Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2012 (33)
  12. ICQ Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (4)
  13. Virus eingefangen
    Log-Analyse und Auswertung - 12.12.2008 (4)
  14. Virus eingefangen - Virus.Win32.AutoRun.ah
    Plagegeister aller Art und deren Bekämpfung - 01.08.2007 (14)
  15. Virus eingefangen?
    Log-Analyse und Auswertung - 07.11.2006 (1)
  16. Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.09.2006 (11)
  17. Virus eingefangen
    Log-Analyse und Auswertung - 20.05.2006 (10)

Zum Thema Virus eingefangen - Hallo, bin ziemlicher Laie und sicher, mir irgendwas eingefangen zu haben. Symptome: Rechner läuft immer langsamer Chrome erscheint manchmal vom Internet abgeschnitten (obwohl ich Verbindung habe) Heute neu: Bei Neustart - Virus eingefangen...
Archiv
Du betrachtest: Virus eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.