bbfreak430 | 17.09.2016 20:50 | FRST Logfile: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
durchgeführt von gernot4 (Administrator) auf GERNOT3 (17-09-2016 21:42:14)
Gestartet von H:\chess
Geladene Profile: gernot4 & postgres (Verfügbare Profile: gernot4 & postgres)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AO Kaspersky Lab) C:\ProgramData\Kaspersky Lab\AVP16.0.1\Temp\temporaryFolder\updates\bin\kav16\mr1\16.0.1.445_kis_e\avpui.exe.8853_2553_4126.removeOnNextReboot
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Dominik Reichl) D:\KeePass Password Safe\KeePass.exe
() C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(FastStone Soft) C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(FastStone Soft) C:\Program Files (x86)\FastStone Capture\FSRecorder.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Mozilla Foundation) D:\flopzilla neu\crashreporter.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Foundation) D:\flopzilla neu\crashreporter.exe
(Mozilla Foundation) D:\flopzilla neu\crashreporter.exe
(ChessBase GmbH) C:\Program Files\ChessBase\CBase13\CBase13.exe
(Mozilla Foundation) D:\flopzilla neu\crashreporter.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Mozilla Foundation) D:\flopzilla neu\crashreporter.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Foundation) D:\flopzilla neu\crashreporter.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Mozilla Corporation) D:\flopzilla neu\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.23941.0_x64__8wekyb3d8bbwe\Video.UI.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [892536 2015-07-16] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [VizzedRgrPluginServiceLoader] => C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe [40448 2015-11-27] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\Run: [KeePass Password Safe] => D:\KeePass Password Safe\KeePass.exe [2166272 2014-10-01] (Dominik Reichl)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\Run: [Boxcryptor.exe] => D:\download1\boxcryptor\Boxcryptor.exe [2506848 2016-02-23] (Secomba GmbH)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\Run: [MP3 Skype recorder] => C:\Users\gernot4\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [2223768 2016-05-06] (Domit UK LTD)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29502592 2016-07-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\MountPoints2: {e5aa8509-7e26-11e4-be65-806e6f6e6963} - "E:\Autorun.exe"
HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29502592 2016-07-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\Run: [KeePass Password Safe] => D:\KeePass Password Safe\KeePass.exe [2166272 2014-10-01] (Dominik Reichl)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs5 - {83A1A604-7AE5-44F6-B1A5-50D168F8AFBC} - C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {83A1A604-7AE5-44F6-B1A5-50D168F8AFBC} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt0"] -> {3F72D166-F72C-4233-8DFF-C1AE9912EE00} => D:\download1\boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt1"] -> {2C98CA8D-A52F-45E3-AE6E-2A92C8BAE147} => D:\download1\boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {2A29B9BC-333E-4476-B063-AA674DD99FEC} => D:\download1\boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt3"] -> {5793C07F-7534-47F2-B937-FCEA34318D5C} => D:\download1\boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt8"] -> {997CC261-6729-4956-A09B-818EA137FFE9} => D:\download1\boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt9"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => D:\download1\boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Keine Datei
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {1F5FAC28-6777-4A94-BA2B-C01E7E86D7C9} => C:\WINDOWS\system32\cbfsMntNtf5.dll [2015-10-04] (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt0"] -> {3F72D166-F72C-4233-8DFF-C1AE9912EE00} => D:\download1\boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt1"] -> {2C98CA8D-A52F-45E3-AE6E-2A92C8BAE147} => D:\download1\boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {2A29B9BC-333E-4476-B063-AA674DD99FEC} => D:\download1\boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt3"] -> {5793C07F-7534-47F2-B937-FCEA34318D5C} => D:\download1\boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt8"] -> {997CC261-6729-4956-A09B-818EA137FFE9} => D:\download1\boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt9"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => D:\download1\boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2016-02-23] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {1F5FAC28-6777-4A94-BA2B-C01E7E86D7C9} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll [2015-10-04] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 213.33.99.70 80.120.17.70
Tcpip\..\Interfaces\{625bd8c0-8c01-42e2-a723-e9754b2fedbf}: [DhcpNameServer] 213.33.99.70 80.120.17.70
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
FireFox:
========
FF ProfilePath: C:\Users\gernot4\AppData\Roaming\Mozilla\Firefox\Profiles\vcz8pqsp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2015-11-27] (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\gernot4\AppData\Roaming\Mozilla\Firefox\Profiles\vcz8pqsp.default\user.js [2014-12-07]
FF Extension: (Firefox Hotfix) - C:\Users\gernot4\AppData\Roaming\Mozilla\Firefox\Profiles\vcz8pqsp.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
FF Extension: (MEGA) - C:\Users\gernot4\AppData\Roaming\Mozilla\Firefox\Profiles\vcz8pqsp.default\Extensions\firefox@mega.co.nz.xpi [2016-09-14]
FF Extension: (EPUBReader) - C:\Users\gernot4\AppData\Roaming\Mozilla\Firefox\Profiles\vcz8pqsp.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-08-16]
FF Extension: (Video DownloadHelper) - C:\Users\gernot4\AppData\Roaming\Mozilla\Firefox\Profiles\vcz8pqsp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-17]
FF Extension: (Adblock Plus) - C:\Users\gernot4\AppData\Roaming\Mozilla\Firefox\Profiles\vcz8pqsp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-19]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-07-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-07-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-16] (BlueStack Systems, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [Datei ist nicht signiert]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2015-08-10] ()
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-07-16] (BlueStack Systems)
R1 cbfs3; C:\WINDOWS\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 cbfs5; C:\WINDOWS\system32\drivers\cbfs5.sys [422080 2015-10-04] (EldoS Corporation)
U0 cfkovin; C:\Windows\System32\drivers\qfpwoi.sys [79064 2016-08-24] (Malwarebytes)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-11] (Disc Soft Ltd)
U0 haaxhl; C:\Windows\System32\drivers\xury.sys [79064 2016-09-17] (Malwarebytes)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [237400 2016-08-19] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-08-17] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [992600 2016-08-19] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-08-19] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [110424 2016-08-19] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-08-08] ()
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2016-09-17] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-10-12] (Riverbed Technology, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2015-10-04] (EldoS Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-17 21:41 - 2016-09-17 21:42 - 00000000 ____D C:\FRST
2016-09-17 01:02 - 2016-09-17 01:02 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\xury.sys
2016-09-01 22:30 - 2016-09-01 22:30 - 00001765 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-09-01 22:29 - 2016-09-01 22:30 - 04619752 _____ (Piriform Ltd) C:\Users\gernot4\Downloads\dfsetup221.exe
2016-09-01 22:24 - 2016-09-01 22:24 - 00001152 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2016-08-30 14:09 - 2016-09-16 23:45 - 00000096 ____H C:\Users\gernot4\Desktop\.~lock.tp 2014.xls#
2016-08-24 01:01 - 2016-08-24 01:01 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\qfpwoi.sys
2016-08-19 20:10 - 2016-09-16 23:46 - 00000096 ____H C:\Users\gernot4\Desktop\.~lock.FK.ods#
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-17 21:41 - 2014-12-07 23:51 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-17 21:29 - 2016-03-04 04:12 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-17 20:40 - 2014-12-07 17:45 - 00000000 ___HD C:\Users\gernot4\AppData\Roaming\Skype
2016-09-17 20:37 - 2016-04-23 13:03 - 00000000 ____D C:\Users\gernot4\AppData\Local\ClassicShell
2016-09-17 19:46 - 2014-12-08 14:19 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{978AAE05-0ED6-4C2F-93AC-36C0DCBBEA40}
2016-09-17 17:54 - 2016-04-01 23:01 - 00000000 ____D C:\Users\gernot4\AppData\Roaming\vlc
2016-09-17 11:26 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-17 11:20 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-17 03:56 - 2014-12-07 17:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-17 01:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Web
2016-09-17 00:10 - 2014-12-08 12:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-16 23:46 - 2014-12-09 16:33 - 00014067 ____H C:\Users\gernot4\Desktop\FK.ods
2016-09-16 23:45 - 2015-01-20 03:52 - 00014336 _____ C:\Users\gernot4\Desktop\tp 2014.xls
2016-09-16 22:29 - 2016-03-04 04:12 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 01:18 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-15 01:15 - 2015-05-13 09:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-15 01:11 - 2014-12-07 18:18 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-14 12:30 - 2016-03-14 20:41 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-13 23:41 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-13 23:41 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-13 05:21 - 2016-04-23 12:55 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-13 05:21 - 2016-02-13 18:59 - 00776562 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-13 05:21 - 2016-02-13 18:59 - 00155874 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-13 05:21 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-12 17:13 - 2014-12-07 17:39 - 00000000 ___HD C:\Users\gernot4\AppData\Local\Packages
2016-09-09 23:40 - 2016-07-19 06:32 - 00018338 _____ C:\Users\gernot4\Desktop\schachtermine.ods
2016-09-07 13:10 - 2016-02-04 18:20 - 00003976 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1454602821
2016-09-07 13:10 - 2016-02-04 18:20 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-07 13:10 - 2016-02-04 18:19 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-07 03:00 - 2015-10-30 09:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 03:00 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-02 00:47 - 2016-05-18 15:14 - 00000000 ____D C:\Users\gernot4\AppData\Roaming\TeamViewer
2016-09-02 00:47 - 2015-03-26 19:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-09-01 22:26 - 2014-12-07 18:07 - 00000000 ____D C:\ProgramData\TEMP
2016-09-01 22:25 - 2014-12-07 18:07 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-09-01 22:24 - 2014-12-07 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-09-01 06:42 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-24 01:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PLA
2016-08-22 15:38 - 2016-07-25 05:22 - 00000000 ____D C:\Users\gernot4\Desktop\PDF
2016-08-19 11:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-19 05:31 - 2016-03-04 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-19 03:56 - 2016-02-28 08:25 - 00992600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-08-19 03:56 - 2015-07-04 03:18 - 00237400 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-08-19 03:56 - 2015-06-27 00:58 - 00087984 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys
2016-08-19 03:56 - 2015-06-16 22:56 - 00110424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-09-13 20:55 - 2015-09-13 20:55 - 0984576 _____ () C:\Program Files\stockfish_15091020_x64_bmi2.exe
2016-03-25 18:40 - 2016-03-25 18:40 - 0005120 _____ () C:\Users\gernot4\AppData\Roaming\GiftBag.db
2016-02-28 03:41 - 2016-03-14 01:41 - 0000144 _____ () C:\Users\gernot4\AppData\Roaming\WB.CFG
2015-01-05 00:10 - 2015-01-05 00:14 - 0015233 ____H () C:\Users\gernot4\AppData\Roaming\winboard47.ini
2016-04-23 12:47 - 2016-04-23 12:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-08 02:25 - 2014-12-08 02:25 - 0004130 _____ () C:\ProgramData\kmytnfun.aqy
2016-02-28 00:50 - 2016-02-28 00:50 - 0005091 _____ () C:\ProgramData\updkbqqg.iqa
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-09-09 13:06
==================== Ende von FRST.txt ============================ --- --- ---
FRST Additions Logfile: Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-09-2016
durchgeführt von gernot4 (17-09-2016 21:42:40)
Gestartet von H:\chess
Windows 10 Pro Version 1511 (X64) (2016-04-23 10:55:45)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4126793157-3628572979-2460973976-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4126793157-3628572979-2460973976-503 - Limited - Disabled)
Gast (S-1-5-21-4126793157-3628572979-2460973976-501 - Limited - Disabled)
gernot4 (S-1-5-21-4126793157-3628572979-2460973976-1001 - Administrator - Enabled) => C:\Users\gernot4
HomeGroupUser$ (S-1-5-21-4126793157-3628572979-2460973976-1003 - Limited - Enabled)
postgres (S-1-5-21-4126793157-3628572979-2460973976-1005 - Limited - Enabled) => C:\Users\postgres
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
7-Zip 9.35 beta (HKLM-x32\...\7-Zip) (Version: - )
888poker (HKLM-x32\...\888poker) (Version: - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Apowersoft Video Converter Studio V4.4.5 (HKLM-x32\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.4.5 - APOWERSOFT LIMITED)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlackChipPoker (HKLM-x32\...\FE4D6F94-B3D5-484b-94F7-8BC45DEB7A82) (Version: 16.6 - IGSoft)
BlueStacks Notification Center (HKLM-x32\...\{09D96B90-87D9-410A-A1E8-BF2F2CF6394A}) (Version: 0.9.34.4278 - BlueStack Systems, Inc.)
bob internet (HKLM-x32\...\bob internet) (Version: 1.17.0.0 - A1 Telekom Austria AG)
bob internet (x32 Version: 1.17.0.0 - A1 Telekom Austria AG) Hidden
Boilsoft Video Converter 3.01 (HKLM-x32\...\{4822DF0D-087B-435C-843D-ADAB239CCA13}_is1) (Version: - Boilsoft. Inc.)
Boxcryptor 2.2 (HKLM-x32\...\{B442E691-A52D-4AFA-B2ED-D9D075A2E344}) (Version: 2.2.419.277 - Secomba GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
ChessBase 13 64-bit (HKLM\...\{DC2A2AB5-1DFB-4DFA-889A-2735543DC636}) (Version: 13.1.0.0 - ChessBase)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dasher (HKLM-x32\...\Dasher) (Version: - Internet Chess Club)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
FastStone Capture 8.4 (HKLM-x32\...\FastStone Capture) (Version: 8.4 - FastStone Soft)
Flopzilla (HKLM-x32\...\{076ED4AA-E331-4029-9447-17792194C3DB}) (Version: 1.6.9 - Flopzilla)
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.26.4.WIN.FullTilt.EU - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.3.5254 - Gretech Corporation)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Holdem Manager (HKLM\...\HoldemManager) (Version: - )
HoldEq (HKLM-x32\...\{BDBB769F-C1BC-4DD9-9249-64ECB3975440}) (Version: 1.0.5 - HoldEq)
ICMIZER (HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\3972908725.www.icmpoker.com) (Version: - www.icmpoker.com)
ICMIZER (HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\3972908725.www.icmpoker.com) (Version: - www.icmpoker.com)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
KeePass Password Safe 1.28 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.28 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movavi SWF to Video Converter (HKLM-x32\...\Movavi SWF to Video Converter) (Version: 1.0.1.0 - MOVAVI)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Firefox 48.0.2 (x86 de) (HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{D16F8C68-9F13-425F-A624-3C997D21879E}) (Version: 4.22.1.0 - Domit LTD)
NetBet Poker (HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\Netbet Poker) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 39.0.2256.71 (HKLM-x32\...\Opera 39.0.2256.71) (Version: 39.0.2256.71 - Opera Software)
Perfect Uninstaller v6.3.4.0 (HKLM\...\Perfect Uninstaller_is1) (Version: - www.PerfectUninstaller.com)
Peshka 6 (HKLM-x32\...\Peshka 6_is1) (Version: - )
PlayChess (HKLM-x32\...\PlayChess) (Version: - ChessBase GmbH)
PokerHost (HKLM-x32\...\9A34834F-A780-4968-A961-BA69F3D77746) (Version: 16.6 - IGSoft)
PokerKing (HKLM-x32\...\496A04E7-2038-427a-AA40-B32DDB67EC74) (Version: 16.6 - IGSoft)
PokerSnowie (HKLM-x32\...\PokerSnowie_is1) (Version: - Snowie Games Ltd)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version: - PokerStars.fr)
PokerStove version 1.24 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version: - )
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SequoiaView (HKLM-x32\...\SequoiaView) (Version: - )
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Vizzed Retro Game Room (HKLM-x32\...\{FF6F50C5-823C-435B-83B8-52559BB6DA09}) (Version: 2.41 - Vizzed)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
XMedia Recode Version 3.3.0.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.0.0 - XMedia Recode)
XviD MPEG-4 Video Codec (HKLM-x32\...\XviD_is1) (Version: XviD-1.0.3-20122004 - XviD Team (Koepi))
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0DDD62C8-9837-426F-A1DE-4A94313A63A4} - System32\Tasks\{B2A119BA-3D9E-41A6-AA28-F6CCBA389386} => pcalua.exe -a D:\download1\Anno1503Calculator.exe -d D:\download1
Task: {223A267E-10A6-4F47-8853-03D0A749FB12} - System32\Tasks\{39D6B0FC-C46C-4A57-8534-20B132FBF5D5} => pcalua.exe -a F:\AnnoFinder.exe -d F:\
Task: {3294ABE5-A154-4757-99AD-B5449FB125CE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {4EB3A47A-0CE7-4DE9-AA73-D497898C6216} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {69B848BB-2E89-4C01-8F7C-66BED3ACCA3F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {6DE227D7-C4A8-4A75-A384-397BB366AC30} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {73EFB3A1-8201-4EFE-B99E-746324F5F9CC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {77FDCE91-AE54-4250-B7E9-17324F55EC11} - System32\Tasks\Opera scheduled Autoupdate 1454602821 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-05] (Opera Software)
Task: {95DBB0B3-1D6D-470D-98C4-027A75108954} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {9FD3E366-8707-4E8A-A162-62BB6B3F33B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.)
Task: {A652AD7B-BDC0-41AD-9339-F71FE4E4CF36} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B449AC98-3AF0-4972-AFB0-C312284CDB36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {D7319A23-AFF4-4EC8-A8C5-7AC692AC2F85} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {E106E3DE-9993-45C8-80E6-1F8C5F13B73A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {E1E0B658-0178-47AA-A326-ECE04C9B12C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {E4F45454-DD24-4326-8E11-DFB1EEC0B933} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.)
Task: {E7DA7EE2-5D24-40E8-9A53-18EBA8A779A8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {EF516988-38A8-4198-9A90-0D93E24344DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {F05C59CE-1051-4551-99C1-39C16FE7FCE2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {F6A3A6B7-1289-4C9C-95B0-97A7E4E0C08C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\gernot4\Desktop\poker\ICMIZER.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 3972908725.www.icmpoker.com
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 06:49 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 06:49 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-23 13:46 - 2016-04-23 13:46 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 06:50 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 06:49 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 06:49 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 06:49 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 06:49 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-27 11:58 - 2015-11-27 11:58 - 00040448 _____ () C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe
2016-08-16 11:07 - 2016-08-16 11:08 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 11:07 - 2016-08-16 11:08 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 19:35 - 2016-06-03 19:35 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-04-23 13:32 - 2016-04-23 13:33 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2014-12-08 14:03 - 2014-02-18 10:11 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2014-12-08 14:03 - 2012-08-14 15:19 - 00999424 _____ () c:\postgreSQL\bin\libxml2.dll
2016-04-23 13:46 - 2016-04-23 13:46 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-23 13:46 - 2016-04-23 13:47 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-12-08 13:52 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-08-13 10:27 - 2014-08-13 10:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\amazon.de -> hxxps://amazon.de
IE trusted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\vizzed.com -> www.vizzed.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\1001movie.com -> 1001movie.com
Da befinden sich 6091 mehr Seiten.
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\...\1001movie.com -> 1001movie.com
Da befinden sich 6088 mehr Seiten.
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2015-10-08 00:26 - 00000851 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-4126793157-3628572979-2460973976-1005\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.33.99.70 - 80.120.17.70
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "MalwareProtectionLive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\StartupApproved\Run: => "Boxcryptor.exe"
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-4126793157-3628572979-2460973976-1001\...\StartupApproved\Run: => "GoogleDriveSync"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{14D1DA8A-28DC-4A55-BA37-5ACA6F9890EA}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{86294B56-714F-4B14-89E6-CBDF9059CD17}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{3B3BFCA7-92B6-41D7-9C9A-A03DD74916A5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{3D303B7F-E011-4C7C-93F1-B35CD068DC3D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{2065E078-F5AF-40C3-B4C2-298E3401D703}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{5BBC6D6E-F338-400D-9D8B-20D669696818}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{B8C1ADDD-CEBA-4B86-9EDA-EAD6E405E691}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{82ACD3B4-A324-4BFB-9FDC-E65171D867E7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D80BABB6-6AB1-4CD3-8910-B7D79D5112B0}] => (Allow) D:\flopzilla neu\firefox.exe
FirewallRules: [{C8134A14-7645-4481-8C27-9C9EF476E210}] => (Allow) D:\flopzilla neu\firefox.exe
FirewallRules: [{2A46C05C-0B91-4661-A46D-DAA55CBBC83B}] => (Allow) LPort=5432
FirewallRules: [TCP Query User{26BA8E30-4396-4930-83A1-AC7DDD02741C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{41505C8F-031E-4094-B24D-0EFA7BE06CC1}C:\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [UDP Query User{0E005B0D-957B-4A8E-AA9D-23834FD65166}C:\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [{2A2E6DC2-0FA6-4534-A06D-E14ADCF8CECE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EB75E52A-C04F-4846-AEE8-6F7585125DC7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{115A1F59-167E-476A-A24C-6729249C294D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{17FF678E-7A25-4B9F-BAAC-B89D48FF5B7C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/17/2016 04:55:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 48.0.2.6079, Zeitstempel: 0x57bd3628
Name des fehlerhaften Moduls: mozglue.dll, Version: 48.0.2.6079, Zeitstempel: 0x57bd2857
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000efe5
ID des fehlerhaften Prozesses: 0x6be0
Startzeit der fehlerhaften Anwendung: 0x01d210ad760e01e5
Pfad der fehlerhaften Anwendung: D:\flopzilla neu\plugin-container.exe
Pfad des fehlerhaften Moduls: D:\flopzilla neu\mozglue.dll
Berichtskennung: 0a8ba163-6f8e-4249-a3f1-dc5945a519f7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/17/2016 04:58:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 48.0.2.6079 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6f3c
Startzeit: 01d2107df3a52333
Beendigungszeit: 4294967295
Anwendungspfad: D:\flopzilla neu\firefox.exe
Berichts-ID: 9369a035-7c82-11e6-be9f-94de80ba238d
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (09/17/2016 04:58:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 48.0.2.6079, Zeitstempel: 0x57bd3628
Name des fehlerhaften Moduls: mozglue.dll, Version: 48.0.2.6079, Zeitstempel: 0x57bd2857
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000efe5
ID des fehlerhaften Prozesses: 0x615c
Startzeit der fehlerhaften Anwendung: 0x01d21087be60281e
Pfad der fehlerhaften Anwendung: D:\flopzilla neu\plugin-container.exe
Pfad des fehlerhaften Moduls: D:\flopzilla neu\mozglue.dll
Berichtskennung: eaf0983c-e8e4-4151-a6be-1a83d2fc60e1
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/17/2016 03:05:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: gernot3)
Description: Das Paket „Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (09/17/2016 02:53:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 48.0.2.6079 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6cdc
Startzeit: 01d21031b8d648d8
Beendigungszeit: 4294967295
Anwendungspfad: D:\flopzilla neu\firefox.exe
Berichts-ID: 2f049c39-7c71-11e6-be9f-94de80ba238d
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (09/17/2016 02:53:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 48.0.2.6079, Zeitstempel: 0x57bd3628
Name des fehlerhaften Moduls: mozglue.dll, Version: 48.0.2.6079, Zeitstempel: 0x57bd2857
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000efe5
ID des fehlerhaften Prozesses: 0x7050
Startzeit der fehlerhaften Anwendung: 0x01d210677b1f375d
Pfad der fehlerhaften Anwendung: D:\flopzilla neu\plugin-container.exe
Pfad des fehlerhaften Moduls: D:\flopzilla neu\mozglue.dll
Berichtskennung: c97808c2-9fb8-43e0-bf91-4340b95b0e97
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/16/2016 05:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 48.0.2.6079, Zeitstempel: 0x57bd3628
Name des fehlerhaften Moduls: mozglue.dll, Version: 48.0.2.6079, Zeitstempel: 0x57bd2857
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000efe5
ID des fehlerhaften Prozesses: 0x5380
Startzeit der fehlerhaften Anwendung: 0x01d20fad2685bdfb
Pfad der fehlerhaften Anwendung: D:\flopzilla neu\plugin-container.exe
Pfad des fehlerhaften Moduls: D:\flopzilla neu\mozglue.dll
Berichtskennung: 2a3eb8f4-8799-4cb4-aca0-ecc55703eeb2
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/15/2016 11:51:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 48.0.2.6079, Zeitstempel: 0x57bd3628
Name des fehlerhaften Moduls: mozglue.dll, Version: 48.0.2.6079, Zeitstempel: 0x57bd2857
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000efe5
ID des fehlerhaften Prozesses: 0x6548
Startzeit der fehlerhaften Anwendung: 0x01d20f86be3b120c
Pfad der fehlerhaften Anwendung: D:\flopzilla neu\plugin-container.exe
Pfad des fehlerhaften Moduls: D:\flopzilla neu\mozglue.dll
Berichtskennung: 5b7c2d38-4dc5-4330-b71d-5b86f5a8d6b8
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/15/2016 11:51:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 48.0.2.6079 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 614c
Startzeit: 01d20f63819c37e0
Beendigungszeit: 4294967295
Anwendungspfad: D:\flopzilla neu\firefox.exe
Berichts-ID: 86ad7a24-7b8e-11e6-be9f-94de80ba238d
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (09/15/2016 05:11:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 48.0.2.6079, Zeitstempel: 0x57bd3628
Name des fehlerhaften Moduls: mozglue.dll, Version: 48.0.2.6079, Zeitstempel: 0x57bd2857
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000efe5
ID des fehlerhaften Prozesses: 0x64e0
Startzeit der fehlerhaften Anwendung: 0x01d20f44292ecb3d
Pfad der fehlerhaften Anwendung: D:\flopzilla neu\plugin-container.exe
Pfad des fehlerhaften Moduls: D:\flopzilla neu\mozglue.dll
Berichtskennung: 242b91dc-6fa5-40fd-aac3-a9924a870c4b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (09/13/2016 03:43:11 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR12.
Error: (09/13/2016 03:43:01 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR12.
Error: (09/13/2016 03:42:17 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR12.
Error: (09/13/2016 03:37:19 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR12.
Error: (09/06/2016 10:51:03 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR11.
Error: (09/06/2016 10:50:59 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR11.
Error: (09/06/2016 10:50:03 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR11.
Error: (09/06/2016 10:49:59 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR11.
Error: (09/06/2016 05:25:30 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR11.
Error: (09/06/2016 05:25:26 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR11.
CodeIntegrity:
===================================
Date: 2016-09-15 03:48:38.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-02 04:42:08.458
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-17 22:45:00.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-11 03:54:06.256
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-22 04:45:16.796
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-21 06:50:23.902
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-21 06:48:27.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-14 03:16:07.328
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-02 23:04:59.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-01 21:59:56.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 66%
Installierter physikalischer RAM: 8080.14 MB
Verfügbarer physikalischer RAM: 2702.91 MB
Summe virtueller Speicher: 12793.17 MB
Verfügbarer virtueller Speicher: 2101.79 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:110.39 GB) (Free:23.63 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:664.77 GB) NTFS
Drive h: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:108.56 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 0F3B3692)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 37681EA8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================ --- --- --- Code:
21:49:28.0185 0x6144 TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31
21:49:28.0185 0x6144 UEFI system
21:51:54.0808 0x6144 ============================================================
21:51:54.0808 0x6144 Current date / time: 2016/09/17 21:51:54.0808
21:51:54.0809 0x6144 SystemInfo:
21:51:54.0809 0x6144
21:51:54.0809 0x6144 OS Version: 10.0.10586 ServicePack: 0.0
21:51:54.0809 0x6144 Product type: Workstation
21:51:54.0809 0x6144 ComputerName: GERNOT3
21:51:54.0810 0x6144 UserName: gernot4
21:51:54.0810 0x6144 Windows directory: C:\WINDOWS
21:51:54.0810 0x6144 System windows directory: C:\WINDOWS
21:51:54.0810 0x6144 Running under WOW64
21:51:54.0810 0x6144 Processor architecture: Intel x64
21:51:54.0810 0x6144 Number of processors: 4
21:51:54.0810 0x6144 Page size: 0x1000
21:51:54.0810 0x6144 Boot type: Normal boot
21:51:54.0810 0x6144 CodeIntegrityOptions = 0x00000001
21:51:54.0810 0x6144 ============================================================
21:51:54.0921 0x6144 KLMD registered as C:\WINDOWS\system32\drivers\50553581.sys
21:51:54.0921 0x6144 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.545, osProperties = 0x19
21:51:55.0040 0x6144 System UUID: {1C42954E-6998-B906-69D4-557BD1BEB9FD}
21:51:55.0361 0x6144 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:51:55.0361 0x6144 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:51:55.0362 0x6144 Drive \Device\Harddisk2\DR15 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:51:55.0363 0x6144 ============================================================
21:51:55.0363 0x6144 \Device\Harddisk0\DR0:
21:51:55.0363 0x6144 GPT partitions:
21:51:55.0364 0x6144 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1BDECB8A-011C-4D4A-9AEA-25F8E1DD1BD9}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
21:51:55.0364 0x6144 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {A769722C-6D84-42C9-B33A-99239595EEBD}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
21:51:55.0364 0x6144 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {3F762F7C-E358-458C-97CE-98DB01261871}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
21:51:55.0364 0x6144 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8F3B5627-1A14-4A60-AFB0-25C5D083715F}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0xDCCA000
21:51:55.0364 0x6144 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {254A93B6-42C3-4E3B-9691-BCA30667FFF3}, Name: , StartLBA 0xDDD2800, BlocksNum 0xE1000
21:51:55.0364 0x6144 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {79C21AF1-B892-4322-87E7-2C2B2EBAF068}, Name: , StartLBA 0xDEB3800, BlocksNum 0xE1000
21:51:55.0364 0x6144 MBR partitions:
21:51:55.0364 0x6144 \Device\Harddisk1\DR1:
21:51:55.0550 0x6144 MBR partitions:
21:51:55.0550 0x6144 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:51:55.0550 0x6144 \Device\Harddisk2\DR15:
21:51:55.0551 0x6144 MBR partitions:
21:51:55.0551 0x6144 \Device\Harddisk2\DR15\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
21:51:55.0551 0x6144 ============================================================
21:51:55.0553 0x6144 C: <-> \Device\Harddisk0\DR0\Partition4
21:51:55.0581 0x6144 D: <-> \Device\Harddisk1\DR1\Partition1
21:51:55.0669 0x6144 H: <-> \Device\Harddisk2\DR15\Partition1
21:51:55.0669 0x6144 ============================================================
21:51:55.0669 0x6144 Initialize success
21:51:55.0669 0x6144 ============================================================
21:52:52.0368 0x6564 ============================================================
21:52:52.0368 0x6564 Scan started
21:52:52.0368 0x6564 Mode: Manual; SigCheck; TDLFS;
21:52:52.0368 0x6564 ============================================================
21:52:52.0368 0x6564 KSN ping started
21:52:52.0423 0x6564 KSN ping finished: true
21:52:53.0332 0x6564 ================ Scan system memory ========================
21:52:53.0332 0x6564 System memory - ok
21:52:53.0332 0x6564 ================ Scan services =============================
21:52:53.0364 0x6564 1394ohci - ok
21:52:53.0367 0x6564 3ware - ok
21:52:53.0370 0x6564 ACPI - ok
21:52:53.0373 0x6564 acpiex - ok
21:52:53.0375 0x6564 acpipagr - ok
21:52:53.0377 0x6564 AcpiPmi - ok
21:52:53.0380 0x6564 acpitime - ok
21:52:53.0384 0x6564 [ A0CAC4F3F998173A8DC1E67E7E0345EF, D0C2F504A5059691EDBBA917D0C6260450A554A365C12E7747E48EE1668C51A5 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:52:53.0405 0x6564 AdobeARMservice - ok
21:52:53.0440 0x6564 [ 8FC33A20D54FB5CC7FBBA814B4E42A22, 707F61F0CEB9467D9BD1782868403BD53DB46EAB0342772661F370E5174AAD8C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:52:53.0449 0x6564 AdobeFlashPlayerUpdateSvc - ok
21:52:53.0453 0x6564 ADP80XX - ok
21:52:53.0457 0x6564 AFD - ok
21:52:53.0460 0x6564 agp440 - ok
21:52:53.0462 0x6564 ahcache - ok
21:52:53.0464 0x6564 AJRouter - ok
21:52:53.0467 0x6564 ALG - ok
21:52:53.0479 0x6564 [ 976966A13B587E2FEB883B516D868B6B, 8E95476EAFF9F75DE2DA85BD791AD8F5BE6EAC933C59DCC41B9F71860CA80868 ] Amazon 1Button App Service C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
21:52:53.0490 0x6564 Amazon 1Button App Service - ok
21:52:53.0493 0x6564 AmdK8 - ok
21:52:53.0496 0x6564 AmdPPM - ok
21:52:53.0498 0x6564 amdsata - ok
21:52:53.0501 0x6564 amdsbs - ok
21:52:53.0503 0x6564 amdxata - ok
21:52:53.0506 0x6564 AppID - ok
21:52:53.0508 0x6564 AppIDSvc - ok
21:52:53.0511 0x6564 Appinfo - ok
21:52:53.0513 0x6564 AppMgmt - ok
21:52:53.0515 0x6564 AppReadiness - ok
21:52:53.0518 0x6564 AppXSvc - ok
21:52:53.0521 0x6564 arcsas - ok
21:52:53.0523 0x6564 AsyncMac - ok
21:52:53.0525 0x6564 atapi - ok
21:52:53.0530 0x6564 [ B4BDE3F758A34658A37DFED3D9783CD8, BC9F6B9BDD639457894DE0F596AB3A655374E078796762FE5E8E5414F0481208 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
21:52:53.0539 0x6564 atksgt - ok
21:52:53.0544 0x6564 AudioEndpointBuilder - ok
21:52:53.0546 0x6564 Audiosrv - ok
21:52:53.0558 0x6564 [ 09F0E4D1F66C40AB770AD1540758C59E, 78591F6B94B5A5B9A6D434AC54A0BD5D606099A6FE48B25D17B2E01942CAEAE3 ] AVP16.0.1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
21:52:53.0567 0x6564 AVP16.0.1 - ok
21:52:53.0571 0x6564 AxInstSV - ok
21:52:53.0574 0x6564 b06bdrv - ok
21:52:53.0577 0x6564 BasicDisplay - ok
21:52:53.0579 0x6564 BasicRender - ok
21:52:53.0584 0x6564 bcmfn - ok
21:52:53.0587 0x6564 bcmfn2 - ok
21:52:53.0589 0x6564 BDESVC - ok
21:52:53.0591 0x6564 Beep - ok
21:52:53.0593 0x6564 BFE - ok
21:52:53.0595 0x6564 BITS - ok
21:52:53.0598 0x6564 bowser - ok
21:52:53.0600 0x6564 BrokerInfrastructure - ok
21:52:53.0603 0x6564 Browser - ok
21:52:53.0617 0x6564 [ 5A567D554A936735EFE98128BB946625, F9B4D59FECCF72CA76D024F6DFEF42C26B76679CB10138AF369BCC7126D9C25B ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
21:52:53.0627 0x6564 BstHdAndroidSvc - ok
21:52:53.0633 0x6564 [ CA4F8CFE4641DC211C80B46EAFF181E1, 28F95D32CB0E2A62A518A1FCC286A127FFF9D32D94EAE2D47581CBD425164B1C ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
21:52:53.0639 0x6564 BstHdDrv - ok
21:52:53.0650 0x6564 [ BE6EB48B31500775F48FE96DA1BE87CA, D3BE40EDA9730378FF8BCBF080894163146B5B521930F60A8CCD7C099662E920 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
21:52:53.0660 0x6564 BstHdLogRotatorSvc - ok
21:52:53.0680 0x6564 [ 399A83F36089A34A30346F518E075A1D, 7F8377951269A7421AAAB9FBCC9A969B3CF33B82C9A8A8AC54E977E92B1EB73D ] BstHdUpdaterSvc C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
21:52:53.0697 0x6564 BstHdUpdaterSvc - ok
21:52:53.0700 0x6564 BthAvrcpTg - ok
21:52:53.0703 0x6564 BthHFEnum - ok
21:52:53.0705 0x6564 bthhfhid - ok
21:52:53.0708 0x6564 BthHFSrv - ok
21:52:53.0710 0x6564 BTHMODEM - ok
21:52:53.0714 0x6564 bthserv - ok
21:52:53.0717 0x6564 buttonconverter - ok
21:52:53.0719 0x6564 CapImg - ok
21:52:53.0730 0x6564 [ 3D50891CAA71E3479A8A10F25CA9207F, AEF11602299188DC07F758D13ACC5F91BCD8BE94E87D050C01B1CD155CE10791 ] cbfs3 C:\WINDOWS\system32\drivers\cbfs3.sys
21:52:53.0739 0x6564 cbfs3 - ok
21:52:53.0753 0x6564 [ 8F21DB532E7CDC2A6B075D2D1A58E3F8, 612DCD6F58F8A249CC723967D3987230D0DD533C194E7A06C9823E7BB67B42D6 ] cbfs5 C:\WINDOWS\system32\drivers\cbfs5.sys
21:52:53.0763 0x6564 cbfs5 - ok
21:52:53.0766 0x6564 cdfs - ok
21:52:53.0768 0x6564 CDPSvc - ok
21:52:53.0771 0x6564 cdrom - ok
21:52:53.0773 0x6564 CertPropSvc - ok
21:52:53.0780 0x6564 [ 8C17F3795DAE9A0ECDE4B3A3B0740E5F, 65807F2EEB7E60E1A7EFB4AEC9BB20C7121E8754E9001616DF919E5EA8B7C541 ] cfkovin C:\WINDOWS\system32\drivers\qfpwoi.sys
21:52:53.0786 0x6564 cfkovin - ok
21:52:53.0788 0x6564 circlass - ok
21:52:53.0791 0x6564 CLFS - ok
21:52:53.0793 0x6564 ClipSVC - ok
21:52:53.0799 0x6564 CmBatt - ok
21:52:53.0811 0x6564 [ B2A6D2A30E93B6F215F74AC7E1733C9C, 960299F7BF2501B46296EDEA050BF30313C17A9B785574B56B79C070BD1B6E1A ] cm_km C:\WINDOWS\system32\DRIVERS\cm_km.sys
21:52:53.0822 0x6564 cm_km - ok
21:52:53.0825 0x6564 CNG - ok
21:52:53.0827 0x6564 cnghwassist - ok
21:52:53.0842 0x6564 CompositeBus - ok
21:52:53.0845 0x6564 COMSysApp - ok
21:52:53.0847 0x6564 condrv - ok
21:52:53.0850 0x6564 CoreMessagingRegistrar - ok
21:52:53.0875 0x6564 [ 137BC921135ECDA3E9917B56E3550D32, 6585F4FFEAB32583B867A14F7B7C09C563B1EA715AD9C3B850A7965C54A819A0 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
21:52:53.0891 0x6564 cphs - ok
21:52:53.0895 0x6564 CryptSvc - ok
21:52:53.0898 0x6564 CSC - ok
21:52:53.0900 0x6564 CscService - ok
21:52:53.0903 0x6564 dam - ok
21:52:53.0907 0x6564 DcomLaunch - ok
21:52:53.0909 0x6564 DcpSvc - ok
21:52:53.0911 0x6564 defragsvc - ok
21:52:53.0914 0x6564 DeviceAssociationService - ok
21:52:53.0917 0x6564 DeviceInstall - ok
21:52:53.0920 0x6564 DevQueryBroker - ok
21:52:53.0922 0x6564 Dfsc - ok
21:52:53.0924 0x6564 Dhcp - ok
21:52:53.0927 0x6564 diagnosticshub.standardcollector.service - ok
21:52:53.0930 0x6564 DiagTrack - ok
21:52:53.0932 0x6564 disk - ok
21:52:53.0936 0x6564 DmEnrollmentSvc - ok
21:52:53.0938 0x6564 dmvsc - ok
21:52:53.0940 0x6564 dmwappushservice - ok
21:52:53.0943 0x6564 Dnscache - ok
21:52:53.0946 0x6564 dot3svc - ok
21:52:53.0948 0x6564 DPS - ok
21:52:53.0951 0x6564 drmkaud - ok
21:52:53.0954 0x6564 DsmSvc - ok
21:52:53.0956 0x6564 DsSvc - ok
21:52:53.0965 0x6564 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
21:52:53.0973 0x6564 dtsoftbus01 - ok
21:52:53.0977 0x6564 DXGKrnl - ok
21:52:53.0979 0x6564 e1iexpress - ok
21:52:53.0981 0x6564 Eaphost - ok
21:52:53.0984 0x6564 ebdrv - ok
21:52:53.0987 0x6564 EFS - ok
21:52:53.0989 0x6564 EhStorClass - ok
21:52:53.0992 0x6564 EhStorTcgDrv - ok
21:52:53.0994 0x6564 embeddedmode - ok
21:52:53.0996 0x6564 EntAppSvc - ok
21:52:53.0998 0x6564 ErrDev - ok
21:52:54.0003 0x6564 EventSystem - ok
21:52:54.0005 0x6564 exfat - ok
21:52:54.0008 0x6564 fastfat - ok
21:52:54.0010 0x6564 Fax - ok
21:52:54.0013 0x6564 fdc - ok
21:52:54.0016 0x6564 fdPHost - ok
21:52:54.0018 0x6564 FDResPub - ok
21:52:54.0021 0x6564 fhsvc - ok
21:52:54.0023 0x6564 FileCrypt - ok
21:52:54.0025 0x6564 FileInfo - ok
21:52:54.0028 0x6564 Filetrace - ok
21:52:54.0030 0x6564 flpydisk - ok
21:52:54.0032 0x6564 FltMgr - ok
21:52:54.0035 0x6564 FontCache - ok
21:52:54.0037 0x6564 FontCache3.0.0.0 - ok
21:52:54.0040 0x6564 FsDepends - ok
21:52:54.0043 0x6564 Fs_Rec - ok
21:52:54.0045 0x6564 fvevol - ok
21:52:54.0047 0x6564 gagp30kx - ok
21:52:54.0050 0x6564 gencounter - ok
21:52:54.0053 0x6564 genericusbfn - ok
21:52:54.0056 0x6564 GPIOClx0101 - ok
21:52:54.0058 0x6564 gpsvc - ok
21:52:54.0061 0x6564 GpuEnergyDrv - ok
21:52:54.0067 0x6564 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:52:54.0074 0x6564 gupdate - ok
21:52:54.0079 0x6564 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:52:54.0085 0x6564 gupdatem - ok
21:52:54.0089 0x6564 [ 8C17F3795DAE9A0ECDE4B3A3B0740E5F, 65807F2EEB7E60E1A7EFB4AEC9BB20C7121E8754E9001616DF919E5EA8B7C541 ] haaxhl C:\WINDOWS\system32\drivers\xury.sys
21:52:54.0095 0x6564 haaxhl - ok
21:52:54.0097 0x6564 HDAudBus - ok
21:52:54.0100 0x6564 HidBatt - ok
21:52:54.0103 0x6564 HidBth - ok
21:52:54.0106 0x6564 hidi2c - ok
21:52:54.0108 0x6564 hidinterrupt - ok
21:52:54.0111 0x6564 HidIr - ok
21:52:54.0113 0x6564 hidserv - ok
21:52:54.0115 0x6564 HidUsb - ok
21:52:54.0118 0x6564 HomeGroupListener - ok
21:52:54.0121 0x6564 HomeGroupProvider - ok
21:52:54.0123 0x6564 HpSAMD - ok
21:52:54.0125 0x6564 HTTP - ok
21:52:54.0129 0x6564 [ 1642C62F1FD5E1FF44608283994A7BB8, 4646AA0EF74A2AEE6C17D12206FCFE1E84D6FA712AD95A171F16D11BC9D3F11A ] huawei_enumerator C:\WINDOWS\System32\drivers\ew_jubusenum.sys
21:52:54.0140 0x6564 huawei_enumerator - ok
21:52:54.0143 0x6564 hwpolicy - ok
21:52:54.0145 0x6564 hyperkbd - ok
21:52:54.0148 0x6564 HyperVideo - ok
21:52:54.0150 0x6564 i8042prt - ok
21:52:54.0153 0x6564 iai2c - ok
21:52:54.0155 0x6564 iaLPSS2i_I2C - ok
21:52:54.0157 0x6564 iaLPSSi_GPIO - ok
21:52:54.0159 0x6564 iaLPSSi_I2C - ok
21:52:54.0176 0x6564 [ 6655615C7E4E29E6481F75A93ED99954, C7387D85DEC6BEF74DAD3B36398D1DA8914E9CF6F460D36E30088E3F6754E972 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
21:52:54.0192 0x6564 iaStorA - ok
21:52:54.0195 0x6564 iaStorAV - ok
21:52:54.0198 0x6564 [ F35FBCEB1B71BC20BBAFA526E203D6A1, F389B689B5DF0D204E3EA21B7201A89D29DE518716781BB390AC6E5CED64C790 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:52:54.0202 0x6564 IAStorDataMgrSvc - ok
21:52:54.0205 0x6564 iaStorV - ok
21:52:54.0207 0x6564 ibbus - ok
21:52:54.0210 0x6564 icssvc - ok
21:52:54.0212 0x6564 IEEtwCollectorService - ok
21:52:54.0364 0x6564 [ 34E103A5EFF7EADA5ADE6D61294FAA7F, 29AFF3C2C03D75B55D124EBA35534C1D7E2115748C23EAC79CF0FA6CBC994C1F ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
21:52:54.0485 0x6564 igfx - ok
21:52:54.0503 0x6564 [ 078DE1A9D9DB0BB617D4DCF1EF925928, 6E197785DE6F83FAB5E049F24CCC3838BB9B9EB20240BD48A2768103172B6242 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
21:52:54.0517 0x6564 igfxCUIService2.0.0.0 - ok
21:52:54.0520 0x6564 IKEEXT - ok
21:52:54.0525 0x6564 [ 5950F69F9B345952F3C2275C39EA393B, 382923DE0F5F25285F8C86BA628350DF1CFB6E63FF20736CF9285FB0F36A76DE ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
21:52:54.0531 0x6564 intaud_WaveExtensible - ok
21:52:54.0611 0x6564 [ 067D63BC5A114FF0C4EF3404F0134625, F6CE79F0015F19B1B346815F769758F5FF6DCA663626DCE352682D93763CFFC0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
21:52:54.0673 0x6564 IntcAzAudAddService - ok
21:52:54.0687 0x6564 [ 890144FA6AB42F2B54EE633BF96A019A, 8741904C66170BA11C78D31681E3759537C0BF2338538678BC64234DB8FDE93F ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
21:52:54.0698 0x6564 IntcDAud - ok
21:52:54.0718 0x6564 [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:52:54.0740 0x6564 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
21:52:54.0813 0x6564 Detect skipped due to KSN trusted
21:52:54.0813 0x6564 Intel(R) Capability Licensing Service Interface - ok
21:52:54.0832 0x6564 [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:52:54.0850 0x6564 Intel(R) Capability Licensing Service TCP IP Interface - ok
21:52:54.0859 0x6564 [ FA6094444A7DC90449800F964E0A8668, A6DCF395649FA185596D55713888922BA2A61D96AD0D5E7860FD47EE30B7E4CF ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
21:52:54.0869 0x6564 Intel(R) PROSet Monitoring Service - ok
21:52:54.0872 0x6564 intelide - ok
21:52:54.0874 0x6564 intelpep - ok
21:52:54.0876 0x6564 intelppm - ok
21:52:54.0879 0x6564 IoQos - ok
21:52:54.0881 0x6564 IpFilterDriver - ok
21:52:54.0884 0x6564 iphlpsvc - ok
21:52:54.0887 0x6564 IPMIDRV - ok
21:52:54.0889 0x6564 IPNAT - ok
21:52:54.0891 0x6564 IRENUM - ok
21:52:54.0893 0x6564 isapnp - ok
21:52:54.0895 0x6564 iScsiPrt - ok
21:52:54.0902 0x6564 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:52:54.0908 0x6564 jhi_service - ok
21:52:54.0911 0x6564 kbdclass - ok
21:52:54.0915 0x6564 kbdhid - ok
21:52:54.0917 0x6564 kdnic - ok
21:52:54.0920 0x6564 KeyIso - ok
21:52:54.0934 0x6564 [ 62EBD4202B505ACADE2FBC56CC73E0A2, 2FCA80096B7DB5B42E76F527D9ABCF29AF7D52FC60BED6DD4C11C1BACA0D63F1 ] kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys
21:52:54.0947 0x6564 kl1 - ok
21:52:54.0953 0x6564 [ 86F40D79CE80ACBE6BEBAC8CE89D75A0, 8B800425160D1AF3C32EF7B5CA794658EE09CD3EE782473D8D38E1C7706076B3 ] klbackupdisk C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys
21:52:54.0959 0x6564 klbackupdisk - ok
21:52:54.0963 0x6564 [ 1B321722C507A04E1EAFCFFD0F7B7EF9, 44AE02CEE15A8E712420554CAD34A55166A82FDCD593B5499AA94C7A762FFFFE ] klbackupflt C:\WINDOWS\system32\DRIVERS\klbackupflt.sys
21:52:54.0970 0x6564 klbackupflt - ok
21:52:54.0975 0x6564 [ B12242478186B62B2E214288B7DB3612, D3381C6B95A27D75348DC51411BABE144A4C333E1441077C4BF13A3BFBB4CA06 ] kldisk C:\WINDOWS\system32\DRIVERS\kldisk.sys
21:52:54.0981 0x6564 kldisk - ok
21:52:54.0984 0x6564 [ E2097C8F18F1E8E3B7D09F12B51843A3, 0506A99BD0962AAE64692BD7F080DB080F8B678DC59685CF22830A47B486430C ] klelam C:\WINDOWS\system32\DRIVERS\klelam.sys
21:52:54.0995 0x6564 klelam - ok
21:52:55.0001 0x6564 [ C64655B935BCBB5AB39F87F79F5087A6, 93F9547220C7B90D4BD7DD69535CF460E5A289464B1E66992D424720A2C157DD ] klflt C:\WINDOWS\system32\DRIVERS\klflt.sys
21:52:55.0010 0x6564 klflt - ok
21:52:55.0018 0x6564 [ 9787C6F1E3F487F8522CACF9C94E7D7D, 82589C930BB730C11D941048A31F4FEFBA8AD9E93C357C8F923A03FDB33AF0BE ] klhk C:\WINDOWS\system32\DRIVERS\klhk.sys
21:52:55.0027 0x6564 klhk - ok
21:52:55.0042 0x6564 [ 7796EAD58D8C1A42AAB6B6CA9A3F106C, 7DA8A05A0210F63C7D120DCF0101AD895D53368C0DED23E275F2BA79239FCE28 ] klids C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys
21:52:55.0051 0x6564 klids - ok
21:52:55.0076 0x6564 [ F1E2FB0CBC3E0B0886FC1784FC72B133, 3E388CC5BB32B1F75803E2516175BF3BFB97EE94AF2BB32FED4D73C8FE51B68E ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
21:52:55.0097 0x6564 KLIF - ok
21:52:55.0101 0x6564 [ 5D9960343E6866C420727727AFBE17BC, 9E42334AA1D4E61F6C554CFAA6B6FA97EFFBE26EE6DE253033A422AF1D1015AC ] KLIM6 C:\WINDOWS\system32\DRIVERS\klim6.sys
21:52:55.0108 0x6564 KLIM6 - ok
21:52:55.0112 0x6564 [ 36E044A2C64FCBCBC0F42ED5050F9CBD, 1AF18BA5B84AF9EEE9AE387900AA6C5492FAC05B7830793456EE03E94C4FF096 ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
21:52:55.0120 0x6564 klkbdflt - ok
21:52:55.0127 0x6564 [ FD47C92A63B6EADEA830BFA96C06EAEE, C15C39B6FA53CBD01A2F95243845C4B706B4229F8FFB75C7128819B9CEE5B2CB ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
21:52:55.0132 0x6564 klmouflt - ok
21:52:55.0136 0x6564 [ 26E1917517E613D07F2A122CEEBB8161, A03C4F9FA37DBB48AB00330A4F0ACC7841D425DAE7E374508AD53BC010C0F746 ] klpd C:\WINDOWS\system32\DRIVERS\klpd.sys
21:52:55.0144 0x6564 klpd - ok
21:52:55.0153 0x6564 [ B48F79A7B58EB9A5E4894A96453C6957, B05176A40DA7321409866D77DA03A36B44DA386C45C6AF149B14F65C2B9C8A6B ] klvssbrigde64 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe
21:52:55.0161 0x6564 klvssbrigde64 - ok
21:52:55.0165 0x6564 [ 8334692AFEB3289984B40898B6B30C06, 6A337CC33B0EFC3B61BFCABFDFE305BE1D334620FB4D87DDEDBC8214966D6DDE ] klwfp C:\WINDOWS\system32\DRIVERS\klwfp.sys
21:52:55.0172 0x6564 klwfp - ok
21:52:55.0178 0x6564 [ 68757CE88F3ACC354506F6FD2E8A7AA8, 962105CBD4CD3E4D690CFDBCDCD0A92F151E2A6606B9A8A8DF5A1026E938735D ] Klwtp C:\WINDOWS\system32\DRIVERS\klwtp.sys
21:52:55.0184 0x6564 Klwtp - ok
21:52:55.0191 0x6564 [ 58CD685752080EDAEB4EEC7E6428546D, 59E280A025A91BCEC029D21B4DCC6342F354B9D6592C0EE14217BF5B32FB259B ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
21:52:55.0199 0x6564 kneps - ok
21:52:55.0201 0x6564 KSecDD - ok
21:52:55.0206 0x6564 KSecPkg - ok
21:52:55.0209 0x6564 ksthunk - ok
21:52:55.0212 0x6564 KtmRm - ok
21:52:55.0214 0x6564 LanmanServer - ok
21:52:55.0217 0x6564 LanmanWorkstation - ok
21:52:55.0221 0x6564 lfsvc - ok
21:52:55.0223 0x6564 LicenseManager - ok
21:52:55.0227 0x6564 [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
21:52:55.0232 0x6564 lirsgt - ok
21:52:55.0235 0x6564 lltdio - ok
21:52:55.0238 0x6564 lltdsvc - ok
21:52:55.0240 0x6564 lmhosts - ok
21:52:55.0250 0x6564 [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:52:55.0260 0x6564 LMS - ok
21:52:55.0264 0x6564 LSI_SAS - ok
21:52:55.0267 0x6564 LSI_SAS2i - ok
21:52:55.0270 0x6564 LSI_SAS3i - ok
21:52:55.0273 0x6564 LSI_SSS - ok
21:52:55.0276 0x6564 LSM - ok
21:52:55.0278 0x6564 luafv - ok
21:52:55.0280 0x6564 MapsBroker - ok
21:52:55.0283 0x6564 [ 830708A5CC0A19196C1DC205BED5A3A8, 551B69372AB7A49586498BFDF1AE83311D837B25558C7CEF04118010A99F5A1D ] massfilter C:\WINDOWS\System32\drivers\massfilter.sys
21:52:55.0290 0x6564 massfilter - ok
21:52:55.0298 0x6564 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
21:52:55.0305 0x6564 MBAMSwissArmy - ok
21:52:55.0308 0x6564 megasas - ok
21:52:55.0310 0x6564 megasr - ok
21:52:55.0314 0x6564 [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
21:52:55.0320 0x6564 MEIx64 - ok
21:52:55.0323 0x6564 MessagingService - ok
21:52:55.0334 0x6564 mlx4_bus - ok
21:52:55.0336 0x6564 MMCSS - ok
21:52:55.0339 0x6564 Modem - ok
21:52:55.0341 0x6564 monitor - ok
21:52:55.0343 0x6564 mouclass - ok
21:52:55.0345 0x6564 mouhid - ok
21:52:55.0348 0x6564 mountmgr - ok
21:52:55.0350 0x6564 mpsdrv - ok
21:52:55.0352 0x6564 MpsSvc - ok
21:52:55.0355 0x6564 MRxDAV - ok
21:52:55.0357 0x6564 mrxsmb - ok
21:52:55.0359 0x6564 mrxsmb10 - ok
21:52:55.0361 0x6564 mrxsmb20 - ok
21:52:55.0364 0x6564 MsBridge - ok
21:52:55.0367 0x6564 MSDTC - ok
21:52:55.0371 0x6564 Msfs - ok
21:52:55.0374 0x6564 msgpiowin32 - ok
21:52:55.0376 0x6564 mshidkmdf - ok
21:52:55.0378 0x6564 mshidumdf - ok
21:52:55.0381 0x6564 msisadrv - ok
21:52:55.0383 0x6564 MSiSCSI - ok
21:52:55.0385 0x6564 msiserver - ok
21:52:55.0388 0x6564 MSKSSRV - ok
21:52:55.0390 0x6564 MsLldp - ok
21:52:55.0392 0x6564 MSPCLOCK - ok
21:52:55.0394 0x6564 MSPQM - ok
21:52:55.0396 0x6564 MsRPC - ok
21:52:55.0399 0x6564 mssmbios - ok
21:52:55.0401 0x6564 MSTEE - ok
21:52:55.0404 0x6564 MTConfig - ok
21:52:55.0406 0x6564 Mup - ok
21:52:55.0409 0x6564 mvumis - ok
21:52:55.0415 0x6564 NativeWifiP - ok
21:52:55.0417 0x6564 NcaSvc - ok
21:52:55.0419 0x6564 NcbService - ok
21:52:55.0422 0x6564 NcdAutoSetup - ok
21:52:55.0424 0x6564 ndfltr - ok
21:52:55.0426 0x6564 NDIS - ok
21:52:55.0429 0x6564 NdisCap - ok
21:52:55.0431 0x6564 NdisImPlatform - ok
21:52:55.0433 0x6564 NdisTapi - ok
21:52:55.0435 0x6564 Ndisuio - ok
21:52:55.0438 0x6564 NdisVirtualBus - ok
21:52:55.0440 0x6564 NdisWan - ok
21:52:55.0442 0x6564 ndiswanlegacy - ok
21:52:55.0444 0x6564 ndproxy - ok
21:52:55.0447 0x6564 Ndu - ok
21:52:55.0449 0x6564 NetBIOS - ok
21:52:55.0452 0x6564 NetBT - ok
21:52:55.0454 0x6564 Netlogon - ok
21:52:55.0459 0x6564 Netman - ok
21:52:55.0462 0x6564 netprofm - ok
21:52:55.0464 0x6564 NetSetupSvc - ok
21:52:55.0479 0x6564 NetTcpPortSharing - ok
21:52:55.0482 0x6564 netvsc - ok
21:52:55.0485 0x6564 NgcCtnrSvc - ok
21:52:55.0488 0x6564 NgcSvc - ok
21:52:55.0490 0x6564 NlaSvc - ok
21:52:55.0502 0x6564 [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] npf C:\WINDOWS\system32\drivers\npf.sys
21:52:55.0507 0x6564 npf - ok
21:52:55.0509 0x6564 Npfs - ok
21:52:55.0513 0x6564 npsvctrig - ok
21:52:55.0515 0x6564 nsi - ok
21:52:55.0517 0x6564 nsiproxy - ok
21:52:55.0522 0x6564 NTFS - ok
21:52:55.0525 0x6564 Null - ok
21:52:55.0527 0x6564 nvraid - ok
21:52:55.0530 0x6564 nvstor - ok
21:52:55.0532 0x6564 nv_agp - ok
21:52:55.0534 0x6564 OneSyncSvc - ok
21:52:55.0549 0x6564 p2pimsvc - ok
21:52:55.0551 0x6564 p2psvc - ok
21:52:55.0555 0x6564 Parport - ok
21:52:55.0557 0x6564 partmgr - ok
21:52:55.0560 0x6564 PcaSvc - ok
21:52:55.0562 0x6564 pci - ok
21:52:55.0564 0x6564 pciide - ok
21:52:55.0566 0x6564 pcmcia - ok
21:52:55.0568 0x6564 pcw - ok
21:52:55.0571 0x6564 pdc - ok
21:52:55.0573 0x6564 PEAUTH - ok
21:52:55.0575 0x6564 PeerDistSvc - ok
21:52:55.0578 0x6564 percsas2i - ok
21:52:55.0580 0x6564 percsas3i - ok
21:52:55.0595 0x6564 PerfHost - ok
21:52:55.0601 0x6564 PhoneSvc - ok
21:52:55.0603 0x6564 PimIndexMaintenanceSvc - ok
21:52:55.0611 0x6564 pla - ok
21:52:55.0613 0x6564 PlugPlay - ok
21:52:55.0615 0x6564 PNRPAutoReg - ok
21:52:55.0618 0x6564 PNRPsvc - ok
21:52:55.0621 0x6564 PolicyAgent - ok
21:52:55.0627 0x6564 [ 4671F353D0DF74C3B0D2D00DE676F56C, 0F75009DD36B2E18212CE855FB7CA7D273E5749D8F2F451655ED81AA5E86BA9F ] postgresql-8.4 c:\postgreSQL\bin\pg_ctl.exe
21:52:55.0631 0x6564 postgresql-8.4 - detected UnsignedFile.Multi.Generic ( 1 )
21:52:55.0707 0x6564 Detect skipped due to KSN trusted
21:52:55.0707 0x6564 postgresql-8.4 - ok
21:52:55.0710 0x6564 Power - ok
21:52:55.0712 0x6564 PptpMiniport - ok
21:52:55.0850 0x6564 [ C9908063F90F5541098BF19EA63E1327, AA6B5E4D01CD8061D5953FDE3025FE4AF01B265C182B8818107A035E4FFAD0DF ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
21:52:55.0936 0x6564 PrintNotify - ok
21:52:55.0941 0x6564 Processor - ok
21:52:55.0943 0x6564 ProfSvc - ok
21:52:55.0946 0x6564 Psched - ok
21:52:55.0956 0x6564 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
21:52:55.0961 0x6564 PSI - ok
21:52:55.0963 0x6564 QWAVE - ok
21:52:55.0966 0x6564 QWAVEdrv - ok
21:52:55.0968 0x6564 RasAcd - ok
21:52:55.0971 0x6564 RasAgileVpn - ok
21:52:55.0973 0x6564 RasAuto - ok
21:52:55.0976 0x6564 Rasl2tp - ok
21:52:55.0978 0x6564 RasMan - ok
21:52:55.0980 0x6564 RasPppoe - ok
21:52:55.0982 0x6564 RasSstp - ok
21:52:55.0984 0x6564 rdbss - ok
21:52:55.0987 0x6564 rdpbus - ok
21:52:55.0989 0x6564 RDPDR - ok
21:52:55.0997 0x6564 RdpVideoMiniport - ok
21:52:56.0005 0x6564 rdyboost - ok
21:52:56.0007 0x6564 ReFSv1 - ok
21:52:56.0017 0x6564 RemoteAccess - ok
21:52:56.0019 0x6564 RemoteRegistry - ok
21:52:56.0023 0x6564 RetailDemo - ok
21:52:56.0025 0x6564 RpcEptMapper - ok
21:52:56.0027 0x6564 RpcLocator - ok
21:52:56.0035 0x6564 RpcSs - ok
21:52:56.0039 0x6564 rspndr - ok
21:52:56.0040 0x6564 s3cap - ok
21:52:56.0045 0x6564 SamSs - ok
21:52:56.0047 0x6564 sbp2port - ok
21:52:56.0050 0x6564 SCardSvr - ok
21:52:56.0052 0x6564 ScDeviceEnum - ok
21:52:56.0055 0x6564 scfilter - ok
21:52:56.0060 0x6564 Schedule - ok
21:52:56.0063 0x6564 SCPolicySvc - ok
21:52:56.0065 0x6564 sdbus - ok
21:52:56.0069 0x6564 SDRSVC - ok
21:52:56.0077 0x6564 sdstor - ok
21:52:56.0080 0x6564 seclogon - ok
21:52:56.0133 0x6564 [ 5E0E975998BF1612E18B898E5D17838B, 76C11C62DB8055F03F868685E8E2016D99D3FC48313CB51C69E7CEA589D80890 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:52:56.0158 0x6564 Secunia PSI Agent - ok
21:52:56.0192 0x6564 [ 508DD2E1D5F272B2D3196335DEA2BC26, 2BDC828DB9D9766445C345E82751FA7EF94A089EC84565675EDADE3EC7EB5748 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
21:52:56.0207 0x6564 Secunia Update Agent - ok
21:52:56.0211 0x6564 SENS - ok
21:52:56.0214 0x6564 SensorDataService - ok
21:52:56.0216 0x6564 SensorService - ok
21:52:56.0219 0x6564 SensrSvc - ok
21:52:56.0221 0x6564 SerCx - ok
21:52:56.0225 0x6564 SerCx2 - ok
21:52:56.0228 0x6564 Serenum - ok
21:52:56.0230 0x6564 Serial - ok
21:52:56.0232 0x6564 sermouse - ok
21:52:56.0238 0x6564 SessionEnv - ok
21:52:56.0240 0x6564 sfloppy - ok
21:52:56.0242 0x6564 SharedAccess - ok
21:52:56.0245 0x6564 ShellHWDetection - ok
21:52:56.0247 0x6564 SiSRaid2 - ok
21:52:56.0250 0x6564 SiSRaid4 - ok
21:52:56.0259 0x6564 [ 6749AD471D1D44CBD1F30257C861F77B, D5A554F35E380948F13BFE0673B49F8FD8AE5A438BF3645857522E2560A58685 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:52:56.0272 0x6564 SkypeUpdate - ok
21:52:56.0275 0x6564 smphost - ok
21:52:56.0277 0x6564 SmsRouter - ok
21:52:56.0281 0x6564 SNMPTRAP - ok
21:52:56.0284 0x6564 spaceport - ok
21:52:56.0286 0x6564 SpbCx - ok
21:52:56.0289 0x6564 Spooler - ok
21:52:56.0291 0x6564 sppsvc - ok
21:52:56.0294 0x6564 srv - ok
21:52:56.0296 0x6564 srv2 - ok
21:52:56.0298 0x6564 srvnet - ok
21:52:56.0300 0x6564 SSDPSRV - ok
21:52:56.0303 0x6564 SstpSvc - ok
21:52:56.0306 0x6564 StateRepository - ok
21:52:56.0309 0x6564 stexstor - ok
21:52:56.0311 0x6564 stisvc - ok
21:52:56.0314 0x6564 storahci - ok
21:52:56.0316 0x6564 storflt - ok
21:52:56.0318 0x6564 stornvme - ok
21:52:56.0322 0x6564 storqosflt - ok
21:52:56.0324 0x6564 StorSvc - ok
21:52:56.0327 0x6564 storufs - ok
21:52:56.0329 0x6564 storvsc - ok
21:52:56.0331 0x6564 svsvc - ok
21:52:56.0333 0x6564 swenum - ok
21:52:56.0336 0x6564 swprv - ok
21:52:56.0338 0x6564 Synth3dVsc - ok
21:52:56.0341 0x6564 SysMain - ok
21:52:56.0344 0x6564 SystemEventsBroker - ok
21:52:56.0347 0x6564 TabletInputService - ok
21:52:56.0349 0x6564 TapiSrv - ok
21:52:56.0352 0x6564 Tcpip - ok
21:52:56.0354 0x6564 Tcpip6 - ok
21:52:56.0358 0x6564 tcpipreg - ok
21:52:56.0361 0x6564 tdx - ok
21:52:56.0507 0x6564 [ D6DDCFFF145CB7D334EECC2F9A8E304F, DC2E19A799F336DF299460C8DB4EE0B2597ADC6C4728F2BB3BBCFA1192BE809C ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
21:52:56.0614 0x6564 TeamViewer - ok
21:52:56.0623 0x6564 terminpt - ok
21:52:56.0625 0x6564 TermService - ok
21:52:56.0628 0x6564 Themes - ok
21:52:56.0630 0x6564 TieringEngineService - ok
21:52:56.0633 0x6564 tiledatamodelsvc - ok
21:52:56.0636 0x6564 TimeBroker - ok
21:52:56.0639 0x6564 TPM - ok
21:52:56.0642 0x6564 TrkWks - ok
21:52:56.0644 0x6564 TrustedInstaller - ok
21:52:56.0648 0x6564 tsusbflt - ok
21:52:56.0650 0x6564 TsUsbGD - ok
21:52:56.0653 0x6564 tunnel - ok
21:52:56.0656 0x6564 tzautoupdate - ok
21:52:56.0659 0x6564 [ A070ABB9D85582B2BECADBE6FCD12350, 3EBFA349F87933E20C4EADA2FA2E64206CCAC70DFB8B52C2E41670FFB16D7336 ] t_mouse.sys C:\WINDOWS\system32\DRIVERS\t_mouse.sys
21:52:56.0667 0x6564 t_mouse.sys - ok
21:52:56.0670 0x6564 uagp35 - ok
21:52:56.0673 0x6564 UASPStor - ok
21:52:56.0676 0x6564 UcmCx0101 - ok
21:52:56.0678 0x6564 UcmUcsi - ok
21:52:56.0681 0x6564 Ucx01000 - ok
21:52:56.0683 0x6564 UdeCx - ok
21:52:56.0685 0x6564 udfs - ok
21:52:56.0687 0x6564 UEFI - ok
21:52:56.0690 0x6564 Ufx01000 - ok
21:52:56.0692 0x6564 UfxChipidea - ok
21:52:56.0694 0x6564 ufxsynopsys - ok
21:52:56.0698 0x6564 UI0Detect - ok
21:52:56.0700 0x6564 uliagpkx - ok
21:52:56.0702 0x6564 umbus - ok
21:52:56.0704 0x6564 UmPass - ok
21:52:56.0707 0x6564 UmRdpService - ok
21:52:56.0709 0x6564 UnistoreSvc - ok
21:52:56.0715 0x6564 upnphost - ok
21:52:56.0718 0x6564 UrsChipidea - ok
21:52:56.0720 0x6564 UrsCx01000 - ok
21:52:56.0723 0x6564 UrsSynopsys - ok
21:52:56.0726 0x6564 usbccgp - ok
21:52:56.0729 0x6564 usbcir - ok
21:52:56.0731 0x6564 usbehci - ok
21:52:56.0734 0x6564 usbhub - ok
21:52:56.0736 0x6564 USBHUB3 - ok
21:52:56.0739 0x6564 usbohci - ok
21:52:56.0741 0x6564 usbprint - ok
21:52:56.0743 0x6564 usbser - ok
21:52:56.0746 0x6564 USBSTOR - ok
21:52:56.0748 0x6564 usbuhci - ok
21:52:56.0750 0x6564 USBXHCI - ok
21:52:56.0753 0x6564 UserDataSvc - ok
21:52:56.0759 0x6564 UserManager - ok
21:52:56.0762 0x6564 UsoSvc - ok
21:52:56.0764 0x6564 VaultSvc - ok
21:52:56.0766 0x6564 vdrvroot - ok
21:52:56.0768 0x6564 vds - ok
21:52:56.0771 0x6564 VerifierExt - ok
21:52:56.0773 0x6564 vhdmp - ok
21:52:56.0776 0x6564 vhf - ok
21:52:56.0778 0x6564 vmbus - ok
21:52:56.0780 0x6564 VMBusHID - ok
21:52:56.0782 0x6564 vmicguestinterface - ok
21:52:56.0785 0x6564 vmicheartbeat - ok
21:52:56.0787 0x6564 vmickvpexchange - ok
21:52:56.0790 0x6564 vmicrdv - ok
21:52:56.0792 0x6564 vmicshutdown - ok
21:52:56.0794 0x6564 vmictimesync - ok
21:52:56.0796 0x6564 vmicvmsession - ok
21:52:56.0798 0x6564 vmicvss - ok
21:52:56.0800 0x6564 volmgr - ok
21:52:56.0803 0x6564 volmgrx - ok
21:52:56.0805 0x6564 volsnap - ok
21:52:56.0808 0x6564 vpci - ok
21:52:56.0810 0x6564 [ 41BF1EC86CDDE6097577381A1039AA51, DCAD7B25699195F2EA55FFACD4B2AACDD7F4CBC5C353046CAD0D44EF73D21CE6 ] vpnpbus C:\WINDOWS\System32\drivers\vpnpbus.sys
21:52:56.0815 0x6564 vpnpbus - ok
21:52:56.0817 0x6564 vsmraid - ok
21:52:56.0820 0x6564 VSS - ok
21:52:56.0823 0x6564 VSTXRAID - ok
21:52:56.0825 0x6564 vwifibus - ok
21:52:56.0828 0x6564 vwififlt - ok
21:52:56.0830 0x6564 W32Time - ok
21:52:56.0832 0x6564 WacomPen - ok
21:52:56.0834 0x6564 WalletService - ok
21:52:56.0837 0x6564 wanarp - ok
21:52:56.0840 0x6564 wanarpv6 - ok
21:52:56.0842 0x6564 wbengine - ok
21:52:56.0844 0x6564 WbioSrvc - ok
21:52:56.0846 0x6564 Wcmsvc - ok
21:52:56.0849 0x6564 wcncsvc - ok
21:52:56.0851 0x6564 WcsPlugInService - ok
21:52:56.0853 0x6564 WdBoot - ok
21:52:56.0856 0x6564 Wdf01000 - ok
21:52:56.0859 0x6564 WdFilter - ok
21:52:56.0861 0x6564 WdiServiceHost - ok
21:52:56.0863 0x6564 WdiSystemHost - ok
21:52:56.0866 0x6564 wdiwifi - ok
21:52:56.0868 0x6564 WdNisDrv - ok
21:52:56.0870 0x6564 WdNisSvc - ok
21:52:56.0873 0x6564 WebClient - ok
21:52:56.0876 0x6564 Wecsvc - ok
21:52:56.0878 0x6564 WEPHOSTSVC - ok
21:52:56.0881 0x6564 wercplsupport - ok
21:52:56.0883 0x6564 WerSvc - ok
21:52:56.0885 0x6564 WFPLWFS - ok
21:52:56.0888 0x6564 WiaRpc - ok
21:52:56.0890 0x6564 WIMMount - ok
21:52:56.0892 0x6564 WinDefend - ok
21:52:56.0897 0x6564 WindowsTrustedRT - ok
21:52:56.0899 0x6564 WindowsTrustedRTProxy - ok
21:52:56.0902 0x6564 WinHttpAutoProxySvc - ok
21:52:56.0904 0x6564 WinMad - ok
21:52:56.0909 0x6564 Winmgmt - ok
21:52:56.0911 0x6564 WinRM - ok
21:52:56.0916 0x6564 WINUSB - ok
21:52:56.0918 0x6564 WinVerbs - ok
21:52:56.0920 0x6564 WlanSvc - ok
21:52:56.0923 0x6564 wlidsvc - ok
21:52:56.0925 0x6564 WmiAcpi - ok
21:52:56.0929 0x6564 wmiApSrv - ok
21:52:56.0930 0x6564 WMPNetworkSvc - ok
21:52:56.0936 0x6564 [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof C:\WINDOWS\system32\drivers\Wof.sys
21:52:56.0948 0x6564 Wof - ok
21:52:56.0953 0x6564 workfolderssvc - ok
21:52:56.0955 0x6564 wpcfltr - ok
21:52:56.0958 0x6564 WPDBusEnum - ok
21:52:56.0961 0x6564 WpdUpFltr - ok
21:52:56.0963 0x6564 WpnService - ok
21:52:56.0965 0x6564 ws2ifsl - ok
21:52:56.0968 0x6564 wscsvc - ok
21:52:56.0970 0x6564 WSearch - ok
21:52:56.0974 0x6564 WSService - ok
21:52:56.0976 0x6564 wuauserv - ok
21:52:56.0980 0x6564 WudfPf - ok
21:52:56.0982 0x6564 WUDFRd - ok
21:52:56.0985 0x6564 wudfsvc - ok
21:52:56.0986 0x6564 WUDFWpdFs - ok
21:52:56.0989 0x6564 WwanSvc - ok
21:52:56.0992 0x6564 XblAuthManager - ok
21:52:56.0994 0x6564 XblGameSave - ok
21:52:56.0996 0x6564 xboxgip - ok
21:52:56.0998 0x6564 XboxNetApiSvc - ok
21:52:57.0000 0x6564 xinputhid - ok
21:52:57.0006 0x6564 [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
21:52:57.0016 0x6564 ZTEusbmdm6k - ok
21:52:57.0021 0x6564 [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
21:52:57.0030 0x6564 ZTEusbnmea - ok
21:52:57.0036 0x6564 [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
21:52:57.0045 0x6564 ZTEusbser6k - ok
21:52:57.0046 0x6564 ================ Scan global ===============================
21:52:57.0056 0x6564 [ Global ] - ok
21:52:57.0057 0x6564 ================ Scan MBR ==================================
21:52:57.0059 0x6564 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:52:57.0087 0x6564 \Device\Harddisk0\DR0 - ok
21:52:57.0106 0x6564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:52:57.0162 0x6564 \Device\Harddisk1\DR1 - ok
21:52:57.0164 0x6564 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR15
21:52:57.0232 0x6564 \Device\Harddisk2\DR15 - ok
21:52:57.0232 0x6564 ================ Scan VBR ==================================
21:52:57.0235 0x6564 [ 38C2FE1D178183318E548D71A55231FF ] \Device\Harddisk0\DR0\Partition1
21:52:57.0237 0x6564 \Device\Harddisk0\DR0\Partition1 - ok
21:52:57.0239 0x6564 [ 92C770137260836A671C78D2E1772499 ] \Device\Harddisk0\DR0\Partition2
21:52:57.0240 0x6564 \Device\Harddisk0\DR0\Partition2 - ok
21:52:57.0241 0x6564 [ 11E3792B0B345D42CAC743CC63407AE8 ] \Device\Harddisk0\DR0\Partition3
21:52:57.0242 0x6564 \Device\Harddisk0\DR0\Partition3 - ok
21:52:57.0243 0x6564 [ 7AD0065770D931DFA79A7376EDF849C0 ] \Device\Harddisk0\DR0\Partition4
21:52:57.0245 0x6564 \Device\Harddisk0\DR0\Partition4 - ok
21:52:57.0246 0x6564 [ 7D126F7FFF1F0E69254B70303154B143 ] \Device\Harddisk0\DR0\Partition5
21:52:57.0247 0x6564 \Device\Harddisk0\DR0\Partition5 - ok
21:52:57.0249 0x6564 [ C16D8E5058F1E975B857764A686BB8EF ] \Device\Harddisk0\DR0\Partition6
21:52:57.0250 0x6564 \Device\Harddisk0\DR0\Partition6 - ok
21:52:57.0251 0x6564 [ E64020231104CEE41FF348B9E5BBB0F5 ] \Device\Harddisk1\DR1\Partition1
21:52:57.0253 0x6564 \Device\Harddisk1\DR1\Partition1 - ok
21:52:57.0255 0x6564 [ 181EFC0222B36B24131684E8F807451D ] \Device\Harddisk2\DR15\Partition1
21:52:57.0256 0x6564 \Device\Harddisk2\DR15\Partition1 - ok
21:52:57.0257 0x6564 ================ Scan generic autorun ======================
21:52:57.0602 0x6564 [ 493ABE82E781DC998DCA299CE0CA9F50, 9FA0FBC03058802848B6D73B609C14C80F4764A79EB305D2CC0D76F3EDC88765 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
21:52:57.0907 0x6564 RTHDVCPL - ok
21:52:57.0924 0x6564 [ DB367E8C8F46C26A05BA982715CC0DB5, 63AE8DD8E41260123E8C98905BD3D444BED86AEA6353F690483E5CB116433AC2 ] C:\WINDOWS\system32\TiltWheelMouse.exe
21:52:57.0947 0x6564 MouseDriver - ok
21:52:57.0950 0x6564 [ C9900177A954E22C84A696075A40A173, 33E32173FF811DF1B687916CB3CADAE2907DAF5AC4B80F559039D3B61553C48F ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:52:57.0954 0x6564 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
21:52:58.0127 0x6564 Detect skipped due to KSN trusted
21:52:58.0127 0x6564 IAStorIcon - ok
21:52:58.0134 0x6564 [ 889E56C58F5AC4242E395E3AD5F7780C, 35AA891112BE86C28C6AF8DF44BFEE342BAB7BDA877917C9B6466204091B9ADE ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
21:52:58.0144 0x6564 Classic Start Menu - ok
21:52:58.0164 0x6564 [ BBFD8580CE42378BB7FCA5007F497589, 4B3E39495FC223A03CC6438AAC910820FEB13D253A9A97678428CFFD211829EA ] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
21:52:58.0185 0x6564 BlueStacks Agent - ok
21:52:58.0190 0x6564 [ 327F04D1CB456575CAF0A43A386F89DE, BE7AB56B38F12A778826B7D0621534472347C7107431A9F8AE8F3E50443B420D ] C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe
21:52:58.0195 0x6564 VizzedRgrPluginServiceLoader - detected UnsignedFile.Multi.Generic ( 1 )
21:52:58.0311 0x6564 VizzedRgrPluginServiceLoader ( UnsignedFile.Multi.Generic ) - warning
21:52:58.0409 0x6564 [ 297C1BDCC26ADB339D4C0F0550E434D6, EFF4EC2543421BE537B1EDC8E88CFF7C529F3774F54BD9A71CCDB33EE9ED6370 ] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe
21:52:58.0414 0x6564 Malwarebytes Anti-Malware (cleanup) - ok
21:52:58.0431 0x6564 OneDriveSetup - ok
21:52:58.0432 0x6564 OneDriveSetup - ok
21:52:58.0508 0x6564 [ 431644662BB5BA5348A450D31D5E58AD, 805BBD278711C60D090E49F3214F88DFAA77E2B379658359063D4933486D4EFF ] D:\KeePass Password Safe\KeePass.exe
21:52:58.0582 0x6564 KeePass Password Safe - detected UnsignedFile.Multi.Generic ( 1 )
21:52:58.0661 0x6564 Detect skipped due to KSN trusted
21:52:58.0661 0x6564 KeePass Password Safe - ok
21:52:58.0766 0x6564 [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
21:52:58.0877 0x6564 DAEMON Tools Lite - ok
21:52:58.0882 0x6564 GoogleDriveSync - ok
21:52:58.0987 0x6564 [ DCB9899BF368233DBEC7FE380DF8D8CF, 2BF25628911F76DED322DE7107AF315C04247806F26F0A385FFAF09657D98B41 ] D:\download1\boxcryptor\Boxcryptor.exe
21:52:59.0050 0x6564 Boxcryptor.exe - ok
21:52:59.0064 0x6564 [ 91DD4AD85BB341CC8CF5187EA06FD171, 68330A5EBDA7E4A51926EC2085D71C11BD2857A6EB1D4749DEE7A6D1D5679B98 ] C:\Users\gernot4\AppData\Local\Microsoft\OneDrive\OneDrive.exe
21:52:59.0081 0x6564 OneDrive - ok
21:52:59.0129 0x6564 [ 8280F72E0CA8941DADBD6EBDE764D15D, 3B8A3A8D6994B811D44E8998D78545B85B7C27B7A7E31F6656A66C38E020D0DA ] C:\Users\gernot4\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
21:52:59.0188 0x6564 MP3 Skype recorder - ok
21:52:59.0191 0x6564 Skype - ok
21:52:59.0193 0x6564 OneDriveSetup - ok
21:52:59.0194 0x6564 Skype - ok
21:52:59.0242 0x6564 [ 431644662BB5BA5348A450D31D5E58AD, 805BBD278711C60D090E49F3214F88DFAA77E2B379658359063D4933486D4EFF ] D:\KeePass Password Safe\KeePass.exe
21:52:59.0298 0x6564 KeePass Password Safe - detected UnsignedFile.Multi.Generic ( 1 )
21:52:59.0298 0x6564 Detect skipped due to KSN trusted
21:52:59.0298 0x6564 KeePass Password Safe - ok
21:52:59.0299 0x6564 WAB Migrate - ok
21:52:59.0301 0x6564 Waiting for KSN requests completion. In queue: 73
21:53:00.0313 0x6564 AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\wmiav.exe ( 16.0.1.445 ), 0x41000 ( enabled : updated )
21:53:00.0317 0x6564 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.494 ), 0x60100 ( disabled : updated )
21:53:00.0318 0x6564 FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\wmiav.exe ( 16.0.1.445 ), 0x41010 ( enabled )
21:53:00.0412 0x6564 ============================================================
21:53:00.0412 0x6564 Scan finished
21:53:00.0412 0x6564 ============================================================
21:53:00.0418 0x6140 Detected object count: 1
21:53:00.0418 0x6140 Actual detected object count: 1
21:54:13.0932 0x6140 VizzedRgrPluginServiceLoader ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:13.0932 0x6140 VizzedRgrPluginServiceLoader ( UnsignedFile.Multi.Generic ) - User select action: Skip
tx |