| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC infiziert ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.07.2015, 20:09
| #1 |
 |  PC infiziert ? Hi, ich bin mir nicht sicher, aber ich glaube ,dass ich mir was eingefangen habe. Da der PC länger braucht um Programme etc. zu öffnen bzw. lädt länger. Danke im voraus  Ich bitte um Hilfe. |
|
31.07.2015, 21:37
| #2 |
| /// TB-Ausbilder   | PC infiziert ? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
31.07.2015, 21:42
| #3 |
| | PC infiziert ?Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
durchgeführt von optik (Administrator) auf TWINZ (31-07-2015 22:39:53)
Gestartet von C:\Users\optik\Desktop
Geladene Profile: optik (Verfügbare Profile: optik)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(W. Rolke) C:\Program Files (x86)\GpuTmp64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-31] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
Startup: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GpuTemp.lnk [2014-05-15]
ShortcutTarget: GpuTemp.lnk -> C:\Users\optik\AppData\Roaming\Microsoft\Installer\{0FFA85AB-D704-48A6-A009-25A0559152C3}\_1168EA9E829EB9D5F56A58.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-31] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={EE0600AC-BB70-4284-95DD-AC086AB81948}&mid=3a82d230ca8847cd9d2665fc6923490d-47098512e241147adf33d02b0e79579ba0743eeb&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2015-06-09 22:06:30&v=18.5.0.909&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {8218E8BC-E228-4079-8CE7-6EA6CCCEA191} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032715-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032715-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={EE0600AC-BB70-4284-95DD-AC086AB81948}&mid=3a82d230ca8847cd9d2665fc6923490d-47098512e241147adf33d02b0e79579ba0743eeb&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2015-06-09 22:06:30&v=18.5.0.909&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-31] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-31] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-06-09] (AVG Secure Search)
Tcpip\..\Interfaces\{8FDBB051-95BF-412F-933F-373BC2F0A315}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF2A7DDF-191F-4DBA-9518-9620668B1B1F}: [NameServer] 62.109.121.1 62.109.121.2
FireFox:
========
FF ProfilePath: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895
FF NewTab: google.com
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: google.com
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2461873215-4186745203-1289361242-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\optik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-17] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\searchplugins\avg-secure-search.xml [2015-06-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-06-09]
FF Extension: Ant Video Downloader - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\Extensions\anttoolbar@ant.com [2015-05-29]
FF Extension: WOT - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-10]
FF Extension: Adblock Plus - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-12]
StartMenuInternet: FIREFOX.EXE - C:\Users\optik\Desktop\firefox.exe
Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-31] (AVAST Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-30] (Electronic Arts)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) [Datei ist nicht signiert]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-27] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-31] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-09-24] (Microsoft Corporation)
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-07-31 22:39 - 2015-07-31 22:40 - 00016566 _____ C:\Users\optik\Desktop\FRST.txt
2015-07-31 22:39 - 2015-07-31 22:39 - 02168832 _____ (Farbar) C:\Users\optik\Desktop\FRST64.exe
2015-07-31 20:15 - 2015-07-31 20:15 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-31 20:15 - 2015-07-31 20:15 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-30 23:16 - 2015-07-30 23:16 - 00002243 _____ C:\Users\optik\Desktop\Amnesia Demo.lnk
2015-07-30 23:16 - 2015-07-30 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent Demo
2015-07-30 23:16 - 2015-07-30 23:16 - 00000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent Demo
2015-07-30 13:20 - 2015-07-30 13:20 - 00000000 ____D C:\Users\optik\AppData\Local\CEF
2015-07-28 19:58 - 2015-07-25 15:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-28 16:10 - 2015-07-28 16:10 - 00015883 _____ C:\Users\optik\AppData\Local\recently-used.xbel
2015-07-21 14:02 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 14:02 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 14:02 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 14:02 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-16 17:25 - 2015-07-16 17:25 - 00000000 ____D C:\Users\optik\AppData\Local\webkit
2015-07-15 00:49 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 00:49 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 00:48 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 00:48 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 00:48 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 00:48 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 00:48 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 00:48 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 00:48 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 00:48 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 00:48 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 00:48 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 00:48 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 00:48 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 00:48 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 00:48 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 00:48 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 00:48 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 00:48 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 00:48 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 00:48 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 00:48 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 00:48 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 00:48 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 00:48 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 00:48 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 00:48 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 00:48 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 00:48 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 00:48 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 00:48 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 00:48 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 00:48 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 00:48 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 00:48 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 00:48 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 00:48 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 00:48 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 00:48 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 00:48 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 00:48 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 00:48 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 00:48 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 00:48 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 00:48 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 00:48 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 00:48 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 00:48 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 00:48 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 00:48 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 00:48 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 00:48 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 00:48 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 00:48 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 00:48 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 00:48 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 00:48 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 00:48 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 00:48 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 00:48 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 00:48 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 00:48 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 00:48 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 00:48 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 00:48 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 00:48 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 00:48 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 00:48 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 00:48 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 00:48 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 00:48 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 00:48 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 00:48 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 00:48 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 00:48 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 00:48 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 00:48 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 00:48 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 00:48 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 00:48 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 00:48 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 00:48 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 00:48 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 00:48 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 00:48 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 00:48 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 00:48 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 00:48 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 00:48 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 00:48 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 00:48 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 00:48 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 00:48 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 00:48 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 00:48 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 00:48 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 00:48 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 00:48 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 00:48 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 00:48 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 00:48 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 00:48 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 00:48 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 00:48 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 00:48 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 00:48 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 00:48 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 00:48 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 00:48 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 00:48 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 00:48 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 00:48 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 00:48 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 00:48 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 00:48 - 2014-11-04 21:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-15 00:48 - 2014-11-04 21:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-15 00:48 - 2014-11-04 08:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-15 00:48 - 2014-11-04 08:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-15 00:48 - 2014-11-04 08:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-15 00:48 - 2014-11-04 08:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-15 00:47 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 00:47 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-03 23:29 - 2015-07-03 23:29 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2015-07-02 23:26 - 2015-07-22 13:29 - 00000000 ____D C:\Program Files (x86)\TerminusKeeper
2015-07-02 23:26 - 2015-07-22 13:00 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-07-02 23:26 - 2015-07-02 23:26 - 00000000 ____D C:\Program Files (x86)\Silver Bird
2015-07-02 23:25 - 2015-07-22 13:01 - 00000000 ____D C:\Program Files (x86)\CutThePrice
2015-07-02 23:25 - 2015-07-02 23:26 - 00000000 ____D C:\ProgramData\446827813616296075
2015-07-02 23:25 - 2015-07-02 23:26 - 00000000 ____D C:\ProgramData\{f777e47b-c2e3-e008-f777-7e47bc2e91ef}
2015-07-02 23:25 - 2015-07-02 23:25 - 00000000 ____D C:\Program Files (x86)\CutTHePPriice
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-07-31 22:39 - 2015-06-12 13:31 - 00000000 ____D C:\FRST
2015-07-31 22:13 - 2014-04-09 21:03 - 00000000 ____D C:\ProgramData\Origin
2015-07-31 22:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-31 21:53 - 2014-04-09 21:25 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-31 21:51 - 2014-10-27 15:20 - 02020814 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-31 20:18 - 2014-11-19 23:49 - 00000000 ___RD C:\Users\optik\OneDrive
2015-07-31 20:18 - 2014-10-27 15:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-31 20:18 - 2013-08-22 16:46 - 00303171 _____ C:\WINDOWS\setupact.log
2015-07-31 20:18 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-31 20:17 - 2014-09-23 23:06 - 00144116 _____ C:\WINDOWS\PFRO.log
2015-07-31 20:17 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-31 20:16 - 2014-06-12 13:29 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-31 20:15 - 2014-06-12 13:29 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-31 20:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-31 14:48 - 2015-06-09 12:41 - 00000000 ____D C:\Users\optik\Desktop\dolphin-3.0-win64
2015-07-31 00:15 - 2014-04-09 20:03 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2461873215-4186745203-1289361242-1001
2015-07-30 23:14 - 2014-04-09 20:47 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-30 19:59 - 2014-11-04 22:52 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09DED0F7-12EB-4DA8-8F2B-74E93CB86259}
2015-07-30 16:03 - 2015-02-20 23:35 - 00000000 ____D C:\Users\optik\Desktop\Neuer Ordner (2)
2015-07-30 13:15 - 2014-04-09 21:03 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-30 13:14 - 2015-03-08 13:17 - 00000000 ____D C:\Users\optik\Desktop\Slender_v0_9_7
2015-07-29 23:22 - 2015-05-01 19:30 - 00000000 ____D C:\Users\optik\Desktop\engin raptexte
2015-07-29 20:31 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 16:17 - 2015-06-18 15:32 - 00000000 ____D C:\Users\optik\.gimp-2.8
2015-07-28 16:10 - 2015-06-18 15:34 - 00000000 ____D C:\Users\optik\AppData\Local\gtk-2.0
2015-07-26 16:38 - 2015-05-01 19:31 - 00000000 ____D C:\Users\optik\Desktop\ergün raptexte
2015-07-25 21:01 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-25 17:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-25 17:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-21 21:01 - 2013-08-22 16:44 - 00351464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-19 19:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-18 22:53 - 2014-12-06 19:26 - 00000000 ____D C:\Users\optik\AppData\Roaming\vlc
2015-07-15 02:53 - 2014-04-09 21:25 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-15 01:01 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-15 01:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-15 00:53 - 2014-12-13 22:55 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-15 00:53 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-15 00:52 - 2014-04-10 12:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-14 01:59 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-13 23:10 - 2014-09-24 09:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2014-09-24 09:46 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 01:01 - 2014-08-10 21:13 - 00000000 ____D C:\Users\optik\Desktop\Musik
2015-07-05 12:08 - 2015-03-17 12:20 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-04 18:06 - 2014-09-24 08:17 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-04 18:06 - 2014-09-24 07:43 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-04 18:06 - 2014-09-24 07:43 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-03 23:29 - 2015-06-09 00:14 - 00000000 ____D C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2015-07-03 23:26 - 2015-06-09 00:14 - 00000000 ____D C:\Users\optik\Desktop\Project64 1.6
2015-07-03 08:43 - 2014-04-10 12:06 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-02 23:01 - 2015-06-30 22:29 - 00000000 ____D C:\Users\optik\Desktop\Bewilder House
2015-07-02 23:01 - 2014-04-09 19:56 - 00000000 ____D C:\Users\optik\AppData\Local\VirtualStore
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2012-03-11 02:46 - 2012-03-11 02:46 - 0101888 _____ (W. Rolke) C:\Program Files (x86)\GpuTmp64.exe
2010-11-11 16:34 - 2014-12-10 16:29 - 0201728 _____ (Freebyte.com) C:\Program Files (x86)\hjsplit.exe
2007-04-27 11:06 - 2014-10-27 01:23 - 0148416 _____ (Macrovision Corporation) C:\Program Files (x86)\_setup.dll
2015-05-17 18:39 - 2015-05-17 18:39 - 0000122 _____ () C:\Users\optik\AppData\Roaming\profiles.ini
2015-07-28 16:10 - 2015-07-28 16:10 - 0015883 _____ () C:\Users\optik\AppData\Local\recently-used.xbel
2015-03-27 14:22 - 2015-04-08 20:27 - 0877747 ____N () C:\Users\optik\AppData\Local\Tempmusic.ogg
2014-04-09 19:57 - 2014-04-09 19:57 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\optik\setup.exe
Einige Dateien in TEMP:
====================
C:\Users\optik\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\optik\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\optik\AppData\Local\Temp\oi_{25F1DD8D-3F51-4AA2-B94E-01570A259D3B}.exe
C:\Users\optik\AppData\Local\Temp\proxy_vole9140169090359561381.dll
C:\Users\optik\AppData\Local\Temp\SpOrder.dll
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-07-28 13:22
==================== Ende von log ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-07-2015
durchgeführt von optik (2015-07-31 22:40:21)
Gestartet von C:\Users\optik\Desktop
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2461873215-4186745203-1289361242-500 - Administrator - Disabled)
Gast (S-1-5-21-2461873215-4186745203-1289361242-501 - Limited - Disabled)
optik (S-1-5-21-2461873215-4186745203-1289361242-1001 - Administrator - Enabled) => C:\Users\optik
UpdatusUser (S-1-5-21-2461873215-4186745203-1289361242-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Amnesia - The Dark Descent Demo (HKLM-x32\...\{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1) (Version: 1.0.0 - Frictional Games)
Among the Sleep Demo (HKLM-x32\...\Steam App 285540) (Version: - Krillbite Studio)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ACHTUNG
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
CutThePrice (HKLM-x32\...\{A2C98B47-B5F4-94AA-281D-4135416774CF}) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 13 Demo (HKLM-x32\...\{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 14 Demo (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}) (Version: 1.0.0.0 - Electronic Arts)
Free MP4 Video Converter version 5.0.37.327 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
GpuTemp (HKLM\...\{0FFA85AB-D704-48A6-A009-25A0559152C3}) (Version: 2.1 - WR-Tools)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
KingfisherBoot (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{32506309}) (Version: - KingfisherBoot) <==== ACHTUNG
K-Lite Codec Pack 10.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6.1 - Project64)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Silver Bird (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ACHTUNG
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Terrordrome_Final (HKLM-x32\...\{1EE65D14-6927-405F-A640-43ECBC9AB85C}) (Version: 2.9.5 - HuracanStudio)
Terrordrome_Final V2.9.5 (HKLM-x32\...\Terrordrome_Final V2.9.5) (Version: V2.9.5 - HuracanStudio)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version: - Digital Extremes)
Unity Web Player (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{9CF1512B-6019-4573-9466-57AA61960209}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
14-07-2015 01:57:58 Windows Update
21-07-2015 15:18:48 Windows Update
26-07-2015 15:39:08 avast! antivirus system restore point
29-07-2015 20:30:14 Windows Update
31-07-2015 20:14:37 avast! antivirus system restore point
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {14622FD5-343E-43E2-AA67-CAA028E8E313} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {556D4D1B-901E-457B-9B46-6DF023CC136D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-31] (AVAST Software)
Task: {5E25D2EF-EC7A-48CB-89EF-50FE6C724C02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {699B55FA-EDE1-4845-BBB4-2503A9FDB9E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {6A99E002-2095-4572-8F7D-0E9D1C8581A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {8435C395-5D8F-49F4-A3F4-4BC9A83B33E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {9C207940-0D1F-40E8-AE96-65490CA4E91C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F29078D9-C8A1-4E6C-8747-40828071D39D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-10-27 15:21 - 2014-10-30 04:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-27 16:11 - 2014-10-27 16:11 - 00120224 _____ () C:\Users\optik\AppData\Local\assembly\dl3\4K796MHC.KKM\9BQW35LW.Q7P\98a9c14b\0017145d_cd85cd01\HPItunesModule.DLL
2015-07-31 20:15 - 2015-07-31 20:15 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-31 20:15 - 2015-07-31 20:15 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-31 20:13 - 2015-07-31 20:13 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073103\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-26 19:10 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-17 12:13 - 2015-03-17 12:13 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-26 19:05 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\optik\OneDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer trusted/restricted ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 62.109.121.1 - 62.109.121.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{1290F6E6-8A57-4451-BCC6-24FFC78A06AA}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [TCP Query User{EA2FE541-DC25-4B04-A2EE-18A47391A251}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [UDP Query User{DCC6B67A-69E0-447A-AF40-059D9DC9F1DB}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{4AA3DA39-96E4-47D0-ACC5-CCB39770F83C}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{22C48B7E-FC1D-4CBD-8655-843BEF3FE8CE}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [TCP Query User{29D859C4-9CEC-4EF4-9C1C-445AA912950F}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{E0C52C12-0B7D-4D13-8B4B-5D95F6D1D7AA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{23C45605-B5E2-47BE-9749-9040E171EBBA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{B00B1C5A-DDEB-4DEC-BB60-A04BF87F1B72}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{21686015-0057-491B-A66F-5E0553F736AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17A17685-47A0-44A1-A380-7DAD7EF24B88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{60A61EFA-3CD6-40A5-9884-D4D71E5352E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{0F639903-8662-4DA9-A009-1988624EBE1A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5DBEEF1B-0E0E-4F73-8C82-ED9DFF228538}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{A50DB810-DADB-406B-87FD-77C9EB03D6EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{C551166D-F754-4F4F-93DA-E861C2316BAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{04A8AD80-1190-4C5B-A31A-2976739D2A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{50414D68-36B5-43AC-AFA9-5FDBACCE44FD}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{513E52D3-344D-4D06-BB3B-F5FCB898E342}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{F23E50E8-86F1-4BF6-BE53-FA6261FF969B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{06190683-94A7-462C-BF33-D8DE9DC73EF4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{B8C67915-FB09-461D-8B0F-15100BFE3F89}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FB048A7-2D57-4DEC-BEF4-2DE7CE153CF3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19AC9963-0DC4-4BEB-89CC-6FB224855B5B}] => (Allow) LPort=1900
FirewallRules: [{983C26A4-90CE-410F-A263-AF7EABCB1DDF}] => (Allow) LPort=2869
FirewallRules: [{08BAF4BB-DCF6-40DB-9D02-087D68AFD9AD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7BD47BC4-620E-4102-BDFE-DAA8CC2A555C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E664925A-B83A-4530-AF72-7D1F0C0C86FD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1BDCB2FA-2DFC-423E-8A32-CD261B1B764D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7CB30C67-CFB7-41A5-899D-4EC999721796}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63876693-1A38-4BEC-B05A-76820122B8D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BB555E2E-D8A0-45AE-80D8-D9ACA41253DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{1E1D9492-6244-4E47-AD58-427636C1C737}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{FB64C4F3-7FAF-4A54-BCF1-97B1449BA50C}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [TCP Query User{CF791C29-ABDE-49EE-8553-A641960F5725}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B2D8C3C5-41BF-472E-895E-6325AF6172A9}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{4974F657-632B-4F17-8A30-71778DA2F2E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6542C786-4B80-4CBA-A5D4-1EAFC15B26E1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{444F1D2F-FBA1-4D3B-AD76-198DD0275822}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{8DF48FCA-561F-4A04-997E-272C9FA7BFAD}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{FFE1247B-468B-4247-A102-7D40160DA777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C739E9C-9BED-468A-A397-73B5B40D9067}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CFD6A1A-6EA0-4B8E-9F0C-D376CE31378F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{9A55A05A-E229-4A83-AF7C-D6FC783C3A08}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{52C3CB11-4EFF-4109-B303-3AC95DDB4831}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{B4863902-1E2A-4702-B24F-1A637AE58BAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{B85DF138-37D2-442B-A5FF-6F8E2A479346}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{38A5CF0A-38C0-49EA-9E13-B65F17FF964F}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{91223428-1506-4680-B804-8DBBFA875CAF}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [{A9DDB4AB-32D0-45E3-9D90-47B29DC1F0A8}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [TCP Query User{36457055-BC5F-43FD-B562-2CF06564AC71}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{100CAA9B-2EAB-4E0B-938E-14F1DA41E817}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{F5BB8811-A98A-4CEF-87D5-B0250828F215}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [{003784FA-4A0A-4779-9248-A38655C9730C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [{7572B374-EDEB-4CF4-91BE-485AF0832081}] => (Allow) LPort=53000
FirewallRules: [{A060D2F9-E8F9-4771-92B2-3D1C73DEB1B9}] => (Allow) LPort=52000
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15485
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15485
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2015 03:43:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemSettings.exe, Version 6.3.9600.17489 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c7c
Startzeit: 01d0cb96c4be3477
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
Berichts-ID: 1154494c-378a-11e5-bea9-b4b52fc7a0fe
Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel
Error: (07/31/2015 03:43:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TWINZ)
Description: Die App „windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (07/31/2015 03:29:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a80
Startzeit: 01d0cb942587e9f8
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 191dc4b1-3788-11e5-bea9-b4b52fc7a0fe
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/31/2015 02:54:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 191c
Startzeit: 01d0cb8811d0e4a0
Endzeit: 0
Anwendungspfad: C:\WINDOWS\Explorer.EXE
Berichts-ID: 33a2e4ec-3783-11e5-bea9-b4b52fc7a0fe
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/31/2015 02:31:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wmplayer.exe, Version 12.0.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1110
Startzeit: 01d0cb8cc641f928
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Berichts-ID: 0b98e33d-3780-11e5-bea9-b4b52fc7a0fe
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/31/2015 02:31:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ea8
Startzeit: 01d0cb8c0be1e5ca
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: ff5e2fd8-377f-11e5-bea9-b4b52fc7a0fe
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/31/2015 02:16:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 84c
Startzeit: 01d0cb89f372774d
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: e6f3fed5-377d-11e5-bea9-b4b52fc7a0fe
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Systemfehler:
=============
Error: (07/31/2015 08:20:36 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (07/31/2015 08:20:32 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (07/31/2015 08:18:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/31/2015 08:17:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (07/31/2015 03:49:41 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (07/31/2015 03:47:49 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (07/31/2015 03:47:45 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (07/31/2015 03:45:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/31/2015 03:34:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070057 fehlgeschlagen: Microsoft.Office.OneNote
Error: (07/31/2015 03:33:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070057 fehlgeschlagen: Microsoft.Reader
Microsoft Office:
=========================
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15485
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15485
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2015 03:43:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe6.3.9600.17489c7c01d0cb96c4be34774294967295C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe1154494c-378a-11e5-bea9-b4b52fc7a0fewindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
Error: (07/31/2015 03:43:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TWINZ)
Description: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel
Error: (07/31/2015 03:29:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209111a8001d0cb942587e9f84294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe191dc4b1-3788-11e5-bea9-b4b52fc7a0femicrosoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/31/2015 02:54:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667191c01d0cb8811d0e4a00C:\WINDOWS\Explorer.EXE33a2e4ec-3783-11e5-bea9-b4b52fc7a0fe
Error: (07/31/2015 02:31:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe12.0.9600.17415111001d0cb8cc641f9280C:\Program Files (x86)\Windows Media Player\wmplayer.exe0b98e33d-3780-11e5-bea9-b4b52fc7a0fe
Error: (07/31/2015 02:31:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911ea801d0cb8c0be1e5ca4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exeff5e2fd8-377f-11e5-bea9-b4b52fc7a0femicrosoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/31/2015 02:16:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2091184c01d0cb89f372774d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exee6f3fed5-377d-11e5-bea9-b4b52fc7a0femicrosoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
CodeIntegrity:
===================================
Date: 2015-07-28 13:23:48.269
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:11.429
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:11.085
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:10.788
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:10.585
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:10.178
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:09.897
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:06.741
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:06.569
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:06.319
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8147.35 MB
Available physical RAM: 6267.85 MB
Total Virtual: 8547.35 MB
Available Virtual: 6345.3 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1849.89 GB) (Free:1519.99 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.33 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 59A27AD7)
Partition: GPT Partition Type.
==================== Ende von log ============================
|
|
31.07.2015, 21:53
| #4 |
| /// TB-Ausbilder | PC infiziert ? Servus, fehlt nur noch die Logdatei von TDSS-Killer. |
|
31.07.2015, 21:55
| #5 |
| | PC infiziert ?Code:
ATTFilter 22:44:02.0363 0x1838 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
22:44:02.0363 0x1838 UEFI system
22:44:06.0462 0x1838 ============================================================
22:44:06.0462 0x1838 Current date / time: 2015/07/31 22:44:06.0462
22:44:06.0462 0x1838 SystemInfo:
22:44:06.0462 0x1838
22:44:06.0462 0x1838 OS Version: 6.3.9600 ServicePack: 0.0
22:44:06.0462 0x1838 Product type: Workstation
22:44:06.0462 0x1838 ComputerName: TWINZ
22:44:06.0462 0x1838 UserName: optik
22:44:06.0462 0x1838 Windows directory: C:\WINDOWS
22:44:06.0462 0x1838 System windows directory: C:\WINDOWS
22:44:06.0462 0x1838 Running under WOW64
22:44:06.0462 0x1838 Processor architecture: Intel x64
22:44:06.0462 0x1838 Number of processors: 8
22:44:06.0462 0x1838 Page size: 0x1000
22:44:06.0462 0x1838 Boot type: Normal boot
22:44:06.0462 0x1838 ============================================================
22:44:06.0881 0x1838 KLMD registered as C:\WINDOWS\system32\drivers\99309924.sys
22:44:07.0110 0x1838 System UUID: {1B3EEA69-7C89-7A0D-5150-9DDE13CE2296}
22:44:07.0455 0x1838 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:44:07.0470 0x1838 ============================================================
22:44:07.0470 0x1838 \Device\Harddisk0\DR0:
22:44:07.0471 0x1838 GPT partitions:
22:44:07.0472 0x1838 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {DD958599-A651-4208-88FD-4AF778BD4E3A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
22:44:07.0472 0x1838 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6A0652AE-4B87-4E93-A787-B7B0B83589DC}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
22:44:07.0472 0x1838 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B7C3CA68-D624-4587-92B6-70C0A9C51749}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
22:44:07.0472 0x1838 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CB038F5A-F766-485B-B8DF-7438FD5D94E8}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0xE73C6800
22:44:07.0472 0x1838 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {9AD891FE-C8BA-4726-BF5C-6129388AE367}, Name: , StartLBA 0xE76BA800, BlocksNum 0xE1000
22:44:07.0472 0x1838 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FFDB71F8-1CA8-46FF-B8AC-197D8D7C4D98}, Name: Basic data partition, StartLBA 0xE779B800, BlocksNum 0x166D000
22:44:07.0472 0x1838 MBR partitions:
22:44:07.0472 0x1838 ============================================================
22:44:07.0525 0x1838 C: <-> \Device\Harddisk0\DR0\Partition4
22:44:07.0554 0x1838 D: <-> \Device\Harddisk0\DR0\Partition6
22:44:07.0554 0x1838 ============================================================
22:44:07.0554 0x1838 Initialize success
22:44:07.0554 0x1838 ============================================================
22:44:48.0850 0x17a4 ============================================================
22:44:48.0850 0x17a4 Scan started
22:44:48.0850 0x17a4 Mode: Manual; SigCheck; TDLFS;
22:44:48.0850 0x17a4 ============================================================
22:44:48.0850 0x17a4 KSN ping started
22:44:51.0175 0x17a4 KSN ping finished: true
22:44:52.0772 0x17a4 ================ Scan system memory ========================
22:44:52.0772 0x17a4 System memory - ok
22:44:52.0772 0x17a4 ================ Scan services =============================
22:44:52.0948 0x17a4 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
22:44:52.0994 0x17a4 1394ohci - ok
22:44:53.0011 0x17a4 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
22:44:53.0019 0x17a4 3ware - ok
22:44:53.0063 0x17a4 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
22:44:53.0080 0x17a4 ACPI - ok
22:44:53.0092 0x17a4 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
22:44:53.0100 0x17a4 acpiex - ok
22:44:53.0114 0x17a4 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
22:44:53.0122 0x17a4 acpipagr - ok
22:44:53.0148 0x17a4 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
22:44:53.0156 0x17a4 AcpiPmi - ok
22:44:53.0159 0x17a4 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
22:44:53.0167 0x17a4 acpitime - ok
22:44:53.0243 0x17a4 [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:44:53.0252 0x17a4 AdobeFlashPlayerUpdateSvc - ok
22:44:53.0271 0x17a4 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:44:53.0290 0x17a4 ADP80XX - ok
22:44:53.0311 0x17a4 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
22:44:53.0323 0x17a4 AeLookupSvc - ok
22:44:53.0334 0x17a4 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
22:44:53.0349 0x17a4 AFD - ok
22:44:53.0361 0x17a4 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
22:44:53.0368 0x17a4 agp440 - ok
22:44:53.0389 0x17a4 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:44:53.0403 0x17a4 ahcache - ok
22:44:53.0439 0x17a4 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
22:44:53.0457 0x17a4 ALG - ok
22:44:53.0469 0x17a4 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
22:44:53.0483 0x17a4 AmdK8 - ok
22:44:53.0494 0x17a4 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
22:44:53.0502 0x17a4 AmdPPM - ok
22:44:53.0513 0x17a4 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
22:44:53.0520 0x17a4 amdsata - ok
22:44:53.0541 0x17a4 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
22:44:53.0551 0x17a4 amdsbs - ok
22:44:53.0561 0x17a4 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
22:44:53.0567 0x17a4 amdxata - ok
22:44:53.0615 0x17a4 [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
22:44:53.0635 0x17a4 AppHostSvc - ok
22:44:53.0651 0x17a4 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
22:44:53.0660 0x17a4 AppID - ok
22:44:53.0678 0x17a4 [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
22:44:53.0688 0x17a4 AppIDSvc - ok
22:44:53.0721 0x17a4 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
22:44:53.0732 0x17a4 Appinfo - ok
22:44:53.0796 0x17a4 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:44:53.0807 0x17a4 Apple Mobile Device - ok
22:44:53.0851 0x17a4 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
22:44:53.0880 0x17a4 AppReadiness - ok
22:44:53.0926 0x17a4 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
22:44:53.0951 0x17a4 AppXSvc - ok
22:44:53.0965 0x17a4 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
22:44:53.0972 0x17a4 arcsas - ok
22:44:54.0045 0x17a4 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:44:54.0062 0x17a4 aspnet_state - ok
22:44:54.0082 0x17a4 [ 525F5989C095F5757414E1F4B39175B2, 0CA28553AE4BF07C3952A6E2355FAB2B0CB862CFD88DEFD7232FD48ABA99CFCB ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
22:44:54.0103 0x17a4 aswHwid - ok
22:44:54.0115 0x17a4 [ 76D585093398DB973470BB83FCF0CE52, F7135232E7F50270A253C9F04574F22B827A42B2BE42DE6E391CE3A56B2EA51F ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
22:44:54.0123 0x17a4 aswMonFlt - ok
22:44:54.0133 0x17a4 [ 719FF5568B5E71832541636E2A7DFE27, C49ADB31B5DE6FCFB252290D5B831A90E555F86058500538BBD288B10CDCC46F ] aswRdr C:\WINDOWS\system32\drivers\aswRdr2.sys
22:44:54.0140 0x17a4 aswRdr - ok
22:44:54.0148 0x17a4 [ 21C13E3C9B801C8AE172FABBD235221E, 0AE02CB0F4A87C6065159B68545DD536C4E98C8C23E954ED3392A7CE5F28868C ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
22:44:54.0154 0x17a4 aswRvrt - ok
22:44:54.0183 0x17a4 [ 5B6A864A2CE292992040CEBAFC8F746A, 3AC0D60B3530AA55266C6547686E4488FE3C5CDD19223ECAF6E5C5A4109EF0C1 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
22:44:54.0202 0x17a4 aswSnx - ok
22:44:54.0221 0x17a4 [ C43A0929DE32035499D6BB39A7F44439, 6269380D25D6BFFB7C234758114B700A75BD55D654B6D93ED44D50660A86FCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
22:44:54.0232 0x17a4 aswSP - ok
22:44:54.0241 0x17a4 [ 763C27EA21875F54615A0174EEC78FC4, 4EE48D475B183DD2066781137F46A4BEE2E510B3A085B9B1385F8C0043A5BE08 ] aswStm C:\WINDOWS\system32\drivers\aswStm.sys
22:44:54.0248 0x17a4 aswStm - ok
22:44:54.0262 0x17a4 [ C85B35201A253B99199C0A9F5B98FC18, 18FF49D52035C79AD70A96FBD4663C41A58830D432DD4B9EDA6E7FCDFD12C18F ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
22:44:54.0271 0x17a4 aswVmm - ok
22:44:54.0279 0x17a4 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:44:54.0287 0x17a4 AsyncMac - ok
22:44:54.0300 0x17a4 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
22:44:54.0306 0x17a4 atapi - ok
22:44:54.0340 0x17a4 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:44:54.0350 0x17a4 AudioEndpointBuilder - ok
22:44:54.0371 0x17a4 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
22:44:54.0390 0x17a4 Audiosrv - ok
22:44:54.0461 0x17a4 [ 4956380A54B1C9E6BFDF3D80DACB9698, 0B0F9807EEF0F3BFE4F862876633D241DBA8F72A1373445976FF388678C4734C ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:44:54.0476 0x17a4 avast! Antivirus - ok
22:44:54.0487 0x17a4 AvastVBoxSvc - ok
22:44:54.0506 0x17a4 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
22:44:54.0518 0x17a4 AxInstSV - ok
22:44:54.0536 0x17a4 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
22:44:54.0550 0x17a4 b06bdrv - ok
22:44:54.0562 0x17a4 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:44:54.0569 0x17a4 BasicDisplay - ok
22:44:54.0572 0x17a4 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
22:44:54.0579 0x17a4 BasicRender - ok
22:44:54.0587 0x17a4 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
22:44:54.0592 0x17a4 bcmfn2 - ok
22:44:54.0621 0x17a4 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
22:44:54.0633 0x17a4 BDESVC - ok
22:44:54.0658 0x17a4 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:44:54.0674 0x17a4 Beep - ok
22:44:54.0699 0x17a4 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\WINDOWS\System32\bfe.dll
22:44:54.0717 0x17a4 BFE - ok
22:44:54.0764 0x17a4 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
22:44:54.0785 0x17a4 BITS - ok
22:44:54.0820 0x17a4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:44:54.0830 0x17a4 Bonjour Service - ok
22:44:54.0835 0x17a4 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
22:44:54.0842 0x17a4 bowser - ok
22:44:54.0872 0x17a4 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:44:54.0883 0x17a4 BrokerInfrastructure - ok
22:44:54.0914 0x17a4 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
22:44:54.0922 0x17a4 Browser - ok
22:44:54.0953 0x17a4 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:44:54.0960 0x17a4 BthAvrcpTg - ok
22:44:54.0987 0x17a4 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
22:44:54.0994 0x17a4 BthHFEnum - ok
22:44:55.0003 0x17a4 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
22:44:55.0011 0x17a4 bthhfhid - ok
22:44:55.0035 0x17a4 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
22:44:55.0046 0x17a4 BthHFSrv - ok
22:44:55.0054 0x17a4 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
22:44:55.0062 0x17a4 BTHMODEM - ok
22:44:55.0079 0x17a4 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
22:44:55.0088 0x17a4 bthserv - ok
22:44:55.0091 0x17a4 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:44:55.0099 0x17a4 cdfs - ok
22:44:55.0105 0x17a4 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
22:44:55.0114 0x17a4 cdrom - ok
22:44:55.0145 0x17a4 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
22:44:55.0155 0x17a4 CertPropSvc - ok
22:44:55.0171 0x17a4 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
22:44:55.0178 0x17a4 circlass - ok
22:44:55.0207 0x17a4 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
22:44:55.0219 0x17a4 CLFS - ok
22:44:55.0241 0x17a4 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
22:44:55.0248 0x17a4 CLVirtualDrive - ok
22:44:55.0261 0x17a4 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
22:44:55.0268 0x17a4 CmBatt - ok
22:44:55.0289 0x17a4 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
22:44:55.0305 0x17a4 CNG - ok
22:44:55.0318 0x17a4 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
22:44:55.0326 0x17a4 CompositeBus - ok
22:44:55.0327 0x17a4 COMSysApp - ok
22:44:55.0362 0x17a4 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
22:44:55.0370 0x17a4 condrv - ok
22:44:55.0392 0x17a4 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
22:44:55.0401 0x17a4 CryptSvc - ok
22:44:55.0405 0x17a4 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
22:44:55.0412 0x17a4 dam - ok
22:44:55.0451 0x17a4 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:44:55.0471 0x17a4 DcomLaunch - ok
22:44:55.0492 0x17a4 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
22:44:55.0507 0x17a4 defragsvc - ok
22:44:55.0522 0x17a4 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:44:55.0548 0x17a4 DeviceAssociationService - ok
22:44:55.0556 0x17a4 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
22:44:55.0567 0x17a4 DeviceInstall - ok
22:44:55.0575 0x17a4 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
22:44:55.0584 0x17a4 Dfsc - ok
22:44:55.0600 0x17a4 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
22:44:55.0613 0x17a4 Dhcp - ok
22:44:55.0655 0x17a4 [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
22:44:55.0685 0x17a4 DiagTrack - ok
22:44:55.0690 0x17a4 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
22:44:55.0697 0x17a4 disk - ok
22:44:55.0709 0x17a4 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
22:44:55.0715 0x17a4 dmvsc - ok
22:44:55.0748 0x17a4 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:44:55.0768 0x17a4 Dnscache - ok
22:44:55.0787 0x17a4 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
22:44:55.0799 0x17a4 dot3svc - ok
22:44:55.0822 0x17a4 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
22:44:55.0833 0x17a4 DPS - ok
22:44:55.0855 0x17a4 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:44:55.0862 0x17a4 drmkaud - ok
22:44:55.0882 0x17a4 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
22:44:55.0893 0x17a4 DsmSvc - ok
22:44:55.0929 0x17a4 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:44:55.0959 0x17a4 DXGKrnl - ok
22:44:55.0971 0x17a4 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
22:44:55.0980 0x17a4 Eaphost - ok
22:44:56.0038 0x17a4 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
22:44:56.0096 0x17a4 ebdrv - ok
22:44:56.0116 0x17a4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
22:44:56.0126 0x17a4 EFS - ok
22:44:56.0151 0x17a4 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
22:44:56.0159 0x17a4 EhStorClass - ok
22:44:56.0171 0x17a4 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:44:56.0178 0x17a4 EhStorTcgDrv - ok
22:44:56.0193 0x17a4 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
22:44:56.0200 0x17a4 ErrDev - ok
22:44:56.0230 0x17a4 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
22:44:56.0244 0x17a4 EventSystem - ok
22:44:56.0255 0x17a4 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
22:44:56.0268 0x17a4 exfat - ok
22:44:56.0275 0x17a4 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
22:44:56.0284 0x17a4 fastfat - ok
22:44:56.0306 0x17a4 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
22:44:56.0323 0x17a4 Fax - ok
22:44:56.0335 0x17a4 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
22:44:56.0343 0x17a4 fdc - ok
22:44:56.0355 0x17a4 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
22:44:56.0363 0x17a4 fdPHost - ok
22:44:56.0379 0x17a4 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
22:44:56.0387 0x17a4 FDResPub - ok
22:44:56.0401 0x17a4 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
22:44:56.0423 0x17a4 fhsvc - ok
22:44:56.0427 0x17a4 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
22:44:56.0435 0x17a4 FileInfo - ok
22:44:56.0449 0x17a4 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
22:44:56.0459 0x17a4 Filetrace - ok
22:44:56.0473 0x17a4 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
22:44:56.0480 0x17a4 flpydisk - ok
22:44:56.0521 0x17a4 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:44:56.0546 0x17a4 FltMgr - ok
22:44:56.0583 0x17a4 [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache C:\WINDOWS\system32\FntCache.dll
22:44:56.0608 0x17a4 FontCache - ok
22:44:56.0668 0x17a4 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:44:56.0681 0x17a4 FontCache3.0.0.0 - ok
22:44:56.0699 0x17a4 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
22:44:56.0715 0x17a4 FsDepends - ok
22:44:56.0726 0x17a4 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:44:56.0734 0x17a4 Fs_Rec - ok
22:44:56.0755 0x17a4 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:44:56.0770 0x17a4 fvevol - ok
22:44:56.0773 0x17a4 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
22:44:56.0780 0x17a4 FxPPM - ok
22:44:56.0791 0x17a4 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
22:44:56.0798 0x17a4 gagp30kx - ok
22:44:56.0818 0x17a4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:44:56.0822 0x17a4 GEARAspiWDM - ok
22:44:56.0851 0x17a4 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
22:44:56.0857 0x17a4 gencounter - ok
22:44:56.0882 0x17a4 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:44:56.0892 0x17a4 GPIOClx0101 - ok
22:44:56.0936 0x17a4 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
22:44:56.0961 0x17a4 gpsvc - ok
22:44:56.0966 0x17a4 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
22:44:56.0974 0x17a4 HDAudBus - ok
22:44:56.0991 0x17a4 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
22:44:56.0998 0x17a4 HidBatt - ok
22:44:57.0018 0x17a4 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
22:44:57.0026 0x17a4 HidBth - ok
22:44:57.0038 0x17a4 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
22:44:57.0045 0x17a4 hidi2c - ok
22:44:57.0056 0x17a4 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
22:44:57.0063 0x17a4 HidIr - ok
22:44:57.0079 0x17a4 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
22:44:57.0087 0x17a4 hidserv - ok
22:44:57.0089 0x17a4 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
22:44:57.0096 0x17a4 HidUsb - ok
22:44:57.0111 0x17a4 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
22:44:57.0120 0x17a4 hkmsvc - ok
22:44:57.0143 0x17a4 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:44:57.0155 0x17a4 HomeGroupListener - ok
22:44:57.0186 0x17a4 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:44:57.0200 0x17a4 HomeGroupProvider - ok
22:44:57.0233 0x17a4 [ E1C037A7E05FD39E6C1AF93CEEFDC53A, D20B056BE5CEB5D471170D6627157D8848376FF319BFE12C7331B0F2C0EBB4A4 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:44:57.0237 0x17a4 HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
22:44:59.0660 0x17a4 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
22:44:59.0660 0x17a4 Force sending object to P2P due to detect: HP Support Assistant Service
22:45:02.0078 0x17a4 Object send P2P result: true
22:45:04.0457 0x17a4 [ E2550FBBBA31E2D4F9757E0A533689F0, 0AE6B0D89E74E57F87A6431D005BFF4213AC4C98A74A7C796894FC2A8D42E0DD ] HPConnectedRemote c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
22:45:04.0468 0x17a4 HPConnectedRemote - ok
22:45:04.0518 0x17a4 [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:45:04.0539 0x17a4 hpqwmiex - ok
22:45:04.0548 0x17a4 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
22:45:04.0555 0x17a4 HpSAMD - ok
22:45:04.0592 0x17a4 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
22:45:04.0614 0x17a4 HTTP - ok
22:45:04.0627 0x17a4 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
22:45:04.0633 0x17a4 hwpolicy - ok
22:45:04.0646 0x17a4 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
22:45:04.0652 0x17a4 hyperkbd - ok
22:45:04.0664 0x17a4 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:45:04.0670 0x17a4 HyperVideo - ok
22:45:04.0707 0x17a4 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
22:45:04.0725 0x17a4 i8042prt - ok
22:45:04.0738 0x17a4 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:45:04.0744 0x17a4 iaLPSSi_GPIO - ok
22:45:04.0758 0x17a4 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:45:04.0765 0x17a4 iaLPSSi_I2C - ok
22:45:04.0782 0x17a4 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
22:45:04.0795 0x17a4 iaStorAV - ok
22:45:04.0815 0x17a4 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
22:45:04.0827 0x17a4 iaStorV - ok
22:45:04.0866 0x17a4 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:45:04.0869 0x17a4 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
22:45:07.0236 0x17a4 Detect skipped due to KSN trusted
22:45:07.0236 0x17a4 IDriverT - ok
22:45:07.0240 0x17a4 IEEtwCollectorService - ok
22:45:07.0296 0x17a4 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
22:45:07.0328 0x17a4 IKEEXT - ok
22:45:07.0372 0x17a4 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
22:45:07.0385 0x17a4 Intel(R) Capability Licensing Service Interface - ok
22:45:07.0404 0x17a4 [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
22:45:07.0410 0x17a4 Intel(R) ME Service - ok
22:45:07.0417 0x17a4 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
22:45:07.0423 0x17a4 intelide - ok
22:45:07.0435 0x17a4 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
22:45:07.0442 0x17a4 intelpep - ok
22:45:07.0450 0x17a4 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
22:45:07.0458 0x17a4 intelppm - ok
22:45:07.0467 0x17a4 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:45:07.0477 0x17a4 IpFilterDriver - ok
22:45:07.0513 0x17a4 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
22:45:07.0533 0x17a4 iphlpsvc - ok
22:45:07.0541 0x17a4 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:45:07.0548 0x17a4 IPMIDRV - ok
22:45:07.0560 0x17a4 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
22:45:07.0568 0x17a4 IPNAT - ok
22:45:07.0599 0x17a4 [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:45:07.0612 0x17a4 iPod Service - ok
22:45:07.0620 0x17a4 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
22:45:07.0628 0x17a4 IRENUM - ok
22:45:07.0637 0x17a4 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
22:45:07.0643 0x17a4 isapnp - ok
22:45:07.0663 0x17a4 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
22:45:07.0674 0x17a4 iScsiPrt - ok
22:45:07.0689 0x17a4 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:45:07.0695 0x17a4 jhi_service - ok
22:45:07.0706 0x17a4 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
22:45:07.0713 0x17a4 kbdclass - ok
22:45:07.0716 0x17a4 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
22:45:07.0723 0x17a4 kbdhid - ok
22:45:07.0746 0x17a4 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
22:45:07.0753 0x17a4 kdnic - ok
22:45:07.0765 0x17a4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
22:45:07.0773 0x17a4 KeyIso - ok
22:45:07.0795 0x17a4 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
22:45:07.0802 0x17a4 KSecDD - ok
22:45:07.0832 0x17a4 [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:45:07.0842 0x17a4 KSecPkg - ok
22:45:07.0844 0x17a4 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
22:45:07.0851 0x17a4 ksthunk - ok
22:45:07.0865 0x17a4 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
22:45:07.0878 0x17a4 KtmRm - ok
22:45:07.0908 0x17a4 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
22:45:07.0920 0x17a4 LanmanServer - ok
22:45:07.0940 0x17a4 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:45:07.0953 0x17a4 LanmanWorkstation - ok
22:45:07.0989 0x17a4 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
22:45:08.0004 0x17a4 lfsvc - ok
22:45:08.0018 0x17a4 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
22:45:08.0027 0x17a4 lltdio - ok
22:45:08.0045 0x17a4 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
22:45:08.0068 0x17a4 lltdsvc - ok
22:45:08.0087 0x17a4 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
22:45:08.0095 0x17a4 lmhosts - ok
22:45:08.0101 0x17a4 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:45:08.0109 0x17a4 LMS - ok
22:45:08.0134 0x17a4 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
22:45:08.0141 0x17a4 LSI_SAS - ok
22:45:08.0153 0x17a4 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
22:45:08.0161 0x17a4 LSI_SAS2 - ok
22:45:08.0168 0x17a4 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
22:45:08.0176 0x17a4 LSI_SAS3 - ok
22:45:08.0198 0x17a4 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
22:45:08.0206 0x17a4 LSI_SSS - ok
22:45:08.0228 0x17a4 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
22:45:08.0246 0x17a4 LSM - ok
22:45:08.0252 0x17a4 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
22:45:08.0260 0x17a4 luafv - ok
22:45:08.0269 0x17a4 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
22:45:08.0276 0x17a4 megasas - ok
22:45:08.0291 0x17a4 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
22:45:08.0306 0x17a4 megasr - ok
22:45:08.0332 0x17a4 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
22:45:08.0337 0x17a4 MEIx64 - ok
22:45:08.0352 0x17a4 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
22:45:08.0361 0x17a4 MMCSS - ok
22:45:08.0372 0x17a4 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
22:45:08.0380 0x17a4 Modem - ok
22:45:08.0384 0x17a4 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
22:45:08.0391 0x17a4 monitor - ok
22:45:08.0398 0x17a4 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
22:45:08.0405 0x17a4 mouclass - ok
22:45:08.0408 0x17a4 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
22:45:08.0415 0x17a4 mouhid - ok
22:45:08.0430 0x17a4 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
22:45:08.0437 0x17a4 mountmgr - ok
22:45:08.0464 0x17a4 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:45:08.0470 0x17a4 MozillaMaintenance - ok
22:45:08.0483 0x17a4 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
22:45:08.0491 0x17a4 mpsdrv - ok
22:45:08.0532 0x17a4 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
22:45:08.0552 0x17a4 MpsSvc - ok
22:45:08.0568 0x17a4 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
22:45:08.0576 0x17a4 MRxDAV - ok
22:45:08.0615 0x17a4 [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:45:08.0628 0x17a4 mrxsmb - ok
22:45:08.0645 0x17a4 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:45:08.0655 0x17a4 mrxsmb10 - ok
22:45:08.0664 0x17a4 [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:45:08.0673 0x17a4 mrxsmb20 - ok
22:45:08.0693 0x17a4 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
22:45:08.0701 0x17a4 MsBridge - ok
22:45:08.0710 0x17a4 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:45:08.0720 0x17a4 MSDTC - ok
22:45:08.0735 0x17a4 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:45:08.0764 0x17a4 Msfs - ok
22:45:08.0781 0x17a4 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:45:08.0796 0x17a4 msgpiowin32 - ok
22:45:08.0814 0x17a4 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:45:08.0829 0x17a4 mshidkmdf - ok
22:45:08.0841 0x17a4 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
22:45:08.0851 0x17a4 mshidumdf - ok
22:45:08.0859 0x17a4 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
22:45:08.0867 0x17a4 msisadrv - ok
22:45:08.0883 0x17a4 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
22:45:08.0893 0x17a4 MSiSCSI - ok
22:45:08.0895 0x17a4 msiserver - ok
22:45:08.0902 0x17a4 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:45:08.0910 0x17a4 MSKSSRV - ok
22:45:08.0932 0x17a4 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
22:45:08.0939 0x17a4 MsLldp - ok
22:45:08.0941 0x17a4 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:45:08.0948 0x17a4 MSPCLOCK - ok
22:45:08.0950 0x17a4 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:45:08.0958 0x17a4 MSPQM - ok
22:45:08.0972 0x17a4 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
22:45:08.0986 0x17a4 MsRPC - ok
22:45:08.0990 0x17a4 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
22:45:08.0997 0x17a4 mssmbios - ok
22:45:08.0999 0x17a4 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:45:09.0006 0x17a4 MSTEE - ok
22:45:09.0018 0x17a4 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
22:45:09.0025 0x17a4 MTConfig - ok
22:45:09.0029 0x17a4 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
22:45:09.0036 0x17a4 Mup - ok
22:45:09.0047 0x17a4 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
22:45:09.0054 0x17a4 mvumis - ok
22:45:09.0074 0x17a4 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
22:45:09.0088 0x17a4 napagent - ok
22:45:09.0110 0x17a4 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:45:09.0122 0x17a4 NativeWifiP - ok
22:45:09.0144 0x17a4 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
22:45:09.0154 0x17a4 NcaSvc - ok
22:45:09.0178 0x17a4 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
22:45:09.0189 0x17a4 NcbService - ok
22:45:09.0195 0x17a4 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
22:45:09.0204 0x17a4 NcdAutoSetup - ok
22:45:09.0244 0x17a4 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
22:45:09.0268 0x17a4 NDIS - ok
22:45:09.0301 0x17a4 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
22:45:09.0309 0x17a4 NdisCap - ok
22:45:09.0321 0x17a4 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
22:45:09.0336 0x17a4 NdisImPlatform - ok
22:45:09.0344 0x17a4 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:45:09.0357 0x17a4 NdisTapi - ok
22:45:09.0371 0x17a4 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:45:09.0381 0x17a4 Ndisuio - ok
22:45:09.0388 0x17a4 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:45:09.0398 0x17a4 NdisVirtualBus - ok
22:45:09.0411 0x17a4 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:45:09.0422 0x17a4 NdisWan - ok
22:45:09.0428 0x17a4 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:45:09.0439 0x17a4 NdisWanLegacy - ok
22:45:09.0456 0x17a4 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:45:09.0463 0x17a4 NDProxy - ok
22:45:09.0479 0x17a4 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
22:45:09.0487 0x17a4 Ndu - ok
22:45:09.0494 0x17a4 [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl64.sys
22:45:09.0500 0x17a4 Netaapl - ok
22:45:09.0504 0x17a4 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:45:09.0511 0x17a4 NetBIOS - ok
22:45:09.0517 0x17a4 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:45:09.0528 0x17a4 NetBT - ok
22:45:09.0540 0x17a4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
22:45:09.0548 0x17a4 Netlogon - ok
22:45:09.0563 0x17a4 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
22:45:09.0575 0x17a4 Netman - ok
22:45:09.0608 0x17a4 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
22:45:09.0624 0x17a4 netprofm - ok
22:45:09.0683 0x17a4 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:45:09.0700 0x17a4 NetTcpPortSharing - ok
22:45:09.0721 0x17a4 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
22:45:09.0733 0x17a4 netvsc - ok
22:45:09.0763 0x17a4 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
22:45:09.0780 0x17a4 NlaSvc - ok
22:45:09.0783 0x17a4 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:45:09.0804 0x17a4 Npfs - ok
22:45:09.0828 0x17a4 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
22:45:09.0835 0x17a4 npsvctrig - ok
22:45:09.0845 0x17a4 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
22:45:09.0854 0x17a4 nsi - ok
22:45:09.0869 0x17a4 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
22:45:09.0877 0x17a4 nsiproxy - ok
22:45:09.0944 0x17a4 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:45:09.0989 0x17a4 Ntfs - ok
22:45:10.0024 0x17a4 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
22:45:10.0031 0x17a4 Null - ok
22:45:10.0052 0x17a4 [ C87B11EB78428853F9E8495C47E53C10, FAE479DB0812967B3FF968773BA998591B4F50BE4329B8349BCA7E6EAB1B0474 ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys
22:45:10.0069 0x17a4 NVHDA - ok
22:45:10.0307 0x17a4 [ 5CE6B69D4E1BE1B4D95F86A439A82787, 11146B8F2B082C7C4D8A867E88EC0092DC94D59A6A6500C93531F787C228AC87 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
22:45:10.0481 0x17a4 nvlddmkm - ok
22:45:10.0507 0x17a4 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
22:45:10.0515 0x17a4 nvraid - ok
22:45:10.0526 0x17a4 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
22:45:10.0535 0x17a4 nvstor - ok
22:45:10.0557 0x17a4 NvStreamKms - ok
22:45:10.0612 0x17a4 [ FD317B3186017E8CC91DF7695768A700, 1605ABF3CCAFFEE85C7BE9FC5D057E40A2FD35C29644EBD38D54649EBE2D3C0A ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
22:45:10.0632 0x17a4 nvsvc - ok
22:45:10.0648 0x17a4 [ 1AF619620613869C07F9C147BC37520F, 0AD4E100354E201D5E72BA236C1464F5083A7E3B58C4AC6BA712489D258955F5 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
22:45:10.0653 0x17a4 nvvad_WaveExtensible - ok
22:45:10.0662 0x17a4 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
22:45:10.0669 0x17a4 nv_agp - ok
22:45:10.0769 0x17a4 [ 29B093BA6759118DB14AF41026385E03, 660176D122344A79E52FFD9FE3D32D1967D9B22BC4AD76549D839B09693D0713 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
22:45:10.0800 0x17a4 Origin Client Service - ok
22:45:10.0846 0x17a4 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
22:45:10.0868 0x17a4 p2pimsvc - ok
22:45:10.0895 0x17a4 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
22:45:10.0909 0x17a4 p2psvc - ok
22:45:10.0926 0x17a4 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
22:45:10.0934 0x17a4 Parport - ok
22:45:10.0947 0x17a4 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
22:45:10.0955 0x17a4 partmgr - ok
22:45:10.0986 0x17a4 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
22:45:11.0001 0x17a4 PcaSvc - ok
22:45:11.0009 0x17a4 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
22:45:11.0020 0x17a4 pci - ok
22:45:11.0033 0x17a4 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
22:45:11.0040 0x17a4 pciide - ok
22:45:11.0054 0x17a4 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
22:45:11.0062 0x17a4 pcmcia - ok
22:45:11.0069 0x17a4 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
22:45:11.0076 0x17a4 pcw - ok
22:45:11.0090 0x17a4 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
22:45:11.0098 0x17a4 pdc - ok
22:45:11.0131 0x17a4 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
22:45:11.0146 0x17a4 PEAUTH - ok
22:45:11.0213 0x17a4 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
22:45:11.0221 0x17a4 PerfHost - ok
22:45:11.0270 0x17a4 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
22:45:11.0299 0x17a4 pla - ok
22:45:11.0328 0x17a4 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
22:45:11.0344 0x17a4 PlugPlay - ok
22:45:11.0366 0x17a4 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
22:45:11.0386 0x17a4 PNRPAutoReg - ok
22:45:11.0397 0x17a4 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
22:45:11.0410 0x17a4 PNRPsvc - ok
22:45:11.0430 0x17a4 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
22:45:11.0444 0x17a4 PolicyAgent - ok
22:45:11.0453 0x17a4 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
22:45:11.0464 0x17a4 Power - ok
22:45:11.0479 0x17a4 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:45:11.0488 0x17a4 PptpMiniport - ok
22:45:11.0603 0x17a4 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:45:11.0648 0x17a4 PrintNotify - ok
22:45:11.0663 0x17a4 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
22:45:11.0671 0x17a4 Processor - ok
22:45:11.0699 0x17a4 [ C8D39A07CAD9EF1C86BD5D7CAC98DA54, 10146D1E023D9BC5B8CBAADE6A70D87A41BDABAA44D812B609C13563DF25527A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
22:45:11.0710 0x17a4 ProfSvc - ok
22:45:11.0728 0x17a4 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
22:45:11.0737 0x17a4 Psched - ok
22:45:11.0757 0x17a4 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
22:45:11.0770 0x17a4 QWAVE - ok
22:45:11.0786 0x17a4 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
22:45:11.0793 0x17a4 QWAVEdrv - ok
22:45:11.0803 0x17a4 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:45:11.0810 0x17a4 RasAcd - ok
22:45:11.0821 0x17a4 [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
22:45:11.0828 0x17a4 RasAgileVpn - ok
22:45:11.0853 0x17a4 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:45:11.0863 0x17a4 RasAuto - ok
22:45:11.0872 0x17a4 [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:45:11.0882 0x17a4 Rasl2tp - ok
22:45:11.0915 0x17a4 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:45:11.0931 0x17a4 RasMan - ok
22:45:11.0939 0x17a4 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:45:11.0948 0x17a4 RasPppoe - ok
22:45:11.0961 0x17a4 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
22:45:11.0969 0x17a4 RasSstp - ok
22:45:11.0989 0x17a4 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:45:12.0001 0x17a4 rdbss - ok
22:45:12.0032 0x17a4 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
22:45:12.0039 0x17a4 rdpbus - ok
22:45:12.0053 0x17a4 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
22:45:12.0064 0x17a4 RDPDR - ok
22:45:12.0088 0x17a4 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:45:12.0095 0x17a4 RdpVideoMiniport - ok
22:45:12.0101 0x17a4 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
22:45:12.0111 0x17a4 rdyboost - ok
22:45:12.0131 0x17a4 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
22:45:12.0151 0x17a4 ReFS - ok
22:45:12.0166 0x17a4 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:45:12.0177 0x17a4 RemoteAccess - ok
22:45:12.0203 0x17a4 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:45:12.0214 0x17a4 RemoteRegistry - ok
22:45:12.0229 0x17a4 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
22:45:12.0239 0x17a4 RpcEptMapper - ok
22:45:12.0250 0x17a4 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
22:45:12.0257 0x17a4 RpcLocator - ok
22:45:12.0291 0x17a4 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:45:12.0327 0x17a4 RpcSs - ok
22:45:12.0331 0x17a4 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:45:12.0341 0x17a4 rspndr - ok
22:45:12.0384 0x17a4 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
22:45:12.0399 0x17a4 RTL8168 - ok
22:45:12.0409 0x17a4 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
22:45:12.0415 0x17a4 s3cap - ok
22:45:12.0424 0x17a4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
22:45:12.0431 0x17a4 SamSs - ok
22:45:12.0446 0x17a4 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
22:45:12.0453 0x17a4 sbp2port - ok
22:45:12.0469 0x17a4 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
22:45:12.0481 0x17a4 SCardSvr - ok
22:45:12.0494 0x17a4 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
22:45:12.0505 0x17a4 ScDeviceEnum - ok
22:45:12.0516 0x17a4 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:45:12.0524 0x17a4 scfilter - ok
22:45:12.0571 0x17a4 [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:45:12.0596 0x17a4 Schedule - ok
22:45:12.0611 0x17a4 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
22:45:12.0621 0x17a4 SCPolicySvc - ok
22:45:12.0641 0x17a4 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
22:45:12.0650 0x17a4 sdbus - ok
22:45:12.0660 0x17a4 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
22:45:12.0668 0x17a4 sdstor - ok
22:45:12.0671 0x17a4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
22:45:12.0678 0x17a4 secdrv - ok
22:45:12.0691 0x17a4 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
22:45:12.0699 0x17a4 seclogon - ok
22:45:12.0706 0x17a4 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
22:45:12.0716 0x17a4 SENS - ok
22:45:12.0744 0x17a4 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
22:45:12.0756 0x17a4 SensrSvc - ok
22:45:12.0769 0x17a4 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
22:45:12.0776 0x17a4 SerCx - ok
22:45:12.0792 0x17a4 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
22:45:12.0800 0x17a4 SerCx2 - ok
22:45:12.0810 0x17a4 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
22:45:12.0817 0x17a4 Serenum - ok
22:45:12.0833 0x17a4 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
22:45:12.0842 0x17a4 Serial - ok
22:45:12.0867 0x17a4 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
22:45:12.0874 0x17a4 sermouse - ok
22:45:12.0909 0x17a4 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
22:45:12.0922 0x17a4 SessionEnv - ok
22:45:12.0925 0x17a4 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
22:45:12.0932 0x17a4 sfloppy - ok
22:45:12.0957 0x17a4 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:45:12.0971 0x17a4 SharedAccess - ok
22:45:12.0998 0x17a4 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:45:13.0015 0x17a4 ShellHWDetection - ok
22:45:13.0029 0x17a4 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:45:13.0036 0x17a4 SiSRaid2 - ok
22:45:13.0049 0x17a4 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
22:45:13.0065 0x17a4 SiSRaid4 - ok
22:45:13.0083 0x17a4 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
22:45:13.0094 0x17a4 smphost - ok
22:45:13.0105 0x17a4 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
22:45:13.0116 0x17a4 SNMPTRAP - ok
22:45:13.0136 0x17a4 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
22:45:13.0152 0x17a4 spaceport - ok
22:45:13.0161 0x17a4 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
22:45:13.0169 0x17a4 SpbCx - ok
22:45:13.0195 0x17a4 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
22:45:13.0214 0x17a4 Spooler - ok
22:45:13.0362 0x17a4 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
22:45:13.0472 0x17a4 sppsvc - ok
22:45:13.0491 0x17a4 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:45:13.0503 0x17a4 srv - ok
22:45:13.0520 0x17a4 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
22:45:13.0536 0x17a4 srv2 - ok
22:45:13.0542 0x17a4 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:45:13.0552 0x17a4 srvnet - ok
22:45:13.0567 0x17a4 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:45:13.0579 0x17a4 SSDPSRV - ok
22:45:13.0595 0x17a4 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
22:45:13.0605 0x17a4 SstpSvc - ok
22:45:13.0665 0x17a4 [ 97F839E8AEC48EE271509BF4BC764C24, 7B9B791E987ADC8991C128CD52CB253F295E41DF502BF8933DF388994E84560D ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
22:45:13.0678 0x17a4 STacSV - detected UnsignedFile.Multi.Generic ( 1 )
22:45:16.0053 0x17a4 Detect skipped due to KSN trusted
22:45:16.0053 0x17a4 STacSV - ok
22:45:16.0141 0x17a4 [ 7AE700179C4839F657D245319E234A06, 6EAEFE4A8CAF1A70F1BAD4DD457C6AEC080839542D4E5582376489800BE52E89 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:45:16.0169 0x17a4 Steam Client Service - ok
22:45:16.0213 0x17a4 [ 0E7DE141313312A701D625E98BCC4B53, 84FCF86B3E83F6715463647CC928D02230F7BA8261E162EC521F0361C46F3B9C ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:45:16.0223 0x17a4 Stereo Service - ok
22:45:16.0232 0x17a4 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
22:45:16.0238 0x17a4 stexstor - ok
22:45:16.0266 0x17a4 [ 7E89F65EB250463EE8665CFE19566FC3, 45849BAFA62E72A97103C5F02962D346D3F79DE9DB07297D1073FF355A506D9C ] STHDA C:\WINDOWS\system32\DRIVERS\stwrt64.sys
22:45:16.0281 0x17a4 STHDA - ok
22:45:16.0331 0x17a4 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
22:45:16.0357 0x17a4 stisvc - ok
22:45:16.0361 0x17a4 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
22:45:16.0368 0x17a4 storahci - ok
22:45:16.0385 0x17a4 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
22:45:16.0392 0x17a4 storflt - ok
22:45:16.0403 0x17a4 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
22:45:16.0410 0x17a4 stornvme - ok
22:45:16.0418 0x17a4 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
22:45:16.0427 0x17a4 StorSvc - ok
22:45:16.0436 0x17a4 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
22:45:16.0443 0x17a4 storvsc - ok
22:45:16.0449 0x17a4 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
22:45:16.0457 0x17a4 svsvc - ok
22:45:16.0484 0x17a4 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
22:45:16.0491 0x17a4 swenum - ok
22:45:16.0514 0x17a4 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
22:45:16.0532 0x17a4 swprv - ok
22:45:16.0563 0x17a4 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\WINDOWS\system32\sysmain.dll
22:45:16.0587 0x17a4 SysMain - ok
22:45:16.0621 0x17a4 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:45:16.0634 0x17a4 SystemEventsBroker - ok
22:45:16.0656 0x17a4 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:45:16.0677 0x17a4 TabletInputService - ok
22:45:16.0691 0x17a4 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:45:16.0703 0x17a4 TapiSrv - ok
22:45:16.0771 0x17a4 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
22:45:16.0816 0x17a4 Tcpip - ok
22:45:16.0862 0x17a4 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:45:16.0908 0x17a4 TCPIP6 - ok
22:45:16.0943 0x17a4 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
22:45:16.0950 0x17a4 tcpipreg - ok
22:45:16.0955 0x17a4 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
22:45:16.0963 0x17a4 tdx - ok
22:45:16.0981 0x17a4 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
22:45:16.0988 0x17a4 terminpt - ok
22:45:17.0034 0x17a4 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
22:45:17.0057 0x17a4 TermService - ok
22:45:17.0072 0x17a4 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
22:45:17.0081 0x17a4 Themes - ok
22:45:17.0102 0x17a4 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
22:45:17.0125 0x17a4 THREADORDER - ok
22:45:17.0157 0x17a4 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
22:45:17.0169 0x17a4 TimeBroker - ok
22:45:17.0184 0x17a4 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
22:45:17.0193 0x17a4 TPM - ok
22:45:17.0213 0x17a4 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
22:45:17.0223 0x17a4 TrkWks - ok
22:45:17.0256 0x17a4 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:45:17.0263 0x17a4 TrustedInstaller - ok
22:45:17.0276 0x17a4 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
22:45:17.0283 0x17a4 TsUsbFlt - ok
22:45:17.0306 0x17a4 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:45:17.0313 0x17a4 TsUsbGD - ok
22:45:17.0326 0x17a4 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
22:45:17.0336 0x17a4 tunnel - ok
22:45:17.0348 0x17a4 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
22:45:17.0355 0x17a4 uagp35 - ok
22:45:17.0365 0x17a4 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
22:45:17.0373 0x17a4 UASPStor - ok
22:45:17.0396 0x17a4 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
22:45:17.0404 0x17a4 UCX01000 - ok
22:45:17.0429 0x17a4 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
22:45:17.0439 0x17a4 udfs - ok
22:45:17.0448 0x17a4 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
22:45:17.0454 0x17a4 UEFI - ok
22:45:17.0476 0x17a4 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
22:45:17.0485 0x17a4 UI0Detect - ok
22:45:17.0497 0x17a4 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
22:45:17.0504 0x17a4 uliagpkx - ok
22:45:17.0506 0x17a4 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
22:45:17.0514 0x17a4 umbus - ok
22:45:17.0522 0x17a4 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
22:45:17.0529 0x17a4 UmPass - ok
22:45:17.0555 0x17a4 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
22:45:17.0568 0x17a4 UmRdpService - ok
22:45:17.0599 0x17a4 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:45:17.0613 0x17a4 UNS - ok
22:45:17.0636 0x17a4 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:45:17.0655 0x17a4 upnphost - ok
22:45:17.0669 0x17a4 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
22:45:17.0676 0x17a4 USBAAPL64 - ok
22:45:17.0682 0x17a4 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
22:45:17.0689 0x17a4 usbccgp - ok
22:45:17.0703 0x17a4 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
22:45:17.0711 0x17a4 usbcir - ok
22:45:17.0714 0x17a4 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
22:45:17.0722 0x17a4 usbehci - ok
22:45:17.0741 0x17a4 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
22:45:17.0754 0x17a4 usbhub - ok
22:45:17.0772 0x17a4 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
22:45:17.0786 0x17a4 USBHUB3 - ok
22:45:17.0816 0x17a4 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
22:45:17.0824 0x17a4 usbohci - ok
22:45:17.0829 0x17a4 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
22:45:17.0836 0x17a4 usbprint - ok
22:45:17.0855 0x17a4 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:45:17.0863 0x17a4 USBSTOR - ok
22:45:17.0873 0x17a4 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
22:45:17.0881 0x17a4 usbuhci - ok
22:45:17.0911 0x17a4 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:45:17.0922 0x17a4 USBXHCI - ok
22:45:17.0931 0x17a4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
22:45:17.0939 0x17a4 VaultSvc - ok
22:45:17.0967 0x17a4 VBoxAswDrv - ok
22:45:17.0970 0x17a4 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
22:45:17.0977 0x17a4 vdrvroot - ok
22:45:18.0015 0x17a4 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
22:45:18.0042 0x17a4 vds - ok
22:45:18.0047 0x17a4 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
22:45:18.0057 0x17a4 VerifierExt - ok
22:45:18.0078 0x17a4 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
22:45:18.0093 0x17a4 vhdmp - ok
22:45:18.0100 0x17a4 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
22:45:18.0106 0x17a4 viaide - ok
22:45:18.0117 0x17a4 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
22:45:18.0125 0x17a4 vmbus - ok
22:45:18.0135 0x17a4 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
22:45:18.0142 0x17a4 VMBusHID - ok
22:45:18.0181 0x17a4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:45:18.0208 0x17a4 vmicguestinterface - ok
22:45:18.0219 0x17a4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
22:45:18.0233 0x17a4 vmicheartbeat - ok
22:45:18.0244 0x17a4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:45:18.0258 0x17a4 vmickvpexchange - ok
22:45:18.0277 0x17a4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
22:45:18.0291 0x17a4 vmicrdv - ok
22:45:18.0301 0x17a4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
22:45:18.0315 0x17a4 vmicshutdown - ok
22:45:18.0325 0x17a4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
22:45:18.0339 0x17a4 vmictimesync - ok
22:45:18.0349 0x17a4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
22:45:18.0363 0x17a4 vmicvss - ok
22:45:18.0367 0x17a4 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
22:45:18.0375 0x17a4 volmgr - ok
22:45:18.0382 0x17a4 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
22:45:18.0394 0x17a4 volmgrx - ok
22:45:18.0414 0x17a4 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
22:45:18.0425 0x17a4 volsnap - ok
22:45:18.0437 0x17a4 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
22:45:18.0444 0x17a4 vpci - ok
22:45:18.0456 0x17a4 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
22:45:18.0465 0x17a4 vsmraid - ok
22:45:18.0515 0x17a4 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
22:45:18.0544 0x17a4 VSS - ok
22:45:18.0559 0x17a4 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
22:45:18.0569 0x17a4 VSTXRAID - ok
22:45:18.0590 0x17a4 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
22:45:18.0597 0x17a4 vwifibus - ok
22:45:18.0630 0x17a4 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
22:45:18.0644 0x17a4 W32Time - ok
22:45:18.0693 0x17a4 [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
22:45:18.0712 0x17a4 w3logsvc - ok
22:45:18.0726 0x17a4 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
22:45:18.0735 0x17a4 WacomPen - ok
22:45:18.0754 0x17a4 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] WANARP C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:45:18.0764 0x17a4 WANARP - ok
22:45:18.0767 0x17a4 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:45:18.0776 0x17a4 Wanarpv6 - ok
22:45:18.0810 0x17a4 [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
22:45:18.0824 0x17a4 WAS - ok
22:45:18.0888 0x17a4 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
22:45:18.0921 0x17a4 wbengine - ok
22:45:18.0936 0x17a4 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
22:45:18.0951 0x17a4 WbioSrvc - ok
22:45:18.0964 0x17a4 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
22:45:18.0978 0x17a4 Wcmsvc - ok
22:45:18.0997 0x17a4 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
22:45:19.0011 0x17a4 wcncsvc - ok
22:45:19.0024 0x17a4 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:45:19.0033 0x17a4 WcsPlugInService - ok
22:45:19.0047 0x17a4 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
22:45:19.0054 0x17a4 WdBoot - ok
22:45:19.0069 0x17a4 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
22:45:19.0086 0x17a4 Wdf01000 - ok
22:45:19.0101 0x17a4 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
22:45:19.0112 0x17a4 WdFilter - ok
22:45:19.0125 0x17a4 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
22:45:19.0135 0x17a4 WdiServiceHost - ok
22:45:19.0140 0x17a4 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
22:45:19.0169 0x17a4 WdiSystemHost - ok
22:45:19.0187 0x17a4 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:45:19.0195 0x17a4 WdNisDrv - ok
22:45:19.0217 0x17a4 WdNisSvc - ok
22:45:19.0239 0x17a4 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:45:19.0250 0x17a4 WebClient - ok
22:45:19.0275 0x17a4 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
22:45:19.0287 0x17a4 Wecsvc - ok
22:45:19.0301 0x17a4 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
22:45:19.0311 0x17a4 WEPHOSTSVC - ok
22:45:19.0328 0x17a4 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
22:45:19.0340 0x17a4 wercplsupport - ok
22:45:19.0346 0x17a4 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
22:45:19.0358 0x17a4 WerSvc - ok
22:45:19.0376 0x17a4 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
22:45:19.0384 0x17a4 WFPLWFS - ok
22:45:19.0395 0x17a4 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
22:45:19.0405 0x17a4 WiaRpc - ok
22:45:19.0417 0x17a4 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
22:45:19.0423 0x17a4 WIMMount - ok
22:45:19.0425 0x17a4 WinDefend - ok
22:45:19.0447 0x17a4 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:45:19.0466 0x17a4 WinHttpAutoProxySvc - ok
22:45:19.0531 0x17a4 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:45:19.0555 0x17a4 Winmgmt - ok
22:45:19.0684 0x17a4 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:45:19.0729 0x17a4 WinRM - ok
22:45:19.0757 0x17a4 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
22:45:19.0765 0x17a4 WinUsb - ok
22:45:19.0825 0x17a4 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
22:45:19.0854 0x17a4 WlanSvc - ok
22:45:19.0885 0x17a4 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
22:45:19.0915 0x17a4 wlidsvc - ok
22:45:19.0940 0x17a4 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
22:45:19.0947 0x17a4 WmiAcpi - ok
22:45:19.0970 0x17a4 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:45:19.0985 0x17a4 wmiApSrv - ok
22:45:19.0997 0x17a4 WMPNetworkSvc - ok
22:45:20.0012 0x17a4 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
22:45:20.0033 0x17a4 Wof - ok
22:45:20.0094 0x17a4 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
22:45:20.0125 0x17a4 workfolderssvc - ok
22:45:20.0134 0x17a4 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:45:20.0141 0x17a4 wpcfltr - ok
22:45:20.0159 0x17a4 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
22:45:20.0180 0x17a4 WPCSvc - ok
22:45:20.0195 0x17a4 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
22:45:20.0206 0x17a4 WPDBusEnum - ok
22:45:20.0213 0x17a4 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:45:20.0219 0x17a4 WpdUpFltr - ok
22:45:20.0226 0x17a4 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:45:20.0234 0x17a4 ws2ifsl - ok
22:45:20.0248 0x17a4 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
22:45:20.0259 0x17a4 wscsvc - ok
22:45:20.0261 0x17a4 WSearch - ok
22:45:20.0342 0x17a4 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
22:45:20.0407 0x17a4 WSService - ok
22:45:20.0510 0x17a4 [ 50CEC061C6D6FD2B9C89BECD08991CCB, 31EB1601426223E712C4E4AA29410EDFC81E020996A402BD3E850A2EAF127286 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
22:45:20.0567 0x17a4 wuauserv - ok
22:45:20.0591 0x17a4 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
22:45:20.0599 0x17a4 WudfPf - ok
22:45:20.0614 0x17a4 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
22:45:20.0635 0x17a4 WUDFRd - ok
22:45:20.0640 0x17a4 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\System32\drivers\WUDFRd.sys
22:45:20.0650 0x17a4 WUDFSensorLP - ok
22:45:20.0665 0x17a4 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
22:45:20.0675 0x17a4 wudfsvc - ok
22:45:20.0682 0x17a4 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
22:45:20.0691 0x17a4 WUDFWpdFs - ok
22:45:20.0696 0x17a4 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
22:45:20.0705 0x17a4 WUDFWpdMtp - ok
22:45:20.0733 0x17a4 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
22:45:20.0749 0x17a4 WwanSvc - ok
22:45:20.0777 0x17a4 [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22 C:\WINDOWS\System32\drivers\xusb22.sys
22:45:20.0785 0x17a4 xusb22 - ok
22:45:20.0788 0x17a4 ================ Scan global ===============================
22:45:20.0819 0x17a4 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
22:45:20.0831 0x17a4 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
22:45:20.0859 0x17a4 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
22:45:20.0881 0x17a4 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
22:45:20.0887 0x17a4 [ Global ] - ok
22:45:20.0887 0x17a4 ================ Scan MBR ==================================
22:45:20.0892 0x17a4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:45:20.0972 0x17a4 \Device\Harddisk0\DR0 - ok
22:45:20.0973 0x17a4 ================ Scan VBR ==================================
22:45:20.0998 0x17a4 [ A9FEB23E7752BD2E020B3C7884C2673D ] \Device\Harddisk0\DR0\Partition1
22:45:21.0037 0x17a4 \Device\Harddisk0\DR0\Partition1 - ok
22:45:21.0049 0x17a4 [ 0FD768DA065B9C05712FA373E9BA89BF ] \Device\Harddisk0\DR0\Partition2
22:45:21.0083 0x17a4 \Device\Harddisk0\DR0\Partition2 - ok
22:45:21.0097 0x17a4 [ 301177562C2958491787108707C7E8E1 ] \Device\Harddisk0\DR0\Partition3
22:45:21.0098 0x17a4 \Device\Harddisk0\DR0\Partition3 - ok
22:45:21.0102 0x17a4 [ 659E499A4B94211FEC492CBB11699FDA ] \Device\Harddisk0\DR0\Partition4
22:45:21.0140 0x17a4 \Device\Harddisk0\DR0\Partition4 - ok
22:45:21.0169 0x17a4 [ 6600625D0C21EAC5A51579C9C877B209 ] \Device\Harddisk0\DR0\Partition5
22:45:21.0171 0x17a4 \Device\Harddisk0\DR0\Partition5 - ok
22:45:21.0185 0x17a4 [ EF9AB4B286B4E8B8E1F1705515E62524 ] \Device\Harddisk0\DR0\Partition6
22:45:21.0188 0x17a4 \Device\Harddisk0\DR0\Partition6 - ok
22:45:21.0189 0x17a4 ================ Scan generic autorun ======================
22:45:21.0223 0x17a4 [ 49BD5663071AA799AC0B1E6B48EB9257, 39364B7E08C87545B4E48264509D73800FE5B0A76E34E0B169DA489895820B22 ] C:\Program Files\IDT\WDM\beats64.exe
22:45:21.0238 0x17a4 BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
22:45:23.0656 0x17a4 Detect skipped due to KSN trusted
22:45:23.0656 0x17a4 BeatsOSDApp - ok
22:45:23.0705 0x17a4 [ 94BFCE236D6340011721470E394056E3, 42A7808F6C53C268354E9E47F0689FE2B4717F61E97CBAA0ABF33E0275B908EF ] C:\Program Files\IDT\WDM\sttray64.exe
22:45:23.0732 0x17a4 SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
22:45:26.0105 0x17a4 Detect skipped due to KSN trusted
22:45:26.0105 0x17a4 SysTrayApp - ok
22:45:26.0153 0x17a4 [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
22:45:26.0167 0x17a4 CLMLServer_For_P2G8 - ok
22:45:26.0187 0x17a4 [ B35B97FC934A9A7D02232094128CD636, 08F9E36F7DB86325986712210DF1B235DAC4F76FB599D2756E863A9FAFEBD57B ] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
22:45:26.0198 0x17a4 CLVirtualDrive - ok
22:45:26.0218 0x17a4 [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
22:45:26.0233 0x17a4 amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
22:45:28.0578 0x17a4 Detect skipped due to KSN trusted
22:45:28.0578 0x17a4 amd_dc_opt - ok
22:45:28.0723 0x17a4 [ D6FE9E0F705794A86F87A01B222290EF, 92EE74775E39B6CC83C5B8D80239D7C475825057E31CC3A8D85D152FD77F7F8A ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
22:45:28.0807 0x17a4 AvastUI.exe - ok
22:45:28.0859 0x17a4 [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
22:45:28.0872 0x17a4 iTunesHelper - ok
22:45:28.0874 0x17a4 Web Companion - ok
22:45:28.0876 0x17a4 Waiting for KSN requests completion. In queue: 4
22:45:29.0876 0x17a4 Waiting for KSN requests completion. In queue: 4
22:45:30.0876 0x17a4 Waiting for KSN requests completion. In queue: 4
22:45:31.0877 0x17a4 Waiting for KSN requests completion. In queue: 4
22:45:32.0878 0x17a4 Waiting for KSN requests completion. In queue: 4
22:45:33.0878 0x17a4 Waiting for KSN requests completion. In queue: 4
22:45:34.0878 0x17a4 Waiting for KSN requests completion. In queue: 4
22:45:35.0878 0x17a4 Waiting for KSN requests completion. In queue: 4
22:45:36.0879 0x17a4 Waiting for KSN requests completion. In queue: 4
22:45:37.0923 0x17a4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
22:45:37.0935 0x17a4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2225.1172 ), 0x41000 ( enabled : updated )
22:45:37.0938 0x17a4 Win FW state via NFP2: enabled ( trusted )
22:45:40.0291 0x17a4 ============================================================
22:45:40.0291 0x17a4 Scan finished
22:45:40.0291 0x17a4 ============================================================
22:45:40.0302 0x14c8 Detected object count: 1
22:45:40.0302 0x14c8 Actual detected object count: 1
22:46:36.0961 0x14c8 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:46:36.0961 0x14c8 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
31.07.2015, 21:56
| #6 |
| /// TB-Ausbilder | PC infiziert ? Servus, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
31.07.2015, 22:29
| #7 |
| | PC infiziert ?Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.07.31.07
rootkit: v2015.07.30.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17905
optik :: TWINZ [administrator]
31.07.2015 23:10:32
mbar-log-2015-07-31 (23-10-32).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 395914
Time elapsed: 13 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
01.08.2015, 14:59
| #8 |
| /// TB-Ausbilder | PC infiziert ? Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
01.08.2015, 20:35
| #9 |
| | PC infiziert ?Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 01/08/2015 um 21:29:56
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-08-01.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : optik - TWINZ
# Gestarted von : C:\Users\optik\Desktop\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG SafeGuard toolbar
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\{f777e47b-c2e3-e008-f777-7e47bc2e91ef}
Ordner Gelöscht : C:\Program Files (x86)\bestadblocker
Ordner Gelöscht : C:\Program Files (x86)\TerminusKeeper
Ordner Gelöscht : C:\Program Files (x86)\CutTHePPriice
Ordner Gelöscht : C:\Program Files (x86)\CutThePrice
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\optik\AppData\Local\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\optik\AppData\Local\StormFall
Ordner Gelöscht : C:\Users\optik\AppData\Local\pokki
Ordner Gelöscht : C:\Users\optik\AppData\LocalLow\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\optik\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\optik\AppData\Roaming\IHlpr
Ordner Gelöscht : C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\Extensions\anttoolbar@ant.com
Datei Gelöscht : C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
Datei Gelöscht : C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\cebbd33f-8128-ac63-fd6d-72628fa2c2f8
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{32506309}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{829DD016-D322-481B-8BA3-10064B09EAC4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKCU\Software\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 de)
[p9jyse6p.default-1431195495895\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search");
*************************
AdwCleaner[R0].txt - [3053 Bytes] - [27/03/2015 15:07:07]
AdwCleaner[R1].txt - [8072 Bytes] - [01/08/2015 20:51:09]
AdwCleaner[S0].txt - [7601 Bytes] - [01/08/2015 21:29:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7660 Bytes] ##########
|
|
01.08.2015, 21:59
| #10 |
| /// TB-Ausbilder | PC infiziert ? Servus, fehlen noch die Logdateien von MBAM, JRT und FRST (2x). |
|
01.08.2015, 22:24
| #11 |
| | PC infiziert ?Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 01.08.2015 Suchlaufzeit: 21:50 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.06.03.03 Rootkit-Datenbank: v2015.07.30.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: optik Suchlauftyp: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 641451 Abgelaufene Zeit: 1 Std., 20 Min., 14 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 2 PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [410e3d791c6e5dd949b6f78925e0c63a], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [9db23d79d1b9d264738c0977b253827e], Registrierungswerte: 2 PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [410e3d791c6e5dd949b6f78925e0c63a] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [9db23d79d1b9d264738c0977b253827e] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 1 PUP.Optional.MultiPlug.Gen, C:\ProgramData\446827813616296075, In Quarantäne, [d17e278fd1b985b1690bdca2a75e04fc], Dateien: 4 PUP.Optional.MultiPlug.Gen, C:\ProgramData\446827813616296075\54c9f3794c8c5cc5deaa9c91cd97d1ea.ini, In Quarantäne, [d17e278fd1b985b1690bdca2a75e04fc], PUP.Optional.MultiPlug.Gen, C:\ProgramData\446827813616296075\7c568d1a94977c85deaa9c91cd97d1ea.ini, In Quarantäne, [d17e278fd1b985b1690bdca2a75e04fc], PUP.Optional.MultiPlug.Gen, C:\ProgramData\446827813616296075\a3925d8eb55fa4e0deaa9c91cd97d1ea.ini, In Quarantäne, [d17e278fd1b985b1690bdca2a75e04fc], PUP.Optional.MultiPlug.Gen, C:\ProgramData\446827813616296075\b5ecfdc98bd9d32fdeaa9c91cd97d1ea.ini, In Quarantäne, [d17e278fd1b985b1690bdca2a75e04fc], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
01.08.2015, 22:25
| #12 |
| /// TB-Ausbilder | PC infiziert ? Fehlen noch JRT und FRST (2x)...  |
|
01.08.2015, 22:38
| #13 |
| | PC infiziert ?Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8.1 x64
Ran by optik on 01.08.2015 at 23:28:40,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{08006F6F-39E7-45E2-B5E5-4EEEB31001F3}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{28B828F1-0533-40DC-842C-2A775DF3031E}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{2E68549A-062B-4F60-8617-CE5E6BA7F9FD}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{441F61A6-D66D-4B33-9E81-852F2CF50655}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{4F37BF1C-D6EC-420C-A0EA-1315A77FF001}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{5AAE758A-3ED9-4BAC-91E1-68A4F2F2C06A}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{7E43F9C7-D4EF-4918-90BE-D564C173E67D}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{BC98B11F-C84D-4E7A-AB56-2C2DA35C830F}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{CB1AC293-5640-47F6-A623-AB0F028AD77D}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{E3115294-A2A6-4DBB-B209-20167B2F99E3}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{F164BB52-A54E-4092-8489-114C73E04F85}
Successfully deleted: [Empty Folder] C:\Users\optik\Appdata\Local\{F8C06439-379A-49A9-B5AC-613A14ACA7DE}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.08.2015 at 23:33:31,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
durchgeführt von optik (Administrator) auf TWINZ (01-08-2015 23:36:13)
Gestartet von C:\Users\optik\Desktop
Geladene Profile: optik (Verfügbare Profile: optik)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-31] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
Startup: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GpuTemp.lnk [2014-05-15]
ShortcutTarget: GpuTemp.lnk -> C:\Users\optik\AppData\Roaming\Microsoft\Installer\{0FFA85AB-D704-48A6-A009-25A0559152C3}\_1168EA9E829EB9D5F56A58.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-31] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {8218E8BC-E228-4079-8CE7-6EA6CCCEA191} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-31] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-31] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Tcpip\..\Interfaces\{8FDBB051-95BF-412F-933F-373BC2F0A315}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF2A7DDF-191F-4DBA-9518-9620668B1B1F}: [NameServer] 62.109.121.2 62.109.121.1
FireFox:
========
FF ProfilePath: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895
FF NewTab: google.com
FF Homepage: google.com
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2461873215-4186745203-1289361242-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\optik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-17] (Unity Technologies ApS)
FF Extension: WOT - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-10]
FF Extension: Adblock Plus - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-12]
Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-31] (AVAST Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-30] (Electronic Arts)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) [Datei ist nicht signiert]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-27] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-31] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-09-24] (Microsoft Corporation)
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-01 23:33 - 2015-08-01 23:33 - 00002716 _____ C:\Users\optik\Desktop\JRT.txt
2015-08-01 23:25 - 2015-08-01 23:25 - 01798176 _____ (Malwarebytes Corporation) C:\Users\optik\Desktop\JRT.exe
2015-08-01 23:23 - 2015-08-01 23:23 - 00002425 _____ C:\Users\optik\Desktop\mbam.txt
2015-08-01 21:38 - 2015-08-01 23:23 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-01 21:38 - 2015-08-01 21:40 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-01 21:38 - 2015-08-01 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-08-01 21:38 - 2015-08-01 21:40 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-08-01 21:38 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-01 21:38 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-01 21:38 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-01 21:37 - 2015-08-01 21:37 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\optik\Desktop\mbam-setup-2.1.6.1022.exe
2015-08-01 20:49 - 2015-08-01 20:49 - 02248704 _____ C:\Users\optik\Desktop\AdwCleaner_4.208.exe
2015-07-31 23:10 - 2015-07-31 23:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-31 23:09 - 2015-07-31 23:28 - 00000000 ____D C:\Users\optik\Desktop\mbar
2015-07-31 23:08 - 2015-07-31 23:08 - 16502728 _____ (Malwarebytes Corp.) C:\Users\optik\Desktop\mbar-1.09.1.1004.exe
2015-07-31 22:43 - 2015-07-31 22:43 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\optik\Desktop\tdsskiller.exe
2015-07-31 22:40 - 2015-07-31 22:40 - 00043290 _____ C:\Users\optik\Desktop\Addition.txt
2015-07-31 22:39 - 2015-08-01 23:36 - 00014041 _____ C:\Users\optik\Desktop\FRST.txt
2015-07-31 22:39 - 2015-07-31 22:39 - 02168832 _____ (Farbar) C:\Users\optik\Desktop\FRST64.exe
2015-07-31 20:15 - 2015-07-31 20:15 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-31 20:15 - 2015-07-31 20:15 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-30 23:16 - 2015-07-30 23:16 - 00002243 _____ C:\Users\optik\Desktop\Amnesia Demo.lnk
2015-07-30 23:16 - 2015-07-30 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent Demo
2015-07-30 23:16 - 2015-07-30 23:16 - 00000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent Demo
2015-07-30 13:20 - 2015-07-30 13:20 - 00000000 ____D C:\Users\optik\AppData\Local\CEF
2015-07-28 19:58 - 2015-07-25 15:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-28 16:10 - 2015-07-28 16:10 - 00015883 _____ C:\Users\optik\AppData\Local\recently-used.xbel
2015-07-21 14:02 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 14:02 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 14:02 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 14:02 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-16 17:25 - 2015-07-16 17:25 - 00000000 ____D C:\Users\optik\AppData\Local\webkit
2015-07-15 00:49 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 00:49 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 00:48 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 00:48 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 00:48 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 00:48 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 00:48 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 00:48 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 00:48 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 00:48 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 00:48 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 00:48 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 00:48 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 00:48 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 00:48 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 00:48 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 00:48 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 00:48 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 00:48 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 00:48 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 00:48 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 00:48 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 00:48 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 00:48 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 00:48 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 00:48 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 00:48 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 00:48 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 00:48 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 00:48 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 00:48 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 00:48 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 00:48 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 00:48 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 00:48 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 00:48 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 00:48 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 00:48 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 00:48 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 00:48 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 00:48 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 00:48 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 00:48 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 00:48 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 00:48 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 00:48 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 00:48 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 00:48 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 00:48 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 00:48 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 00:48 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 00:48 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 00:48 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 00:48 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 00:48 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 00:48 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 00:48 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 00:48 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 00:48 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 00:48 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 00:48 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 00:48 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 00:48 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 00:48 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 00:48 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 00:48 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 00:48 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 00:48 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 00:48 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 00:48 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 00:48 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 00:48 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 00:48 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 00:48 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 00:48 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 00:48 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 00:48 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 00:48 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 00:48 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 00:48 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 00:48 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 00:48 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 00:48 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 00:48 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 00:48 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 00:48 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 00:48 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 00:48 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 00:48 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 00:48 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 00:48 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 00:48 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 00:48 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 00:48 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 00:48 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 00:48 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 00:48 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 00:48 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 00:48 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 00:48 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 00:48 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 00:48 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 00:48 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 00:48 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 00:48 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 00:48 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 00:48 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 00:48 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 00:48 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 00:48 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 00:48 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 00:48 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 00:48 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 00:48 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 00:48 - 2014-11-04 21:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-15 00:48 - 2014-11-04 21:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-15 00:48 - 2014-11-04 08:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-15 00:48 - 2014-11-04 08:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-15 00:48 - 2014-11-04 08:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-15 00:48 - 2014-11-04 08:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-15 00:47 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 00:47 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-03 23:29 - 2015-07-03 23:29 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2015-07-02 23:26 - 2015-07-02 23:26 - 00000000 ____D C:\Program Files (x86)\Silver Bird
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-01 23:36 - 2015-06-12 13:31 - 00000000 ____D C:\FRST
2015-08-01 23:29 - 2014-10-27 15:20 - 01397958 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-01 23:17 - 2014-11-19 23:49 - 00000000 ___RD C:\Users\optik\OneDrive
2015-08-01 23:17 - 2014-10-27 15:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-01 23:17 - 2013-08-22 16:46 - 00303325 _____ C:\WINDOWS\setupact.log
2015-08-01 23:17 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-01 23:16 - 2014-09-23 23:06 - 00155378 _____ C:\WINDOWS\PFRO.log
2015-08-01 23:16 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-01 23:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-01 22:53 - 2014-04-09 21:25 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-01 22:42 - 2014-11-04 22:52 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09DED0F7-12EB-4DA8-8F2B-74E93CB86259}
2015-08-01 22:36 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-01 22:15 - 2014-04-09 20:03 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2461873215-4186745203-1289361242-1001
2015-08-01 21:36 - 2014-06-12 13:29 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-08-01 21:30 - 2015-06-03 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-01 21:30 - 2015-03-27 15:07 - 00000000 ____D C:\AdwCleaner
2015-08-01 21:30 - 2014-04-29 08:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-01 11:50 - 2014-04-09 20:25 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-01 00:25 - 2014-04-09 21:03 - 00000000 ____D C:\ProgramData\Origin
2015-07-31 20:15 - 2014-06-12 13:29 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-31 20:15 - 2014-06-12 13:29 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-31 14:48 - 2015-06-09 12:41 - 00000000 ____D C:\Users\optik\Desktop\dolphin-3.0-win64
2015-07-30 23:14 - 2014-04-09 20:47 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-30 16:03 - 2015-02-20 23:35 - 00000000 ____D C:\Users\optik\Desktop\Neuer Ordner (2)
2015-07-30 13:15 - 2014-04-09 21:03 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-30 13:14 - 2015-03-08 13:17 - 00000000 ____D C:\Users\optik\Desktop\Slender_v0_9_7
2015-07-29 23:22 - 2015-05-01 19:30 - 00000000 ____D C:\Users\optik\Desktop\engin raptexte
2015-07-29 20:31 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 16:17 - 2015-06-18 15:32 - 00000000 ____D C:\Users\optik\.gimp-2.8
2015-07-28 16:10 - 2015-06-18 15:34 - 00000000 ____D C:\Users\optik\AppData\Local\gtk-2.0
2015-07-26 16:38 - 2015-05-01 19:31 - 00000000 ____D C:\Users\optik\Desktop\ergün raptexte
2015-07-25 21:01 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-25 17:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-25 17:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-21 21:01 - 2013-08-22 16:44 - 00351464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-19 19:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-18 22:53 - 2014-12-06 19:26 - 00000000 ____D C:\Users\optik\AppData\Roaming\vlc
2015-07-15 02:53 - 2014-04-09 21:25 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-15 01:01 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-15 01:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-15 00:53 - 2014-12-13 22:55 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-15 00:53 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-15 00:52 - 2014-04-10 12:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-14 01:59 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-13 23:10 - 2014-09-24 09:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2014-09-24 09:46 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 01:01 - 2014-08-10 21:13 - 00000000 ____D C:\Users\optik\Desktop\Musik
2015-07-05 12:08 - 2015-03-17 12:20 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-04 18:06 - 2014-09-24 08:17 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-04 18:06 - 2014-09-24 07:43 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-04 18:06 - 2014-09-24 07:43 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-03 23:29 - 2015-06-09 00:14 - 00000000 ____D C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2015-07-03 23:26 - 2015-06-09 00:14 - 00000000 ____D C:\Users\optik\Desktop\Project64 1.6
2015-07-03 08:43 - 2014-04-10 12:06 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-02 23:01 - 2015-06-30 22:29 - 00000000 ____D C:\Users\optik\Desktop\Bewilder House
2015-07-02 23:01 - 2014-04-09 19:56 - 00000000 ____D C:\Users\optik\AppData\Local\VirtualStore
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2012-03-11 02:46 - 2012-03-11 02:46 - 0101888 _____ (W. Rolke) C:\Program Files (x86)\GpuTmp64.exe
2010-11-11 16:34 - 2014-12-10 16:29 - 0201728 _____ (Freebyte.com) C:\Program Files (x86)\hjsplit.exe
2007-04-27 11:06 - 2014-10-27 01:23 - 0148416 _____ (Macrovision Corporation) C:\Program Files (x86)\_setup.dll
2015-05-17 18:39 - 2015-05-17 18:39 - 0000122 _____ () C:\Users\optik\AppData\Roaming\profiles.ini
2015-07-28 16:10 - 2015-07-28 16:10 - 0015883 _____ () C:\Users\optik\AppData\Local\recently-used.xbel
2015-03-27 14:22 - 2015-04-08 20:27 - 0877747 ____N () C:\Users\optik\AppData\Local\Tempmusic.ogg
2014-04-09 19:57 - 2014-04-09 19:57 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\optik\setup.exe
Einige Dateien in TEMP:
====================
C:\Users\optik\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\optik\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\optik\AppData\Local\Temp\oi_{25F1DD8D-3F51-4AA2-B94E-01570A259D3B}.exe
C:\Users\optik\AppData\Local\Temp\proxy_vole9140169090359561381.dll
C:\Users\optik\AppData\Local\Temp\Quarantine.exe
C:\Users\optik\AppData\Local\Temp\SpOrder.dll
C:\Users\optik\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-01 22:15
==================== Ende von log ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-07-2015
durchgeführt von optik (2015-08-01 23:36:41)
Gestartet von C:\Users\optik\Desktop
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2461873215-4186745203-1289361242-500 - Administrator - Disabled)
Gast (S-1-5-21-2461873215-4186745203-1289361242-501 - Limited - Disabled)
optik (S-1-5-21-2461873215-4186745203-1289361242-1001 - Administrator - Enabled) => C:\Users\optik
UpdatusUser (S-1-5-21-2461873215-4186745203-1289361242-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Amnesia - The Dark Descent Demo (HKLM-x32\...\{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1) (Version: 1.0.0 - Frictional Games)
Among the Sleep Demo (HKLM-x32\...\Steam App 285540) (Version: - Krillbite Studio)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 13 Demo (HKLM-x32\...\{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 14 Demo (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}) (Version: 1.0.0.0 - Electronic Arts)
Free MP4 Video Converter version 5.0.37.327 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
GpuTemp (HKLM\...\{0FFA85AB-D704-48A6-A009-25A0559152C3}) (Version: 2.1 - WR-Tools)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
K-Lite Codec Pack 10.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6.1 - Project64)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Terrordrome_Final (HKLM-x32\...\{1EE65D14-6927-405F-A640-43ECBC9AB85C}) (Version: 2.9.5 - HuracanStudio)
Terrordrome_Final V2.9.5 (HKLM-x32\...\Terrordrome_Final V2.9.5) (Version: V2.9.5 - HuracanStudio)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version: - Digital Extremes)
Unity Web Player (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{9CF1512B-6019-4573-9466-57AA61960209}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
14-07-2015 01:57:58 Windows Update
21-07-2015 15:18:48 Windows Update
26-07-2015 15:39:08 avast! antivirus system restore point
29-07-2015 20:30:14 Windows Update
31-07-2015 20:14:37 avast! antivirus system restore point
01-08-2015 23:28:56 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {14622FD5-343E-43E2-AA67-CAA028E8E313} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {556D4D1B-901E-457B-9B46-6DF023CC136D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-31] (AVAST Software)
Task: {5E25D2EF-EC7A-48CB-89EF-50FE6C724C02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6A99E002-2095-4572-8F7D-0E9D1C8581A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {8435C395-5D8F-49F4-A3F4-4BC9A83B33E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {9C207940-0D1F-40E8-AE96-65490CA4E91C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {CF3A84F4-F678-44B2-89B4-99AB02242275} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {F29078D9-C8A1-4E6C-8747-40828071D39D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-27 16:11 - 2014-10-27 16:11 - 00120224 _____ () C:\Users\optik\AppData\Local\assembly\dl3\4K796MHC.KKM\9BQW35LW.Q7P\98a9c14b\0017145d_cd85cd01\HPItunesModule.DLL
2015-07-31 20:15 - 2015-07-31 20:15 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-31 20:15 - 2015-07-31 20:15 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-01 21:33 - 2015-08-01 21:33 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15080101\algo.dll
2015-03-17 12:13 - 2015-03-17 12:13 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\optik\OneDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer trusted/restricted ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 62.109.121.2 - 62.109.121.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{1290F6E6-8A57-4451-BCC6-24FFC78A06AA}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [TCP Query User{EA2FE541-DC25-4B04-A2EE-18A47391A251}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [UDP Query User{DCC6B67A-69E0-447A-AF40-059D9DC9F1DB}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{4AA3DA39-96E4-47D0-ACC5-CCB39770F83C}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{22C48B7E-FC1D-4CBD-8655-843BEF3FE8CE}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [TCP Query User{29D859C4-9CEC-4EF4-9C1C-445AA912950F}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{E0C52C12-0B7D-4D13-8B4B-5D95F6D1D7AA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{23C45605-B5E2-47BE-9749-9040E171EBBA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{B00B1C5A-DDEB-4DEC-BB60-A04BF87F1B72}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{21686015-0057-491B-A66F-5E0553F736AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17A17685-47A0-44A1-A380-7DAD7EF24B88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{60A61EFA-3CD6-40A5-9884-D4D71E5352E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{0F639903-8662-4DA9-A009-1988624EBE1A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5DBEEF1B-0E0E-4F73-8C82-ED9DFF228538}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{A50DB810-DADB-406B-87FD-77C9EB03D6EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{C551166D-F754-4F4F-93DA-E861C2316BAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{04A8AD80-1190-4C5B-A31A-2976739D2A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{50414D68-36B5-43AC-AFA9-5FDBACCE44FD}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{513E52D3-344D-4D06-BB3B-F5FCB898E342}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{F23E50E8-86F1-4BF6-BE53-FA6261FF969B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{06190683-94A7-462C-BF33-D8DE9DC73EF4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{B8C67915-FB09-461D-8B0F-15100BFE3F89}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FB048A7-2D57-4DEC-BEF4-2DE7CE153CF3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19AC9963-0DC4-4BEB-89CC-6FB224855B5B}] => (Allow) LPort=1900
FirewallRules: [{983C26A4-90CE-410F-A263-AF7EABCB1DDF}] => (Allow) LPort=2869
FirewallRules: [{08BAF4BB-DCF6-40DB-9D02-087D68AFD9AD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7BD47BC4-620E-4102-BDFE-DAA8CC2A555C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E664925A-B83A-4530-AF72-7D1F0C0C86FD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1BDCB2FA-2DFC-423E-8A32-CD261B1B764D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7CB30C67-CFB7-41A5-899D-4EC999721796}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63876693-1A38-4BEC-B05A-76820122B8D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BB555E2E-D8A0-45AE-80D8-D9ACA41253DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{1E1D9492-6244-4E47-AD58-427636C1C737}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{FB64C4F3-7FAF-4A54-BCF1-97B1449BA50C}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [TCP Query User{CF791C29-ABDE-49EE-8553-A641960F5725}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B2D8C3C5-41BF-472E-895E-6325AF6172A9}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{4974F657-632B-4F17-8A30-71778DA2F2E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6542C786-4B80-4CBA-A5D4-1EAFC15B26E1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{444F1D2F-FBA1-4D3B-AD76-198DD0275822}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{8DF48FCA-561F-4A04-997E-272C9FA7BFAD}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{FFE1247B-468B-4247-A102-7D40160DA777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C739E9C-9BED-468A-A397-73B5B40D9067}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CFD6A1A-6EA0-4B8E-9F0C-D376CE31378F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{9A55A05A-E229-4A83-AF7C-D6FC783C3A08}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{52C3CB11-4EFF-4109-B303-3AC95DDB4831}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{B4863902-1E2A-4702-B24F-1A637AE58BAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{B85DF138-37D2-442B-A5FF-6F8E2A479346}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{38A5CF0A-38C0-49EA-9E13-B65F17FF964F}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{91223428-1506-4680-B804-8DBBFA875CAF}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [{A9DDB4AB-32D0-45E3-9D90-47B29DC1F0A8}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [TCP Query User{36457055-BC5F-43FD-B562-2CF06564AC71}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{100CAA9B-2EAB-4E0B-938E-14F1DA41E817}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{F5BB8811-A98A-4CEF-87D5-B0250828F215}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [{003784FA-4A0A-4779-9248-A38655C9730C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [{40F0B428-45BA-4397-BE4E-D60D007BC4E9}] => (Allow) LPort=53000
FirewallRules: [{7EE81BD6-7A68-408E-8D2B-E7065A5D8F38}] => (Allow) LPort=52000
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/01/2015 12:15:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15438
Error: (08/01/2015 12:15:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15438
Error: (08/01/2015 12:15:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/01/2015 12:26:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15406
Error: (08/01/2015 12:26:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15406
Error: (08/01/2015 12:26:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15485
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15485
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2015 03:43:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemSettings.exe, Version 6.3.9600.17489 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c7c
Startzeit: 01d0cb96c4be3477
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
Berichts-ID: 1154494c-378a-11e5-bea9-b4b52fc7a0fe
Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel
Systemfehler:
=============
Error: (08/01/2015 11:30:22 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (08/01/2015 11:30:21 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (08/01/2015 11:30:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/01/2015 11:30:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2015 11:30:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2015 11:30:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/01/2015 11:30:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/01/2015 11:30:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2015 11:30:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2015 11:30:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (08/01/2015 12:15:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15438
Error: (08/01/2015 12:15:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15438
Error: (08/01/2015 12:15:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/01/2015 12:26:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15406
Error: (08/01/2015 12:26:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15406
Error: (08/01/2015 12:26:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15485
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15485
Error: (07/31/2015 03:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2015 03:43:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe6.3.9600.17489c7c01d0cb96c4be34774294967295C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe1154494c-378a-11e5-bea9-b4b52fc7a0fewindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
CodeIntegrity:
===================================
Date: 2015-07-28 13:23:48.269
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:11.429
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:11.085
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:10.788
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:10.585
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:10.178
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:09.897
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:06.741
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:06.569
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-13 22:14:06.319
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8147.35 MB
Available physical RAM: 6009.34 MB
Total Virtual: 8547.35 MB
Available Virtual: 6295.05 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1849.89 GB) (Free:1518.42 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.33 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 59A27AD7)
Partition: GPT Partition Type.
==================== Ende von log ============================
|
|
02.08.2015, 08:47
| #14 |
| /// TB-Ausbilder | PC infiziert ? Es wurde schon etwas Adware entfernt. Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
FF Keyword.URL:
C:\Users\optik\setup.exe
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
02.08.2015, 11:02
| #15 |
| | PC infiziert ?Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-07-2015
durchgeführt von optik (2015-08-02 11:50:35) Run:2
Gestartet von C:\Users\optik\Desktop
Geladene Profile: optik (Verfügbare Profile: optik)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
FF Keyword.URL:
C:\Users\optik\setup.exe
RemoveProxy:
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKLM\SOFTWARE\Policies\Google => Schlüssel nicht gefunden.
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Schlüssel nicht gefunden.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Schlüssel nicht gefunden.
Firefox Keyword.URL erfolgreich entfernt
"C:\Users\optik\setup.exe" => Datei/Ordner nicht gefunden.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
EmptyTemp: => 77.4 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden..
==== Ende von Fixlog 11:50:49 ====
|
|
| Themen zu PC infiziert ? |
| bitte um hilfe, brauch, danke, eingefangen, gefangen, gen, glaube, hilfe, infiziert, lädt, nicht sicher, pc infiziert, programme, öffnen |
Linear-Darstellung
