|  | 
| 
 | |||||||
| Log-Analyse und Auswertung: Virus eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. | 
|  | 
|  | 
|  31.01.2019, 01:26 | #1 | 
|  |   Virus eingefangen Hallo, bin ziemlicher Laie und sicher, mir irgendwas eingefangen zu haben. Symptome: Rechner läuft immer langsamer Chrome erscheint manchmal vom Internet abgeschnitten (obwohl ich Verbindung habe) Heute neu: Bei Neustart öffnen sich 2-3 cmd-Fenster, schließen von selbst# Kann mir jemand helfen, meine FRST logs zu analysieren? Vielen Dank! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30.01.2019 Ran by Ai Ren (administrator) on DESKTOP-L4LOS3C (30-01-2019 18:09:05) Running from C:\Users\Ai Ren\Downloads Loaded Profiles: Ai Ren (Available Profiles: Ai Ren) Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: Español (México) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (BitTorrent Inc.) C:\Users\Ai Ren\AppData\Roaming\uTorrent\uTorrent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe (BitTorrent Inc.) C:\Users\Ai Ren\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe (BitTorrent Inc.) C:\Users\Ai Ren\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2018-09-13] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-07] (AVAST Software) HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-07] (AVAST Software) HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\Run: [uTorrent] => C:\Users\Ai Ren\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-21] (BitTorrent Inc.) HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-13] (Google Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2a98c20a-3c81-4049-89ba-f81513c743f4}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-1397950433-2231159717-305910240-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP SearchScopes: HKU\S-1-5-21-1397950433-2231159717-305910240-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15 SearchScopes: HKU\S-1-5-21-1397950433-2231159717-305910240-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15 SearchScopes: HKU\S-1-5-21-1397950433-2231159717-305910240-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasafeweb&v=2_0&idate=2018-09-13&ent=ch_675&q={searchTerms} SearchScopes: HKU\S-1-5-21-1397950433-2231159717-305910240-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10440__181129&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2018-06-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 4uxgcavz.default FF ProfilePath: C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default [2019-01-04] FF Homepage: Mozilla\Firefox\Profiles\4uxgcavz.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__181129 FF NewTab: Mozilla\Firefox\Profiles\4uxgcavz.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__181129 FF Extension: (Avast SafePrice) - C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default\Extensions\sp@avast.com.xpi [2018-11-29] FF Extension: (Avast Online Security) - C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default\Extensions\wrc@avast.com.xpi [2018-11-29] FF Extension: (Telemetry coverage) - C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default\features\{27828ba4-03a2-4b03-a012-50b5f108d954}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-08] [Legacy] FF SearchPlugin: C:\Users\Ai Ren\AppData\Roaming\Mozilla\Firefox\Profiles\4uxgcavz.default\searchplugins\securesearch.xml [2018-11-29] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms} CHR DefaultSearchKeyword: Default -> safeWeb CHR Profile: C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default [2019-01-30] CHR Extension: (Presentaciones) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-13] CHR Extension: (Documentos) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-13] CHR Extension: (Google Drive) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18] CHR Extension: (YouTube) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-13] CHR Extension: (Adobe Acrobat) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-19] CHR Extension: (Panda Safe Web) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2018-09-19] CHR Extension: (Panda Smart Shopping) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2018-09-19] CHR Extension: (Hojas de cálculo) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-13] CHR Extension: (Documentos de Google sin conexión) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-13] CHR Extension: (Avast Online Security) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-11-29] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-13] CHR Extension: (Gmail) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-13] CHR Extension: (Chrome Media Router) - C:\Users\Ai Ren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-08] CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-07] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-07] (AVAST Software) S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-01-07] (AVAST Software) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.) R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [246256 2016-11-22] (Visicom Media Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2018-09-13] (Realtek Semiconductor) S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-21] (Synaptics Incorporated) R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-09-13] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-09-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2017-11-16] (The OpenVPN Project) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. ) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [97672 2017-05-16] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. ) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-07] (AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-07] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [223056 2019-01-15] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-07] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-07] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-07] (AVAST Software) R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-01-07] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239808 2019-01-07] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-07] (AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-07] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-01-19] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-07] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-07] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-07] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-07] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-07] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-07] (AVAST Software) R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [954368 2018-09-13] (Realtek ) R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [53864 2018-09-21] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46584 2018-09-13] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [340008 2018-09-13] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61992 2018-09-13] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [30392 2017-04-25] (HP) U1 aswbdisk; no ImagePath S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-30 18:09 - 2019-01-30 18:10 - 000019131 _____ C:\Users\Ai Ren\Downloads\FRST.txt 2019-01-30 18:08 - 2019-01-30 18:09 - 000000000 ____D C:\FRST 2019-01-30 18:07 - 2019-01-30 18:08 - 002428928 _____ (Farbar) C:\Users\Ai Ren\Downloads\FRST64.exe 2019-01-30 18:05 - 2019-01-30 18:06 - 001725952 _____ (Farbar) C:\Users\Ai Ren\Downloads\FRST.exe 2019-01-30 17:50 - 2019-01-30 17:52 - 000000000 ____D C:\Users\Ai Ren\Desktop\HiJackThis 2019-01-30 17:40 - 2019-01-30 17:40 - 001546256 _____ (CHIP Digital GmbH) C:\Users\Ai Ren\Downloads\HijackThis - CHIP-Installer.exe 2019-01-30 16:44 - 2019-01-30 17:32 - 1466144964 _____ C:\Users\Ai Ren\Downloads\Suenos.de.Libertad.DVDrip.Xvid.Mp3.[AL].[www.SuBTorrents.com].avi 2019-01-30 16:44 - 2019-01-30 16:44 - 000014463 _____ C:\Users\Ai Ren\Downloads\suenos-de-libertad-1994-5-1-audio-latino-157275485b1f958e076475d454f4977a.torrent 2019-01-30 16:40 - 2019-01-30 17:41 - 000000000 ____D C:\Users\Ai Ren\Downloads\Forrest Gump (1994) [1080p] 2019-01-28 20:48 - 2019-01-28 20:48 - 000000000 ____D C:\Users\Ai Ren\Desktop\Aura 2019-01-28 18:00 - 2019-01-28 18:00 - 001585582 _____ C:\Users\Ai Ren\Downloads\Xilonen_26000_GringoChamp_druckreif.pdf 2019-01-28 18:00 - 2019-01-28 18:00 - 000359766 _____ C:\Users\Ai Ren\Downloads\5 Fragen an Aura Xilonen.pdf 2019-01-28 18:00 - 2019-01-28 18:00 - 000134953 _____ C:\Users\Ai Ren\Downloads\5 Fragen an die Übersetzerin Susanne Lange.pdf 2019-01-28 17:50 - 2019-01-28 17:53 - 139894908 _____ C:\Users\Ai Ren\Downloads\wetransfer-8469ea.zip 2019-01-23 19:26 - 2019-01-30 17:51 - 000000000 ____D C:\Users\Ai Ren\Desktop\Santa 2019-01-22 16:01 - 2019-01-22 16:03 - 057731028 _____ C:\Users\Ai Ren\Downloads\Sprachmemo 012.m4a 2019-01-22 15:58 - 2019-01-22 15:59 - 012048121 _____ C:\Users\Ai Ren\Downloads\Sprachmemo 013.m4a 2019-01-21 09:20 - 2019-01-30 17:36 - 000000000 ____D C:\Users\Ai Ren\AppData\LocalLow\uTorrent 2019-01-20 19:24 - 2018-09-19 22:12 - 001483576 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2019-01-19 20:42 - 2019-01-19 20:42 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\dvdcss 2019-01-17 15:34 - 2019-01-17 15:34 - 000071516 _____ C:\Users\Ai Ren\Downloads\190116 Rechnung Airen Mixology Filmriss (1).pdf 2019-01-17 14:59 - 2019-01-17 14:59 - 000114768 _____ C:\Users\Ai Ren\Downloads\La-historia-interminable-I-(ARCHIVO).torrent 2019-01-17 14:59 - 2019-01-17 14:59 - 000000000 ____D C:\Users\Ai Ren\Downloads\La Historia Interminable I 2019-01-17 14:57 - 2019-01-17 14:57 - 001142848 _____ C:\Users\Ai Ren\Downloads\La_historia_interminable_HDRip.torrent (1).zip 2019-01-17 14:46 - 2019-01-17 14:46 - 000020385 _____ C:\Users\Ai Ren\Downloads\1540908637-museo-camlatinowww.elitetorrent.biz_.torrent 2019-01-17 14:46 - 2019-01-17 14:46 - 000000000 ____D C:\Users\Ai Ren\Downloads\Museo [Cam][Latino][wWw.EliteTorrent.BiZ] 2019-01-16 17:56 - 2019-01-16 17:56 - 000077227 _____ C:\Users\Ai Ren\Downloads\190116 Rechnung Airen Mixology Filmriss.pdf 2019-01-16 13:41 - 2019-01-16 13:41 - 001149439 _____ C:\Users\Ai Ren\Downloads\La_historia_interminable_HDRip.torrent.zip 2019-01-16 13:40 - 2019-01-17 15:42 - 268417024 ____R C:\Users\Ai Ren\Downloads\La.Historia.Interminable.DVDR.[protos].ISO 2019-01-16 13:38 - 2019-01-16 13:38 - 000044166 _____ C:\Users\Ai Ren\Downloads\638b0f500763650ba2a010312c20ba9c-la-historia-interminable.torrent 2019-01-15 18:59 - 2019-01-15 18:59 - 000223056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2019-01-13 17:03 - 2019-01-14 12:04 - 000000000 ____D C:\Users\Ai Ren\Desktop\Erziehung 2019-01-12 07:54 - 2019-01-01 07:46 - 012710912 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2019-01-12 07:54 - 2019-01-01 07:20 - 011902976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2019-01-12 07:54 - 2019-01-01 01:14 - 001221432 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2019-01-12 07:54 - 2019-01-01 01:14 - 001029944 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2019-01-12 07:54 - 2019-01-01 01:14 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll 2019-01-12 07:54 - 2019-01-01 01:13 - 003292152 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2019-01-12 07:54 - 2019-01-01 01:13 - 001363536 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll 2019-01-12 07:54 - 2019-01-01 01:13 - 000709728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2019-01-12 07:54 - 2019-01-01 01:13 - 000170808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2019-01-12 07:54 - 2019-01-01 01:12 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2019-01-12 07:54 - 2019-01-01 01:12 - 007520104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll 2019-01-12 07:54 - 2019-01-01 01:12 - 002765344 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2019-01-12 07:54 - 2019-01-01 01:12 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2019-01-12 07:54 - 2019-01-01 01:12 - 002421288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2019-01-12 07:54 - 2019-01-01 01:12 - 000713272 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll 2019-01-12 07:54 - 2019-01-01 00:55 - 025856512 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2019-01-12 07:54 - 2019-01-01 00:50 - 022715392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2019-01-12 07:54 - 2019-01-01 00:50 - 004383744 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll 2019-01-12 07:54 - 2019-01-01 00:47 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll 2019-01-12 07:54 - 2019-01-01 00:46 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll 2019-01-12 07:54 - 2019-01-01 00:45 - 007573504 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2019-01-12 07:54 - 2019-01-01 00:45 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll 2019-01-12 07:54 - 2019-01-01 00:44 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll 2019-01-12 07:54 - 2019-01-01 00:44 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2019-01-12 07:54 - 2019-01-01 00:44 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll 2019-01-12 07:54 - 2019-01-01 00:43 - 001805312 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2019-01-12 07:54 - 2019-01-01 00:42 - 004939776 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2019-01-12 07:54 - 2019-01-01 00:42 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll 2019-01-12 07:54 - 2019-01-01 00:41 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2019-01-12 07:54 - 2019-01-01 00:41 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll 2019-01-12 07:54 - 2019-01-01 00:37 - 006571584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-01-12 07:54 - 2019-01-01 00:37 - 002478664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2019-01-12 07:54 - 2019-01-01 00:37 - 002253696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2019-01-12 07:54 - 2019-01-01 00:37 - 001989040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2019-01-12 07:54 - 2019-01-01 00:29 - 022016512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2019-01-12 07:54 - 2019-01-01 00:22 - 019405312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2019-01-12 07:54 - 2019-01-01 00:16 - 005775872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2019-01-12 07:54 - 2019-01-01 00:15 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2019-01-12 07:54 - 2019-01-01 00:15 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll 2019-01-12 07:54 - 2019-01-01 00:15 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll 2019-01-12 07:54 - 2019-01-01 00:14 - 004514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2019-01-12 07:54 - 2019-01-01 00:14 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll 2019-01-12 07:54 - 2019-01-01 00:13 - 001628160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2019-01-12 07:54 - 2019-01-01 00:13 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll 2019-01-12 07:53 - 2019-01-01 07:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll 2019-01-12 07:53 - 2019-01-01 07:47 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\windowslivelogin.dll 2019-01-12 07:53 - 2019-01-01 07:45 - 000714752 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll 2019-01-12 07:53 - 2019-01-01 07:45 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll 2019-01-12 07:53 - 2019-01-01 07:43 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll 2019-01-12 07:53 - 2019-01-01 07:20 - 000165888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowslivelogin.dll 2019-01-12 07:53 - 2019-01-01 07:18 - 000500736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll 2019-01-12 07:53 - 2019-01-01 07:17 - 000231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll 2019-01-12 07:53 - 2019-01-01 01:14 - 001063224 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi 2019-01-12 07:53 - 2019-01-01 01:14 - 000566568 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe 2019-01-12 07:53 - 2019-01-01 01:14 - 000076088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys 2019-01-12 07:53 - 2019-01-01 01:13 - 000436024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2019-01-12 07:53 - 2019-01-01 01:12 - 000268304 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll 2019-01-12 07:53 - 2019-01-01 01:12 - 000128824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2019-01-12 07:53 - 2019-01-01 01:12 - 000043536 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe 2019-01-12 07:53 - 2019-01-01 00:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\browserexport.exe 2019-01-12 07:53 - 2019-01-01 00:48 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys 2019-01-12 07:53 - 2019-01-01 00:48 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Print.Workflow.Source.dll 2019-01-12 07:53 - 2019-01-01 00:47 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2019-01-12 07:53 - 2019-01-01 00:46 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll 2019-01-12 07:53 - 2019-01-01 00:46 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll 2019-01-12 07:53 - 2019-01-01 00:45 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll 2019-01-12 07:53 - 2019-01-01 00:44 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll 2019-01-12 07:53 - 2019-01-01 00:44 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll 2019-01-12 07:53 - 2019-01-01 00:42 - 002247680 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll 2019-01-12 07:53 - 2019-01-01 00:42 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2019-01-12 07:53 - 2019-01-01 00:41 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2019-01-12 07:53 - 2019-01-01 00:41 - 000895488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll 2019-01-12 07:53 - 2019-01-01 00:37 - 000880048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll 2019-01-12 07:53 - 2019-01-01 00:37 - 000581808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll 2019-01-12 07:53 - 2019-01-01 00:37 - 000381240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2019-01-12 07:53 - 2019-01-01 00:17 - 000153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll 2019-01-12 07:53 - 2019-01-01 00:16 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll 2019-01-12 07:53 - 2019-01-01 00:16 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll 2019-01-12 07:53 - 2019-01-01 00:15 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll 2019-01-12 07:53 - 2019-01-01 00:14 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll 2019-01-12 07:53 - 2019-01-01 00:13 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll 2019-01-12 07:53 - 2019-01-01 00:12 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2019-01-12 07:53 - 2019-01-01 00:12 - 000795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll 2019-01-12 07:53 - 2019-01-01 00:12 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2019-01-12 07:53 - 2019-01-01 00:12 - 000516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll 2019-01-12 07:53 - 2018-12-31 23:23 - 000001310 _____ C:\Windows\system32\tcbres.wim 2019-01-12 07:53 - 2018-12-18 22:49 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2019-01-08 13:59 - 2019-01-08 13:59 - 000001100 _____ C:\Users\Public\Desktop\SoulseekQt.lnk 2019-01-08 13:59 - 2019-01-08 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt 2019-01-07 13:34 - 2019-01-07 13:32 - 000320888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys 2019-01-07 13:34 - 2019-01-07 13:32 - 000196264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2019-01-07 13:34 - 2019-01-07 13:32 - 000058160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2019-01-07 13:34 - 2019-01-07 13:32 - 000037304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2019-01-07 13:33 - 2019-01-07 13:32 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2019-01-07 13:20 - 2019-01-07 13:20 - 000000000 ____D C:\Users\Ai Ren\Documents\VideoPad Projects 2019-01-07 13:15 - 2019-01-07 14:06 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software 2019-01-07 13:15 - 2019-01-07 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2019-01-07 13:14 - 2019-01-07 13:14 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\NCH Software 2019-01-07 13:14 - 2019-01-07 13:14 - 000000000 ____D C:\ProgramData\NCH Software 2019-01-07 13:13 - 2019-01-07 13:13 - 002705936 _____ (NCH Software) C:\Users\Ai Ren\Downloads\VideoPadVideoEditor.exe 2019-01-07 12:41 - 2019-01-07 12:41 - 007050026 _____ (Soulseek LLC ) C:\Users\Ai Ren\Downloads\SoulseekQt-2017-2-20 (1).exe 2019-01-04 08:58 - 2019-01-04 08:59 - 000000000 ____D C:\Users\Ai Ren\TuneFab Spotify Music Converter 2019-01-04 08:54 - 2019-01-04 08:54 - 020261520 _____ (TuneFab, Inc. ) C:\Users\Ai Ren\Downloads\spotify-music-converter.exe 2019-01-02 13:01 - 2019-01-30 17:51 - 000000000 ____D C:\Users\Ai Ren\AppData\Local\CrashDumps 2019-01-02 12:18 - 2019-01-03 13:27 - 2348745074 _____ C:\Users\Ai Ren\Downloads\Yoga Unveiled DivX.divx ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-30 18:10 - 2018-11-29 12:11 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\uTorrent 2019-01-30 18:10 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-01-30 18:04 - 2018-09-12 17:44 - 000000000 ____D C:\ProgramData\Packages 2019-01-30 18:04 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-01-30 18:04 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\AppReadiness 2019-01-30 17:37 - 2018-09-12 17:48 - 000853626 _____ C:\Windows\SysWOW64\rootpa.e2e 2019-01-30 17:34 - 2018-09-12 17:03 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-01-30 17:33 - 2018-09-12 17:23 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2019-01-30 17:33 - 2018-04-11 15:04 - 000524288 _____ C:\Windows\system32\config\BBI 2019-01-30 17:32 - 2018-12-22 18:46 - 000002856 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1397950433-2231159717-305910240-1001 2019-01-30 17:32 - 2018-11-29 12:19 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2019-01-30 17:32 - 2018-09-13 12:30 - 000003482 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2019-01-30 17:32 - 2018-09-13 12:09 - 000003484 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-01-30 17:32 - 2018-09-13 12:09 - 000003260 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-01-30 17:32 - 2018-09-12 17:25 - 000002146 _____ C:\Windows\System32\Tasks\StartCN 2019-01-30 17:32 - 2018-09-12 17:25 - 000000000 ____D C:\Users\Ai Ren 2019-01-30 16:31 - 2018-09-12 17:03 - 000000000 ____D C:\Windows\system32\SleepStudy 2019-01-30 15:18 - 2018-11-29 12:18 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2019-01-30 00:10 - 2018-09-12 19:34 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\vlc 2019-01-29 23:56 - 2018-09-13 12:40 - 000000000 ____D C:\Program Files\Panda Security URL Filtering 2019-01-29 18:48 - 2018-09-12 17:30 - 000000000 ___RD C:\Users\Ai Ren\OneDrive 2019-01-29 18:48 - 2018-09-12 17:25 - 000002366 _____ C:\Users\Ai Ren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-01-29 12:52 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\LiveKernelReports 2019-01-26 19:16 - 2018-10-21 08:42 - 000000000 ____D C:\Users\Ai Ren\Desktop\Movie 2019-01-25 12:43 - 2018-09-18 19:14 - 000000000 ____D C:\Users\Ai Ren\Desktop\Misc 2019-01-25 09:55 - 2018-09-12 17:17 - 001673686 _____ C:\Windows\system32\PerfStringBackup.INI 2019-01-25 09:55 - 2018-04-12 10:18 - 000736008 _____ C:\Windows\system32\perfh00A.dat 2019-01-25 09:55 - 2018-04-12 10:18 - 000144308 _____ C:\Windows\system32\perfc00A.dat 2019-01-25 09:55 - 2018-04-11 17:36 - 000000000 ____D C:\Windows\INF 2019-01-23 13:06 - 2018-11-16 14:41 - 000000000 ____D C:\Program Files\rempl 2019-01-21 11:08 - 2018-09-13 18:13 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Schreiben 2019-01-20 19:37 - 2018-09-13 18:13 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Ebooks 2019-01-20 19:28 - 2018-04-11 17:30 - 000000000 ____D C:\Windows\CbsTemp 2019-01-19 13:02 - 2018-09-24 19:22 - 000000000 ____D C:\Users\Ai Ren\Desktop\Spiegel 2019-01-19 09:41 - 2018-11-29 12:17 - 000166792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2019-01-16 23:45 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\TextInput 2019-01-16 23:44 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\bcastdvr 2019-01-15 10:19 - 2018-09-13 12:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-01-14 11:00 - 2018-09-12 17:26 - 000000000 ____D C:\Users\Ai Ren\AppData\Local\Packages 2019-01-13 18:55 - 2018-09-13 18:13 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Gabriel 2019-01-13 18:54 - 2018-09-14 08:05 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Yoga 2019-01-13 18:52 - 2018-09-13 18:15 - 000000000 ___RD C:\Users\Ai Ren\Desktop\Spirit 2019-01-13 14:38 - 2018-09-25 19:14 - 000000000 ____D C:\Users\Ai Ren\Desktop\Nueva carpeta 2019-01-12 07:47 - 2018-09-12 19:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2019-01-11 23:44 - 2018-09-13 12:38 - 000000000 ____D C:\Program Files (x86)\Panda Security 2019-01-11 23:44 - 2018-09-12 17:03 - 000416496 _____ C:\Windows\system32\FNTCACHE.DAT 2019-01-08 15:10 - 2018-09-12 18:03 - 000000000 ____D C:\Windows\system32\MRT 2019-01-08 15:05 - 2018-09-12 18:03 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2019-01-08 15:01 - 2018-04-11 17:38 - 000000167 _____ C:\Windows\win.ini 2019-01-08 13:59 - 2018-11-05 17:42 - 000000000 ____D C:\Program Files (x86)\SoulseekQt 2019-01-07 13:33 - 2018-11-29 12:17 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2019-01-07 13:33 - 2018-11-29 12:17 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2019-01-07 13:33 - 2018-11-29 12:17 - 000239808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2019-01-07 13:33 - 2018-11-29 12:17 - 000218056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2019-01-07 13:33 - 2018-11-29 12:17 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2019-01-07 13:33 - 2018-11-29 12:17 - 000111992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2019-01-07 13:33 - 2018-11-29 12:17 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2019-01-07 13:33 - 2018-11-29 12:17 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2019-01-07 13:33 - 2018-11-29 12:17 - 000015488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys 2019-01-07 13:33 - 2018-04-11 17:38 - 000000000 ___HD C:\Windows\ELAMBKUP 2019-01-07 13:32 - 2018-11-29 12:17 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2019-01-07 13:32 - 2018-11-29 12:17 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2019-01-04 10:56 - 2018-09-13 12:17 - 000000000 ____D C:\ProgramData\Apple Computer 2019-01-04 10:43 - 2018-09-13 12:37 - 000000000 ____D C:\ProgramData\Panda Security 2019-01-04 10:40 - 2018-09-13 12:39 - 000000000 ____D C:\Users\Ai Ren\AppData\Roaming\Panda Security 2019-01-03 13:30 - 2018-09-13 18:17 - 000000000 ____D C:\Users\Ai Ren\Desktop\Unter Elfen 2019-01-02 13:41 - 2018-04-11 17:41 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-01-02 13:41 - 2018-04-11 17:41 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2018-09-25 19:24 - 2018-09-25 19:30 - 000002437 _____ () C:\Users\Ai Ren\AppData\Roaming\vidiot.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-09-12 17:03 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019 Ran by Ai Ren (30-01-2019 18:12:41) Running from C:\Users\Ai Ren\Downloads Windows 10 Home Version 1803 17134.523 (X64) (2018-09-12 23:15:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1397950433-2231159717-305910240-500 - Administrator - Disabled) Ai Ren (S-1-5-21-1397950433-2231159717-305910240-1001 - Administrator - Enabled) => C:\Users\Ai Ren DefaultAccount (S-1-5-21-1397950433-2231159717-305910240-503 - Limited - Disabled) Invitado (S-1-5-21-1397950433-2231159717-305910240-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1397950433-2231159717-305910240-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Apple Application Support (32 bits) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.) Apple Application Support (64 bits) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) calibre (HKLM-x32\...\{71640766-157F-4DE8-B45F-69B76B0F5FCE}) (Version: 3.31.0 - Kovid Goyal) Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.7.50.3 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{31CBAB2C-ED4B-403C-8933-192833FEB2C6}) (Version: 12.10.49.21 - HP Inc.) HP Wireless Button Driver (HKLM-x32\...\{2EC9AB64-3ACA-460D-B309-0A7052B0C8C0}) (Version: 1.1.21.1 - HP) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office ScreenTip Language 2013 - Deutsch (HKLM\...\{90150000-00BD-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 62.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 62.0 (x64 es-ES)) (Version: 62.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla) Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.3.6 - Panda Security) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.69 - REALTEK Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden SoulseekQt Version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated) Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 7.00 - NCH Software) VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN) Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-07] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-07] (AVAST Software) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-07] (AVAST Software) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-07] (AVAST Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07A6BB48-5FD0-4BBA-B7FA-ED1651E0974C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated) Task: {0D235CCC-FDF6-423F-8B6D-8A31EEA94BBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.) Task: {0D8D4254-00F1-4320-9A64-A301DA0E074F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2019-01-17] (HP Inc.) Task: {23CA6A52-D869-4647-886E-A28C5322E767} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.) Task: {317865A6-FDB6-4371-BE01-5D4B0F46763C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {4E6F49F0-46BA-42A0-AA1C-997B1BC1B262} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-11-21] (HP Inc.) Task: {5EADC56E-5790-4DB7-8979-093D4D1307E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.) Task: {64F60534-A4A8-41B3-8EC6-641CDAD4DC9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc.) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] () Task: {70F39B26-D31C-46D9-AD3C-95F53F3DDDE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {7976FA17-682E-4506-8111-1BE403154BDE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {8092DD21-85E6-40A2-97A3-4D111CC4DEBC} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.) Task: {8AC5DAB6-8A79-40FC-9D67-1D0EF3297800} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-07] (AVAST Software) Task: {9C9F6791-7AD4-47DF-B4A1-C8DA5666E713} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.) Task: {9E434953-9B5F-44D2-9E82-E971E7F1B1D3} - no filepath Task: {BEEE6F26-28AA-4554-8106-A66CD52856D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-16] (AVAST Software) Task: {C87AA8D4-E313-46B8-8E9D-5AC33A3FF841} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2019-01-17] (HP Inc.) Task: {DA1F92F7-96B2-45B1-BA04-F06BD5D881EA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {E17244E0-B741-430A-B4AD-F2AD6221478E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.) Task: {FBD4B5DB-E402-42E9-9615-005984AE5E06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-03-16 14:19 - 2018-03-16 14:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-03-16 14:19 - 2018-03-16 14:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll 2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-13 11:37 - 2018-11-08 20:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2019-01-12 07:54 - 2019-01-01 00:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2019-01-07 13:33 - 2019-01-07 13:33 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2019-01-07 13:32 - 2019-01-07 13:32 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2016-09-14 02:00 - 2016-09-14 02:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2016-09-14 02:00 - 2016-09-14 02:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2016-09-14 01:59 - 2016-09-14 01:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2016-09-14 01:59 - 2016-09-14 01:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-09-14 02:00 - 2016-09-14 02:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2018-12-13 12:34 - 2018-12-11 23:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll 2018-12-13 12:34 - 2018-12-11 23:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll 2018-10-03 20:42 - 2018-10-03 20:43 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll 2019-01-30 17:56 - 2019-01-30 17:57 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1397950433-2231159717-305910240-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-11 17:38 - 2019-01-10 22:16 - 000000845 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1397950433-2231159717-305910240-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ai Ren\Desktop\Misc\Wallpapers\209102.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D64CED02-A484-4D82-B3C9-F661D7BA01CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation) FirewallRules: [{586AE64D-49CF-4C54-8421-F6BC2E0A61EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation) FirewallRules: [{88AC7048-C079-4A63-9E2F-F46896921AF5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation) FirewallRules: [{0F53EBE2-A358-47E1-8DE9-9718DB239F3F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation) FirewallRules: [{38EF11F2-3CD7-4A89-921C-022A662BCD68}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{388280CE-3E3C-493E-B8DB-A3D58E9D5D55}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{C10AA53A-C9BA-4F0A-8C4C-F2738DC2A7E0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) FirewallRules: [{B5BBC23E-9BFD-404C-8615-3DF888428D92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{2A1AA347-6C3D-410F-B3E5-3EEBF17B7890}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{7EBCF8AB-752D-49D4-8F4E-86F073FB10BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{082DEECF-A6C1-41C6-AB1C-CB3EA82F115F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{0CF78A6C-D792-4FC5-AF7E-DD8EC7824532}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File FirewallRules: [{BEACC639-ECC0-438A-8816-CB88A24FF6AE}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File FirewallRules: [{00ECCF8C-7B26-4B7B-A231-82ECADDDA5A8}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File FirewallRules: [{A6C0675E-2394-48E1-BDC3-7E4ABEA4C2D2}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File FirewallRules: [TCP Query User{D6287A11-39D1-488E-9701-D5E40A73E8B0}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () FirewallRules: [UDP Query User{CA6FF611-EC16-4521-A288-3F43A4F13805}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () FirewallRules: [{8E4C19C9-2A7A-4E1E-9470-8A6FD3FEEE03}] => (Allow) C:\Users\Ai Ren\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{2D3A7E33-AE51-49EC-9AB3-9FF747757AA2}] => (Allow) C:\Users\Ai Ren\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [TCP Query User{9BC3B355-6997-4778-A7BC-8BA22437D461}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN) FirewallRules: [UDP Query User{9684E459-2AA4-4B6B-8660-B3BCFADC0DFA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN) FirewallRules: [{F39FAEF1-D936-4A58-9898-94D946B4EE4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) FirewallRules: [{34F5581D-E09C-4DF0-B03F-5E355916BD4E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software) FirewallRules: [{6D686BCA-8C83-4EC0-9FF4-0AA0B5B9A4B4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software) ==================== Restore Points ========================= 12-01-2019 07:40:27 Windows Update 15-01-2019 19:04:04 Windows Update 20-01-2019 19:24:54 Windows Update 20-01-2019 19:26:35 Windows Update 28-01-2019 21:19:59 Punto de control programado ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/30/2019 05:50:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: HiJackThis_v2.8.0.4.exe, versión: 2.8.0.4, marca de tiempo: 0x5a78ace1 Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.471, marca de tiempo: 0xfe852bc4 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x00043f31 Identificador del proceso con errores: 0x28a0 Hora de inicio de la aplicación con errores: 0x01d4b8f662f4e84f Ruta de acceso de la aplicación con errores: C:\Users\Ai Ren\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\7b4e384f5b096b9656fee276ba88bb81\HiJackThis_v2.8.0.4.exe Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll Identificador del informe: 422584f4-e142-473d-b2b1-3c9fdfdfe121 Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (01/30/2019 05:32:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: El programa MicrosoftEdgeCP.exe, versión 11.0.17134.523, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control. Identificador de proceso: 2d8 Hora de inicio: 01d4b8f3ec1186eb Hora de finalización: 0 Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Identificador de informe: 0e155bd6-df11-42d2-863f-d319f8f510be Nombre completo de paquete con errores: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe Identificador de aplicación relativa del paquete con errores: ContentProcess Error: (01/30/2019 04:31:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1161422 Error: (01/30/2019 04:31:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1161422 Error: (01/30/2019 04:31:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/30/2019 04:12:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1734 Error: (01/30/2019 04:12:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1734 Error: (01/30/2019 04:12:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (01/30/2019 05:54:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L4LOS3C) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario DESKTOP-L4LOS3C\Ai Ren con SID (S-1-5-21-1397950433-2231159717-305910240-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (01/30/2019 05:44:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: El servicio Agente de supervisión en tiempo de ejecución de Protección del sistema no respondió después de iniciar. Error: (01/30/2019 05:42:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: El servicio Administrador de mapas descargado no respondió después de iniciar. Error: (01/30/2019 05:41:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (01/30/2019 05:40:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: El servicio HP Support Solutions Framework Service no respondió después de iniciar. Error: (01/30/2019 05:38:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: El servicio Optimización de entrega no respondió después de iniciar. Error: (01/30/2019 05:35:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L4LOS3C) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario DESKTOP-L4LOS3C\Ai Ren con SID (S-1-5-21-1397950433-2231159717-305910240-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (01/30/2019 05:32:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Servicio de usuario de notificaciones de inserción de Windows_4a57f terminó inesperadamente. Esto se ha repetido 3 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio. Windows Defender: =================================== Date: 2019-01-11 23:48:11.980 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.275.1129.0 Origen de actualización: Centro de protección contra malware de Microsoft Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\NETWORK SERVICE Versión de motor actual: Versión de motor anterior: 1.1.15200.1 Código de error: 0x80072ee7 Descripción del error: No se pudo resolver el nombre de servidor o su dirección Date: 2019-01-11 23:48:11.980 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.275.1129.0 Origen de actualización: Centro de protección contra malware de Microsoft Tipo de firma: AntiSpyware Tipo de actualización: Completa Usuario: NT AUTHORITY\NETWORK SERVICE Versión de motor actual: Versión de motor anterior: 1.1.15200.1 Código de error: 0x80072ee7 Descripción del error: No se pudo resolver el nombre de servidor o su dirección Date: 2019-01-11 23:48:11.979 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.275.1129.0 Origen de actualización: Centro de protección contra malware de Microsoft Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\NETWORK SERVICE Versión de motor actual: Versión de motor anterior: 1.1.15200.1 Código de error: 0x80072ee7 Descripción del error: No se pudo resolver el nombre de servidor o su dirección Date: 2019-01-11 23:48:11.962 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.275.1129.0 Origen de actualización: Centro de protección contra malware de Microsoft Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\NETWORK SERVICE Versión de motor actual: Versión de motor anterior: 1.1.15200.1 Código de error: 0x80072ee7 Descripción del error: No se pudo resolver el nombre de servidor o su dirección Date: 2019-01-11 23:48:11.961 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.275.1129.0 Origen de actualización: Centro de protección contra malware de Microsoft Tipo de firma: AntiSpyware Tipo de actualización: Completa Usuario: NT AUTHORITY\NETWORK SERVICE Versión de motor actual: Versión de motor anterior: 1.1.15200.1 Código de error: 0x80072ee7 Descripción del error: No se pudo resolver el nombre de servidor o su dirección CodeIntegrity: =================================== Date: 2019-01-30 18:04:45.122 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-30 18:04:45.111 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-30 18:04:30.815 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-30 18:04:30.810 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-30 18:04:28.979 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-30 18:04:28.976 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-30 18:01:51.155 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-30 18:01:51.151 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics Percentage of memory in use: 67% Total physical RAM: 3551.03 MB Available physical RAM: 1163.63 MB Total Virtual: 7263.03 MB Available Virtual: 4619.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.16 GB) (Free:349.89 GB) NTFS \\?\Volume{003d6b10-ffa6-4795-b309-27528671b725}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS \\?\Volume{a2302373-f448-4c21-97ab-56c108794233}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 045B4842) Partition: GPT. ==================== End of Addition.txt ============================ | 
|  31.01.2019, 01:56 | #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Virus eingefangenZitat: 
 Nichts gegen AMD, aber diese CPU ist einfach totaler Müll siehe https://www.cpubenchmark.net/cpu.php...MD+A6-7310+APU Average CPU Mark 2663 Single Thread Rating 901 Auf dieser Hardware kann noch nie etwas richtig schnell gelaufen sein v.a. Windows nicht. Versuch erstmal das hier: 1. den schrottigen Virenscanner avast komplett deinstallieren und nur noch Windows Defender verwenden, sollte automatisch aktiviert werden wenn avast deinstalliert wurde 2. Google Chrome durch Mozilla Firefox ersetzen 
				__________________ | 
|  | 
| Themen zu Virus eingefangen | 
| adobe, adware, antivirus, bonjour, browser, defender, frage, frst log, google, hijack, home, homepage, internet, malware, mozilla, openvpn, realtek, registry, security, services.exe, software, svchost.exe, system, udp, updates, virus, windows, windowsapps |